Answered step by step
Verified Expert Solution
Question
1 Approved Answer
UNIX: The following is a mock-up of a Nginx web server access log. There are a few entries that might indicate someone is searching for
UNIX:
The following is a mock-up of a Nginx web server access log. There are a few entries that might indicate someone is searching for an attack vector. Write a command that will do all of the wollowing;
- Read the lines from a file
- Use a single regular expression to find all lines where; Someone tried to access a file starting with a period (example ".htaccess") OR Someone attempted to open one of; "php.ini" or "wp.conf" OR Someone tried to retrieve a parent directory (example ".." somewhere in the URL)
- Output a list of IP addresses without duplicates
access.log
10.10.38.12 - - [25/Aug/2018:00:13:00] "GET https://picard.zone/index.html (Links to an external site.)Links to an external site. HTTP/1.1 200 Mozilla/.05" 12.10.38.12 - - [25/Aug/2018:00:14:18] "GET https://picard.zone/catalog.html (Links to an external site.)Links to an external site.?id=5 200 Mozilla/5.0" 64.34.88.11 - - [25/Aug/2018:00:15:20] "GET https://picard.zone/catalog.html (Links to an external site.)Links to an external site.?id=30 200 Mozilla/5.0" 51.85.91.44 - - [25/Aug/2018:00:16:33] "GET https://picard.zone/ (Links to an external site.)Links to an external site.specials/coupon.php 500 Mozilla/5.0" 1.1.1.1 - - [25/Aug/2018:00:16:40] "GET https://picard.zone/ (Links to an external site.)Links to an external site.specials/.htaccess 500 Mozilla/5.0" 1.1.1.1 - - [25/Aug/2018:00:16:44] "GET https://picard.zone/ (Links to an external site.)Links to an external site.specials/.settings 500 Mozilla/5.0" 192.168.1.100 - - [25/Aug/2018:00:16:50] "GET https://picard.zone/ (Links to an external site.)Links to an external site.specials/wp.conf 500 Mozilla/5.0" 192.168.1.100 - - [25/Aug/2018:00:16:55] "GET https://picard.zone/ (Links to an external site.)Links to an external site.specials/../settings.py 500 Mozilla/5.0" 4.2.2.2 - - [25/Aug/2018:00:16:58] "GET https://picard.zone/ (Links to an external site.)Links to an external site.specials/php.ini 500 Mozilla/5.0" 11.22.33.44 - - [25/Aug/2018:00:17:42] "GET https://picard.zone/ (Links to an external site.)Links to an external site.finish.php 200 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:18:01] "GET https://picard.zone/ (Links to an external site.)Links to an external site.settings.html 200 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:19:12] "GET https://picard.zone/catalog.html (Links to an external site.)Links to an external site.?id=5 200 Mozilla/5.0" 12.34.56.87 - - [25/Aug/2018:00:20:11] "GET https://picard.zone/ (Links to an external site.)Links to an external site.privacy.py 200 Mozilla/5.0" 10.10.38.12 - - [25/Aug/2018:00:13:38] "GET https://picard.zone/index.html (Links to an external site.)Links to an external site. HTTP/1.1 404 Mozilla/.05"
HINT: The lines you are interested in are in bold; lines 5 to 9. HINT: In your terminal, create a new file called 'access.log' and copy-paste the above lines into it HINT: You will likely need to use; cut, uniq and grep in your command
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started