Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if( !isset($_FILES['log']) ) {
- echo "<h3>Examinar logs de Apache (access.log)</h3>\n";
- echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\">\n";
- echo "Archivo de Log: <input type=\"file\" name=\"log\">\n";
- echo "<input type=\"submit\" value=\"Enviar\">\n";
- echo "</form>\n";
- exit();
- }
- require_once 'IDS/Init.php';
- try {
- $init = IDS_Init::init('IDS/Config/Config.ini.php');
- $init->config['General']['base_path'] = 'IDS/';
- $init->config['General']['use_base_path'] = true;
- $init->config['Caching']['caching'] = 'none';
- } catch (Exception $e) {
- printf('An error occured: %s',$e->getMessage());
- exit();
- }
- $fdesc = fopen($_FILES['log']['tmp_name'], 'r');
- if(!$fdesc) {
- echo "<p>Error al abrir el fichero de log</p>";
- exit();
- }
- $linea = fgets($fdesc);
- $nlinea = 0;
- while( $linea ) {
- $nlinea++;
- $patron = '/^([^ ]+) [^ ]+ [^ ]+ \[([^\]]+)\] "((?:[^"]*(?:\\\")*[^"]*)*)" ([^ ]+) ([^ ]+) "((?:[^"]*(?:\\\")*[^"]*)*)" "((?:[^"]*(?:\\\")*[^"]*)*)"\n$/';
- $matches = array();
- preg_match($patron, $linea, $matches);
- if(count($matches) != 8) {
- echo "<p>Error al parsear la linea $nlinea</p>\n";
- $linea = fgets($fdesc);
- continue;
- }
- $ipaddr = $matches[1];
- $datetime = $matches[2];
- $httpreq = stripslashes($matches[3]);
- $status = $matches[4];
- $resplen = $matches[5];
- $referer = stripslashes($matches[6]);
- $useragent = stripslashes($matches[7]);
- $patron = '/^([^ ]+) ([^ ]+) ([^ ]+)$/';
- $matches = array();
- preg_match($patron, $httpreq, $matches);
- if(count($matches) != 4) {
- echo "<p>Error al parsear la solicitud HTTP en la linea $nlinea</p>\n";
- $linea = fgets($fdesc);
- continue;
- }
- $method = $matches[1];
- $resource = $matches[2];
- $version = $matches[3];
- $partes = explode('?', $resource, 2);
- if(count($partes) == 2) {
- $uri = $partes[0];
- $params = explode('&', $partes[1]);
- $get = array();
- foreach($params as $param) {
- $aux = explode('=', $param, 2);
- if( count($aux) == 2) {
- $varname = urldecode($aux[0]);
- $varvalue = urldecode($aux[1]);
- $get[$varname] = $varvalue;
- }
- }
- $ids = new IDS_Monitor($get, $init);
- $result = $ids->run();
- if (!$result->isEmpty()) {
- echo "<div style=\"font-size:0.8em;font-family:sans-serif;border:solid 1px #AAA;padding:10px;margin:10px;\">\n";
- echo "<h3 style=\"color:red;\">Ataque Detectado</h3>\n";
- echo "<p>\n";
- echo "<b>IP de origen:</b> $ipaddr<br/>\n";
- echo "<b>Fecha/Hora:</b> $datetime<br/>\n";
- echo "<b>Recurso:</b> " . htmlspecialchars($resource) . "<br/>\n";
- echo "<b>Código de respuesta:</b> $status<br/>\n";
- echo "<b>User-Agent:</b> " . htmlspecialchars($useragent) . "<br/>\n";
- echo "<b>Referer:</b> " . htmlspecialchars($referer) . "<br/>\n";
- echo "<b>Nro. de Línea:</b> $nlinea<br/>\n";
- echo "</p><p><b>Detalle:</b><br/>\n";
- echo $result;
- echo "</p></div>\n";
- }
- }
- $linea = fgets($fdesc);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement