Debian GNU / LinuxのApacheログはWindows実行可能ファイルを示しています
Logwatchを使用してサーバーログを監視しています。これはhttpdログセクションに表示されます。
19033 Windows executable files (502.53 MB)
これはDebianGNU/Linuxサーバーです。したがって、Windowsの実行可能ファイルであってはなりません。どちらも見つかりませんでした。これはある種の取り違えですか、それとも私が見逃しているものがありますか?
ログで見つけたのは次の行だけです。
[Sat Dec 11 22:13:00 2010] [error] [client 89.6.249.126] script not found or unable to stat: /usr/lib/cgi-bin/Perl.exe
[Sat Dec 11 22:13:01 2010] [error] [client 89.6.249.126] script not found or unable to stat: /usr/lib/cgi-bin/rguest.exe
[Sat Dec 11 22:13:10 2010] [error] [client 89.6.249.126] script not found or unable to stat: /usr/lib/cgi-bin/get32.exe
[Sun May 22 02:25:16 2011] [error] [client 2.119.20.33] Invalid URI in request GET /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
[Sun May 22 02:25:16 2011] [error] [client 2.119.20.33] Invalid URI in request GET /_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0
[Sun May 22 02:25:17 2011] [error] [client 2.119.20.33] Invalid URI in request GET /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
[Sun May 22 02:25:18 2011] [error] [client 2.119.20.33] Invalid URI in request GET /_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0
[Sun May 22 02:25:26 2011] [error] [client 2.119.20.33] Invalid URI in request GET /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0
[Sun May 22 02:25:29 2011] [error] [client 2.119.20.33] Invalid URI in request GET /bin/scripts/../../../../winnt/system32/cmd.exe /c+dir?/c+dir%20c:\\ HTTP/1.0
[Sun May 22 02:25:35 2011] [error] [client 2.119.20.33] Invalid URI in request GET /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
[Sun May 22 02:25:38 2011] [error] [client 2.119.20.33] Invalid URI in request GET /cgi-bin/../../../../winnt/system32/cmd.exe HTTP/1.0
[Sun May 22 02:25:56 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/ceilidh.exe
[Sun May 22 02:25:57 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/Cgitest.exe
[Sun May 22 02:26:02 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/cgimail.exe
[Sun May 22 02:26:09 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/cmd.exe
[Sun May 22 02:26:11 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/dbmlparser.exe
[Sun May 22 02:26:26 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/fpcount.exe
[Sun May 22 02:26:28 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/fpexplorer.exe
[Sun May 22 02:26:29 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/get32.exe
[Sun May 22 02:26:30 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/get32.exe\\dir
[Sun May 22 02:26:33 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/htimage.exe
[Sun May 22 02:26:36 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/fpexplore.exe
[Sun May 22 02:26:42 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/imagemap.exe
[Sun May 22 02:26:51 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/mailform.exe
[Sun May 22 02:27:11 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/Perl.exe
[Sun May 22 02:27:31 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/ppdscgi.exe
[Sun May 22 02:27:52 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/rguest.exe
[Sun May 22 02:28:26 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/visadmin.exe
[Sun May 22 02:28:27 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/visitor.exe
[Sun May 22 02:29:18 2011] [error] [client 2.119.20.33] File does not exist: /home/gg/www/cmd.exe
[Sun May 22 02:29:46 2011] [error] [client 2.119.20.33] script not found or unable to stat: /usr/lib/cgi-bin/visadmin.exe
[Sun May 22 02:30:12 2011] [error] [client 2.119.20.33] Invalid URI in request GET /msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0
[Sun May 22 02:31:00 2011] [error] [client 2.119.20.33] Invalid URI in request GET /scripts/../../winnt/system32/cmd.exe?/c+dir HTTP/1.0
単に「誰か」がURL経由でそれらのファイルにアクセスしようとしました。実際、これはおそらく、使用可能なエクスプロイトを探す自動化されたスクリプトです。
これらの特定のリクエストは明らかにWindowsシステムを対象としていますが、Apacheモジュールmod_securityをインストールして構成し、それらのリクエスト(およびLinuxシステムも対象とするリクエスト)をキャッチしてブロックすることをお勧めします。
[〜#〜]編集[〜#〜]
実際、奇妙なのは、logwatchが190ファイルと言っていることです。これはログに対応していないようです。
また、404/500および同様のエラーの場合、次のようなレポートが表示されます。
--------------------- httpd Begin ------------------------
Requests with error response codes
404 Not Found
/favicon.ico: 2 Time(s)
500 Internal Server Error
/: 1 Time(s)
---------------------- httpd End -------------------------
たぶんlogwatchは、.exeファイルだけでなく、Windows実行可能ファイルその他の拡張子として解釈します。