Current Path : /opt/zabbix_scripts/ |
|
Current File : //opt/zabbix_scripts/check_accesslog_cpanel.sh |
#!/bin/bash
##############################################################
# Icinga MailQ alert for Access log audit for POST requests in cPanel servers. #
# Author : Priya Agni #
##############################################################
ACCESSLOG=$(for i in `find /home/*/access-logs/ -type f ! -name "ftp.*" -mmin -70 `; do awk -v DATE=$(date +"%d.%b.%Y:%H" -d "1 hour ago") '$4~DATE && $6~/"POST/ && $7!~/admin-ajax.php|wp-cron.php/ && $9~200 {print FILENAME}' $i|sort |uniq -c; done |sort -n |awk 'BEGIN { ORS=", " }; {if($1>100) {split($2,domain,"/"); print domain[5]}}')
if [[ -n "$ACCESSLOG" ]]; then
echo "WARNING: Too many POST requests to : $ACCESSLOG"
exit 1
else
echo "OK: Normal POST requests to domains!"
exit 0
fi
Copyright 2K16 - 2K18 Indonesian Hacker Rulez