awstats – 로그 분석/통계 툴

 설치


apt-get install awstats -y

 

 

 설정파일/etc/awstats/awstats.conf.local

LogFile="/var/log/nginx/wp-access.log"
SiteDomain="andrwj.com"
DirData="/var/www/andrwj.com/stats/"
DirIcons="/icon"
HostAliases="www.andrwj.com"
LogFormat = "%host - %host_r %time1 %code %methodurl %bytesd %refererquot %uaquot %otherquot"
DNSLookup = 1
LoadPlugin="geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat"
DefaultFile="index.html"
SkipHosts="10.0.5.2 10.0.1.3"
LogoLink="http://stat.andrwj.com/"
AllowFullYearView=3
LoadPlugin="tooltips"
LoadPlugin="graphgooglechartapi"
SiteDomain="andrwj.com"

 

 NginX 설정파일 수정


# In HTTP section
map $remote_addr $log_ip {   
    "127.0.0.1" 0;
    "10.0.0.2" 0;
    "10.0.0.3" 0;
    default 1;
}
# for awstats
log_format main '$remote_addr - $remote_user [$time_local] $status '
  '"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"' if=$log_ip;

 

 cgi-bin.php 생성


$descriptorspec = array(
   0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
   1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
   2 => array("pipe", "w")   // stderr is a file to write to
);
$newenv = $_SERVER;
$newenv["SCRIPT_FILENAME"] = $_SERVER["X_SCRIPT_FILENAME"];
$newenv["SCRIPT_NAME"] = $_SERVER["X_SCRIPT_NAME"];
if (is_executable($_SERVER["X_SCRIPT_FILENAME"])) {
   $process = proc_open($_SERVER["X_SCRIPT_FILENAME"], $descriptorspec, $pipes, NULL, $newenv);
   if (is_resource($process)) {
       fclose($pipes[0]);
       $head = fgets($pipes[1]);
       while (strcmp($head, "\n")) {
           header($head);
           $head = fgets($pipes[1]);
       }
       fpassthru($pipes[1]);
       fclose($pipes[1]);
       fclose($pipes[2]);
       $return_value = proc_close($process);
   } else {
       header("Status: 500 Internal Server Error");
       echo("Internal Server Error");
   }
} else {
   header("Status: 404 Page Not Found");
   echo("Page Not Found");
}
?>

 

  logrotate 설정파일 수정/etc/logrotate.d/nginx

/var/log/nginx/*.log {
        daily
        missingok
        rotate 30
        compress
        delaycompress
        notifempty
        create 0640 www-data adm
        sharedscripts
        prerotate
    /usr/share/doc/awstats/examples/awstats_updateall.pl now -awstatsprog=/usr/lib/cgi-bin/awstats.pl
                if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
                        run-parts /etc/logrotate.d/httpd-prerotate; \
                fi \
        endscript
        postrotate
                invoke-rc.d nginx rotate >/dev/null 2>&1
        endscript
}

 

 Crontab 항목 추가

#!/bin/bash
/usr/bin/awstats \
        -config=andrwj.com \
        -update \
        -awstatsprog=/usr/lib/cgi-bin/awstats.pl \
        -output | sed -e 's/awstats\.awstats/awstats\.pl/g' >  /var/www/andrwj.com/stats/index.html

 

GeoIP based IP Block on Debian Buster

셋업 절차
# have to become root
$ id
uid=0(root) gid=0(root) groups=0(root)
# install required modules
$ apt-get install xtables-addons-common libnet-cidr-lite-perl libtext-csv-xs-perl libgeoip2-perl -y

# loading kernel extension
$ modprobe xt_geoip

# if failed to load
$ apt-get install module-assistant git bc bison flex libssl-dev libncurses5-dev
$ git clone https://github.com/notro/rpi-source.git
$ cd rpi-source
$ python ./rpi-source
$ export KERNELDIRS=/root/linux
$ module-assistant --verbose --text-mode auto-install xtables-addons
$ modprobe x_tables
$ modprobe xt_geoip

# confirm
$ lsmod | grep geoip
xt_geoip 16384 5
x_tables 32768 5 xt_state,xt_geoip,ip_tables,nft_compat,xt_conntrack

# move to following location to fetch data
$ cd /usr/src/xtables-addons-3.2/geoip
$ ./xt_geoip_dl
$ ls -la
drwxr-xr-x 2 root root  4096 Jul 14 09:03 GeoLite2-Country-CSV_20190709
-rw-r--r-- 1 root root 17682 Sep 29  2018 Makefile
-rw-r--r-- 1 root root   112 Sep 29  2018 Makefile.am
-rw-r--r-- 1 root root 17169 Sep 29  2018 Makefile.in
-rwxr-xr-x 1 root root  6168 Sep 29  2018 xt_geoip_build
-rw-r--r-- 1 root root  1520 Sep 29  2018 xt_geoip_build.1
-rwxr-xr-x 1 root root   191 Sep 29  2018 xt_geoip_dl
-rw-r--r-- 1 root root   582 Sep 29  2018 xt_geoip_dl.1
-rwxr-xr-x 1 root root  2024 Sep 29  2018 xt_geoip_fetch

# prepare copy GeoIP2 db
$ mkdir -p /usr/share/xt_geoip
$ cd GeoLite2-Country-CSV_20190709
$ ../xt_geoip_build -D /usr/share/xt_geoip

# add xt_geoip kernel module to /etc/modules-load.d for automatic loading when booting
$ echo 'xt_geoip' >> /etc/modules-load.d

# initialize iptables database, then run the followings
iptables -A INPUT -m geoip --src-cc CN -j DROP
iptables -A INPUT -m geoip --src-cc HK -j DROP
iptables -A INPUT -m geoip --src-cc RU -j DROP
iptables -A INPUT -m geoip --src-cc DE -j DROP
iptables -A INPUT -m geoip --src-cc IT -j DROP
 
참조 사이트
  • https://linoxide.com/linux-how-to/block-ips-countries-geoip-addons/
  • https://malicious.link/post/2016/blocking-countries-via-iptables/