I have completed Part 1 and if you finish part 2 soon enough I will do the 800 word report. Just the coding I need really.
PART 2 - Python Scripting
Produce a working program, with verbose commentary, based on the following requirements:
Detailed Requirements:
You have been put in charge of administering a Linux system. You have been hacked and you need to identify how and who. To assist your investigation you will need to create a Python program.
You are required to create a Python program and that will parse the contents of the Apache log file and SSH log file, both found on Blackboard, and perform the following tasks:
1. Find how many attempts were made with thebin account.
2. If certain IP addresses have more than 30 failed attempts, create a blacklist file ([login to view URL]) and save the IP addresses within it.
3. Identify how many attacks were logged per hour.
4. Identify how many attacks were logged, per hour, per IP.
5. Compare the results from the Webserver’s log and those from the SSH logs and create a new text file with a new entry describing the correlation of both events.
6. Identify the credentials used to break into both systems and write a small paragraph on your findings/assumptions.
Note: An attack, in this case, will be anything that starts with a ‘Failed password for’.
i can send log files
I have experience in massive log file parsing and dataset matching in a Linux environment, using Python/Perl. With a few sample log files I can get started immediately.
I am an expert working on log management projects in full time job. I had worked on many SEIM products where in responsible for generating logs and then create rules/patterns to identify the occurrence of particular event. The products are mainly used for Security Audit, PCI, and HIPPA compliance.
I can write program using Python+Regex to accomplish the task.
I understand what you need and it sounds really interesting and motivating for me. I am skilled in python and would love to do this for you. My english is good and I am also available on skype. Looking forward to hearing from you.