#!/bin/sh
# www.daily v1.1  (c) 29.8.97 by Andreas Ley  (u) 27.8.2001
# Daily www maintenance jobs, requiring root priviledge

ServerRoot=${1:-/usr/local/etc/httpd}

if cd ${ServerRoot}/logs; then :; else
	echo "Can't change to ${ServerRoot}/logs" >&2
	exit 1
fi

PATH=${ServerRoot}/bin:/usr/machine/bin:/bin:/usr/bin:/usr/segment/bin
export PATH

################################################################################
#
# Analyze logs
#

egrep '^(129\.13\.|141\.3\.|193\.196\.(3[2-9]|[45][0-9]|6[0-3])\.|10\.|172\.(1[6-9]|2[0-9]|3[0-1])\.|192\.168\.).*(/scripts/root.exe|/MSADC/root.exe|/winnt/system32/cmd.exe)' access_log access_log.1 | cut -d\  -f1 .tmp | sort | uniq -c | sort -n >.tmp
if test -s .tmp; then
	(echo "Subject: Nimda on `hostname`"
	echo
	echo "Nimda scans seen from these hosts:"
	echo
	cat .tmp) | \
	/usr/lib/sendmail -i andy@rz.uni-karlsruhe.de
fi
rm -f .tmp

exit 0