#!/bin/sh

#Set appropriately for your system.
HTTPLOG="/home/httpd/logs/access_log"
UNIQOUT="/home/httpd/logs/hacks.log"
TIMEDOUT="/home/httpd/logs/timed_hacks.log"
TMPFILE="/tmp/hacks.log"

grep -i 'null\.printer' $HTTPLOG | awk '{print $1}' | sort | uniq  > $TMPFILE
grep -i '/MSADC/root\.exe'  $HTTPLOG | awk '{print $1}' | sort | uniq >> $TMPFILE
grep -i 'default\.ida'  $HTTPLOG | awk '{print $1}' | sort | uniq >> $TMPFILE
cat $TMPFILE | sort | uniq > $UNIQOUT
echo '--------NULL.printer--------' > $TMPFILE
grep -i 'null\.printer' $HTTPLOG | awk '{print $4 " " $5 " " $1}' >> $TMPFILE
echo '--------Nimda Worm---------' >> $TMPFILE
grep -i '/MSADC/root\.exe'  $HTTPLOG | awk '{print $4 " " $5 " " $1}' >> $TMPFILE
echo '--------Code Red-----------' >> $TMPFILE
grep -i 'default\.ida'  $HTTPLOG | awk '{print $4 " " $5 " " $1}' >> $TMPFILE
mv -f $TMPFILE $TIMEDOUT