Aparche worm ログ切り出し

Date
2006-01-23 (Mon)
Category
Tech

サーバ管理を業者に委託することになったので、すぐには必要ではないのだけれども。デスクトップを整理していたら出てきたので、一応ここに置いておきます。

W32.HLLW.Gaobot.gen という worm がいます。Windows NT 系に感染してバックドアを開く奴らしいです。FreeBSD で動いている Apache には基本的には関係ないのですが、一回アクセスされると 32KB もの巨大なアクセスログを残してくれる、嬉しくない奴なので、ログからそれだけ切り出したい、というのが今回の目的です。

マンボウの雑文置き場』 という weblog があったのですが、今だけ?はネットから消失しているみたいです。。なので、Wayback Machine のリンクをば。【続2】撃滅!SEARCH /¥x90¥x02¥xb1ほにゃらら

一応念の為、というか別に是くらいならすぐ書けそうですが、まぁ一応。

erase_worm_log.sh

#!/bin/sh

TEMPFILE=`mktemp ERASE_LOG`
trap "rm ${TEMPFILE}" 1 2 3 10 12 15
TARGET=$1 # ファイル名は引数で与える
cat ${TARGET} | grep -v "SEARCH.¥/.x90.x02" > ${TEMPFILE}
mv ${TEMPFILE} ${TARGET}

moveapachelog.sh

#!/bin/sh

BZIP2="/usr/bin/bzip2"
PID=`cat /var/run/httpd.pid`
MAX_LOG_NUMBER=10 #ログの世代数
MAX_LOG_SIZE=50000000 #ログファイルサイズ

LOG_NAME="/var/log/httpd-access.log" #ログファイル名

FILE_SIZE=`ls -l ${LOG_NAME} | awk '{ print $5 }'`
if [ ${FILE_SIZE} -lt ${MAX_LOG_SIZE} ] ; then
exit
fi

CNT=`expr ${MAX_LOG_NUMBER} - 1 `

while [ ${CNT} -ge 1 ] ; do
CNT_NEW=`expr ${CNT} + 1 `
mv ${LOG_NAME}.${CNT}.bz2 ${LOG_NAME}.${CNT_NEW}.bz2
CNT=`expr ${CNT} - 1 `
done

mv ${LOG_NAME} ${LOG_NAME}.1
kill -HUP ${PID}

/root/bin/erase_worm_log.sh ${LOG_NAME}.1 #SEARCH..を削除

${BZIP2} ${LOG_NAME}.1

logger "apache log rotate." # syslogへ実行ログを出力

Comment:8

coach outlet online:2011-08-19 (Fri) 05:56

Now can be the perfect time to choose a Coach Outlet Online. With fall getting best suited right here in numerous of weeks, something are on the way to acquire on clearance. But this appears to turn out to be the way in which by which you can appear throughout a little something at you Coach Handbags Outlet on sale. mentor utilizes the most significant best brilliant quality of factors to manufacture their products. We are the best Coach Purses Outlet agents.Welcome to buy in our online shop.More discount for you.

Keisha:2011-08-19 (Fri) 16:27

I searhced a bunch of sites and this was the best.

vrriogrrajv:2011-08-20 (Sat) 10:08

OzXCsk dtwsswmrezbr

ecwupxchk:2011-08-25 (Thu) 10:48

AKhvSZ fbevsbyswdep

Diablo 3 power leveling:2011-09-20 (Tue) 04:10

After mediation by the customer plus 130intersecting horizontal throughout the thousand and I love the table as a lifes .

replica watch:2011-09-23 (Fri) 23:28

one of the few high end handbagwith color matching subdials markers and handsimportant because of protection and shielding the.

Microsoft Outlook:2011-10-31 (Mon) 23:11

This article is GREAT it shows how misleading NFL ranks and stats can be EXCELLENT JOB and what a great tool!

ugg boots clearance:2011-11-15 (Tue) 02:59

QLUJOYQCC1F5HTFKEL
Young girls all have a crush on wearing the cheap ugg boots

Comment Form

Remember Me?


Trackback:0

TrackBack URL for this entry
http://blogs.grf-design.com/mt/mt-tb.cgi/133
Listed below are links to weblogs that reference
Aparche worm ログ切り出し from The Croton

Return to Page Top