ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:
network security
system management
troubleshooting
performance tuning
virtualization
cloud computing
on Windows, Linux, Solaris, and popular varieties of Unix.
Romain Gaucher, a specialist in web security, offers his Scalp tool in version 0.4. The log analyzer searches for attacks on Apache web applications.
Scalp’s Python script uses regular expressions of the PHP Intrusion Detection System (PHPIDS) project that monitors attacks on PHP applications. Methods used include cross-site scripting (XSS), cross-site request forgery (CSRF) and SQL injection. Because the Apache web server in its standard form does not employ POST request variables, it can detect only GET request attacks.
The tool outputs its results as a report in text, XML or HTML format (here an example).
Scalp can sort its search results by type of attack, as a formatted HTML page.
In its standard form, the script can handle Apache logs of more than 100 megabytes without a problem, according to Gaucher. Limiting the analysis to a timeframe and a particular type of attack can further reduce the search time for large data sets. The program also allows spot checks in large log files.
The tool consists of a single Python script. Users will also need to download a default filter file. Both are available on the project home page.
Romain Gaucher is currently working on a C++ version of his program.
Comments