# apache

REQ="/usr/sbin/httpd"

if [ -f "$REQ" ]; then

	LP="/etc/httpd/logs/error_log"
	TLOG_TF="apache-exploits"
	TRIG="1"
	MLOG=2500
	TMP="$INSPATH/tmp"

	# Uncomment this to reset counter
	#echo "1" > $INSPATH/tmp/$TLOG_TF.1
	#echo "1" > $INSPATH/tmp/$TLOG_TF.2
	#echo "1" > $INSPATH/tmp/$TLOG_TF.3
	#echo "1" > $INSPATH/tmp/$TLOG_TF.4

	echo "Scanning apache log for exploits..."

	EXPLOITS="SQuery/lib/armygame.php\|SQuery/gameSpy2.php\|VWar/includes/get_header.php\|kernel/loadkernel.php\|indexu/application.php\|libraries/comment/postComment.php\|add_forms/addbioform.php\|top.php\|example/inc/top.inc.php\|includes/functions_nomoketos_rules.php\|fcring.php\|includes/db_utils.php\|includes/attributes.php\|includes/resa_func.inc.php\|com_pccookbook/pccookbook.php\|com_multibanners/extadminmenus.class.php\|com_a6mambohelpdesk/admin.a6mambohelpdesk.php\|ubbthreads/addpost_newpoll.php\|adodbt/sql.php\|includes/dbal.php\|fclick/show.php\|phorum/common.php\|com_sitemap/sitemap.xml.php\|proxygrade.php\|shopdisplayproducts.asp\|actions/del.php\|downloadcounter.php\|get_session_vars.php\|functions.php?phpbb_root_path\|createemails.inc.php\|awstats.pl\|nofile.php\|admin/main.php\|mysql/main.php\|pma/main.php\|phpMyAdmin-?.?.?/main.php\|phpMyAdmin-?.?.?-???/main.php\|xmlrpc.php\|editfunc.inc.php"

	ARG_VAL1=`$TLOGP $LP $TLOG_TF.1 | tail -n $MLOG | grep -w error | grep -iw "Invalid method in request" | awk '{print$8":apache"}' | tr -d ']' > $TMP/.apache-exploits`
	ARG_VAL2=`$TLOGP $LP $TLOG_TF.2 | tail -n $MLOG | grep -w error | grep -iw "request without hostname" | awk '{print$8":apache"}' | tr -d ']' >> $TMP/.apache-exploits`
	ARG_VAL3=`$TLOGP $LP $TLOG_TF.3 | tail -n $MLOG | grep -w error | grep -iw "Options ExecCGI is off in this directory" | awk '{print$8":apache"}' | tr -d ']' >> $TMP/.apache-exploits`
	ARG_VAL4=`$TLOGP $LP $TLOG_TF.4 | tail -n $MLOG | grep -w error | grep -iw "File does not exist" | grep -i "$EXPLOITS" | awk '{print$8":apache"}' | tr -d ']' >> $TMP/.apache-exploits`
	ARG_VAL=`cat $TMP/.apache-exploits`

fi

