#!/usr/bin/perl use strict; # reconfigure our $DocRoot = '/usr/local/www/data'; our $server_user = 'www'; our @dfiles = `find $DocRoot -user $server_user`; our $access = '/var/log/httpd-access.log'; our $logdir = '/tmp/nLP'; our $dsize_a = (stat($access))[7]; our $time = '2'; # seconds our $user_run_nLP = 'p0'; # not edit! if ($ARGV[0] eq 'on') { mkdir("/tmp/nLP",0777); open(ACCESS,"<$access") or die "$!"; my @dlist_a = ; close(ACCESS); while(sleep($time)) { my $msize_a = (stat($access))[7]; if ($msize_a > $dsize_a) { open(ACCESS,"<$access"); my @nlist_a; while() { push @nlist_a,$_ if /.UNION.|.SELECT.|$logdir/access.log"); print NLOG join "\n","@result" ? tty() : ''; close(NLOG); } my @nfiles = `find $DocRoot -user $server_user`; if (scalar @nfiles > (scalar(@dfiles))) { my (%hesh,@result,$i); push @result,"Detected new FILES :\n"; @hesh{@dfiles} = (); foreach $i (@nfiles) { push (@result,$i) unless exists $hesh{$i}; } open(NLOG,">$logdir/$server_user.new"); print NLOG join "\n","@result" ? tty() : ''; close(NLOG); } } } else {usage();} sub tty { my $tty; $tty = `tty`; open(XTERM, "|write $user_run_nLP $tty"); print XTERM "\n #! Detection errors !#\n\n"; close (XTERM); } sub usage { print q( -------------------------------------------- | nLP 0.99a - n4n0_Log_Parser | | c0d3 6y : n4n0bit (c) Hell Knights Crew | | h0m3 : http://hellknights.void.ru | | http://n4n0.narod.ru | | Us4g3 : ./nLP on | -------------------------------------------- ); }