migrate to git.charlotte.sh

2025-04-19 23:42:08 -04:00 · 2025-04-19 23:42:08 -04:00 · fbd588721e
commit fbd588721e
412 changed files with 13750 additions and 0 deletions
--- a/automation-sys320/week11/apacheLogMenu.bash
+++ b/automation-sys320/week11/apacheLogMenu.bash
@ -0,0 +1,115 @@
+#! /bin/bash
+
+#logFile="/var/log/apache2/access.log.1"
+logFile="access.txt"
+
+if [[ ! -f "${logFile}" ]]
+then
+    bash getLogs.bash
+fi
+
+function displayAllLogs(){
+	cat "$logFile"
+}
+
+function displayOnlyIPs(){
+    cat "$logFile" | cut -d ' ' -f 1 | sort -n | uniq -c
+}
+
+function displayOnlyPages(){
+    cat "$logFile" | cut -d ' ' -f 7 | sort -n | uniq -c
+}
+
+function frequentVisitors(){
+    histogram | awk '$1 > 10' #visits > 10
+}
+
+function suspiciousVisitors(){
+    cat "$logFile" | cut -d ' ' -f 1,7 | egrep -i -f IOC.txt | uniq -c
+}
+
+function histogram(){
+
+	local visitsPerDay=$(cat "$logFile" | cut -d " " -f 4,1 | tr -d '['  | sort \
+                              | uniq)
+	# This is for debugging, print here to see what it does to continue:
+	# echo "$visitsPerDay"
+
+        :> newtemp.txt  # what :> does is in slides
+	echo "$visitsPerDay" | while read -r line;
+	do
+		local withoutHours=$(echo "$line" | cut -d " " -f 2 \
+                                     | cut -d ":" -f 1)
+		local IP=$(echo "$line" | cut -d  " " -f 1)
+
+		local newLine="$IP $withoutHours"
+		echo "$IP $withoutHours" >> newtemp.txt
+	done
+	cat "newtemp.txt" | sort -n | uniq -c
+}
+
+# function: frequentVisitors:
+# Only display the IPs that have more than 10 visits
+# You can either call histogram and process the results,
+# Or make a whole new function. Do not forget to separate the
+# number and check with a condition whether it is greater than 10
+# the output should be almost identical to histogram
+# only with daily number of visits that are greater than 10
+
+# function: suspiciousVisitors
+# Manually make a list of indicators of attack (ioc.txt)
+# filter the records with this indicators of attack
+# only display the unique count of IP addresses.
+# Hint: there are examples in slides
+
+# Keep in mind that I have selected long way of doing things to
+# demonstrate loops, functions, etc. If you can do things simpler,
+# it is welcomed.
+
+while :
+do
+	echo "PLease select an option:"
+	echo "[1] Display all Logs"
+	echo "[2] Display only IPS"
+	echo "[3] Display only pages visited"
+	echo "[4] Histogram"
+	echo "[5] Frequent visitors"
+	echo "[6] Suspicious visitors"
+	echo "[7] Quit"
+
+	read userInput
+	echo ""
+
+	if [[ "$userInput" == "7" ]]; then
+		echo "Goodbye"
+		break
+
+	elif [[ "$userInput" == "1" ]]; then
+		echo "Displaying all logs:"
+		displayAllLogs
+
+	elif [[ "$userInput" == "2" ]]; then
+		echo "Displaying only IPS:"
+		displayOnlyIPs
+
+    elif [[ "$userInput" == "3" ]]; then
+	    echo "Displaying only pages visited:"
+        displayOnlyPages
+
+	elif [[ "$userInput" == "4" ]]; then
+		echo "Histogram:"
+		histogram
+
+    elif [[ "$userInput" == "5" ]]; then
+        echo "Displaying frequent visitors:"
+        frequentVisitors
+
+    elif [[ "$userInput" == "6" ]]; then
+        echo "Displaying suspicious visitors:"
+        suspiciousVisitors
+    else
+        echo "Invalid input [1-7 allowed]"
+        continue
+	fi
+done
+