The following is a mock-up of a Nginx web server access log. There are a few...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
The following is a mock-up of a Nginx web server access log. There are a few entries that might indicate someone is searching for an attack vector. Write a command that will do all of the wollowing; 1. Read the lines from a file 2. Use a single regular expression to find all lines where; Someone tried to access a file starting with a period (example ".htaccess") OR Someone attempted to open one of; "php.ini" or "wp.conf" OR Someone tried to retrieve a parent directory (example ".." somewhere in the URL) 3. Output a list of IP addresses without duplicates access.log 10.10.38.12 - - [25/Aug/2018:00:13:00] "GET https://picard.zone/index.html HTTP/ 1.1 200 Mozilla/.05" 12.10.38.12 - [25/Aug/2018:00:14:18] "GET https://picard.zone/catalog.html?id= 5 200 Mozilla/5.0" 64.34.88.11 - - [25/Aug/2018:00:15:20] "GET https://picard.zone/catalog.html?id= 30 200 Mozilla/5.0" 51.85.91.44 - [25/Aug/2018:00:16:33] "GET https://picard.zone/ Especials/coupon. php 500 Mozilla/5.0" 1.1.1.1 00 Mozilla/5.0" [25/Aug/2018:00:16:40] "GET https://picard.zone/ Especials/.htaccess 5 1.1.1.1 - - [25/Aug/2018:00:16:44] "GET https://picard.zone/ Especials/.settings 5 00 Mozilla/5.0" 192.168.1.100 - - [25/Aug/2018:00:16:50] "GET https://picard.zone/ Especials/wp.co nf 500 Mozilla/5.0" 192.168.1.100 - [25/Aug/2018: 00:16:55] "GET https://picard.zone/ Especials/../se ttings.py 500 Mozilla/5.0" 4.2.2.2 - - [25/Aug/2018:00:16:58] "GET https://picard.zone/ Especials/php.ini 500 Mozilla/5.0" 11.22.33.44 - - [25/Aug/2018:00:17:42] "GET https://picard.zone/ finish.php 200 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:18:01] "GET https://picard.zone/settings.html 20 0 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:19:12] "GET https://picard.zone/catalog.html E?id= 5 200 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:20:11] "GET https://picard.zone/privacy.py 200 Mozilla/5.0" 10.10.38.12 - [25/Aug/2018:00:13:38] "GET https://picard.zone/index.html HTTP/ 1.1 404 Mozilla/.05" HINT: The lines you are interested in are in bold; lines 5 to 9. HINT: In your terminal, create a new file called 'access.log' and copy-paste the above lines into it HINT: You will likely need to use; cut, uniq and grep in your command The following is a mock-up of a Nginx web server access log. There are a few entries that might indicate someone is searching for an attack vector. Write a command that will do all of the wollowing; 1. Read the lines from a file 2. Use a single regular expression to find all lines where; Someone tried to access a file starting with a period (example ".htaccess") OR Someone attempted to open one of; "php.ini" or "wp.conf" OR Someone tried to retrieve a parent directory (example ".." somewhere in the URL) 3. Output a list of IP addresses without duplicates access.log 10.10.38.12 - - [25/Aug/2018:00:13:00] "GET https://picard.zone/index.html HTTP/ 1.1 200 Mozilla/.05" 12.10.38.12 - [25/Aug/2018:00:14:18] "GET https://picard.zone/catalog.html?id= 5 200 Mozilla/5.0" 64.34.88.11 - - [25/Aug/2018:00:15:20] "GET https://picard.zone/catalog.html?id= 30 200 Mozilla/5.0" 51.85.91.44 - [25/Aug/2018:00:16:33] "GET https://picard.zone/ Especials/coupon. php 500 Mozilla/5.0" 1.1.1.1 00 Mozilla/5.0" [25/Aug/2018:00:16:40] "GET https://picard.zone/ Especials/.htaccess 5 1.1.1.1 - - [25/Aug/2018:00:16:44] "GET https://picard.zone/ Especials/.settings 5 00 Mozilla/5.0" 192.168.1.100 - - [25/Aug/2018:00:16:50] "GET https://picard.zone/ Especials/wp.co nf 500 Mozilla/5.0" 192.168.1.100 - [25/Aug/2018: 00:16:55] "GET https://picard.zone/ Especials/../se ttings.py 500 Mozilla/5.0" 4.2.2.2 - - [25/Aug/2018:00:16:58] "GET https://picard.zone/ Especials/php.ini 500 Mozilla/5.0" 11.22.33.44 - - [25/Aug/2018:00:17:42] "GET https://picard.zone/ finish.php 200 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:18:01] "GET https://picard.zone/settings.html 20 0 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:19:12] "GET https://picard.zone/catalog.html E?id= 5 200 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:20:11] "GET https://picard.zone/privacy.py 200 Mozilla/5.0" 10.10.38.12 - [25/Aug/2018:00:13:38] "GET https://picard.zone/index.html HTTP/ 1.1 404 Mozilla/.05" HINT: The lines you are interested in are in bold; lines 5 to 9. HINT: In your terminal, create a new file called 'access.log' and copy-paste the above lines into it HINT: You will likely need to use; cut, uniq and grep in your command
Expert Answer:
Related Book For
Accounting Information Systems
ISBN: 978-1133935940
10th edition
Authors: Ulric J. Gelinas, Richard B. Dull
Posted Date:
Students also viewed these algorithms questions
-
For each transaction, indicate in which journal it should be recorded. Sales Journal Cash Receipts Journal Purchases Journal Cash Payments Journal General Journal Returned products to a supplier....
-
Developments in Technology Light is incident from air on the end face of a multimode optical fibre at angle of incidence as shown below. n n 1 2 The refractive indices of the core and cladding are...
-
2) A parallel plate capacitor is used to build an accelerometer. It senses movement by allowing one plate to slip with respect to the other, so that the area of overlap of the plates varies from ten...
-
Iceland, so named to discourage conquest by expanding empires, is not at all ice covered, like Greenland and parts of Siberia, even though it is not far from the Arctic Circle. The average winter...
-
In an integrated bookkeeping system, when the actual production overheads exceed the absorbed production overheads, the accounting entries to close off the production overhead account at the end of...
-
A hot, 0.5-m-diameter, 35 -mm-thick aluminum alloy disk is quenched from an initial temperature of \(T_{i}=\) \(400^{\circ} \mathrm{C}\) in a large oil bath of temperature \(T_{\infty}=35^{\circ}...
-
Natural Care Corp., a distributor of natural cosmetics, is ready to begin its third quarter, in which peak sales occur. The company has requested a $60,000, 90-day loan from its bank to help meet...
-
An x-ray machine uses a high frequency circuit. For one operating condition, the input voltage and current for the high voltage transformer are V p = 271 V and I p = 60 A, which produces an x- ray...
-
Morrow Enterprises Inc. manufactures bathroom fixtures. The stockholders' equity accounts of Morrow Enterprises Inc., with balances on January 1, 20Y5, are as follows: Common Stock, $20 stated value...
-
Let V be the volume of the solid that lies below the plane 3x-9y+z20 and above the rectangle R: (0,2]x(0,3] in the xy-plane. The estimate of V using Riemann sum with dividing R into 4 rectangles of...
-
1. Discount Banners pays $220,000 cash for a group purchase of land, building, and equipment. At the time of acquisition, the land has a market value of $75,000, the building $162,500, and the...
-
What are the strategic approaches employed to cultivate a culture of collaboration that transcends disciplinary boundaries ?
-
How does interdisciplinary collaboration facilitate the synthesis of disparate knowledge domains to address complex problems ?
-
Bruce Corporation makes four products in a single facility. These products have the following unit product costs: Products A B C D Direct materials $ 14.50 $ 10.40 $ 11.20 $ 10.80 Direct labor ...
-
provide missing calculations Input Area: Original Original Original Original Original Alternative 1 Alternative 1 Alternative 2 Alternative 2 Alternative 3 Alternative 3 Alternative 4 Alternative 4...
-
A few years ago there was a forestry company in Canada called Sino Forest. While the company was listed in the TSE, many of the forestry assets the company reported were not located in Canada. Fraud...
-
If M = 7, s = 2, and X = 9.5, what is z?
-
What is a model? How is modeling a database or information system useful and important from a business or accounting perspective?
-
Examine Figure which contains the REA model for Hera Industrial Supply (HIS). The model is partially completed; it includes all entities and relationships, but it does not include cardinalities or...
-
Choose ( or you instructor may designate) an ERP add- on module ( such as CRM, SCM, PLM, or SRM). Describe how Skullcandy ( or another organization selected by your instructor) might use the module...
-
Action Quest Games adjusts its accounts annually. The following information is available for the year ended December 31, 2025. 1. Purchased a 1-year insurance policy on June 1 for $1,800 cash. 2....
-
With each pass of a comet about the Sun, the comets mass (a) remains virtually unchanged. (b) actually increases. (c) is appreciably reduced.
-
Why is carbon such a special atom?
Study smarter with the SolutionInn App