SecOps (Task - 5)

Task completed under guidance of World Record Holder Vimal Daga sir

Problem Statement :-

Create a automated system which will be useful for a server in terms of following featues:-

1. This system will keep log of the information about the clients hit or request to the server for example we can get log file of a webserver at location /var/log/httpd/

request for example if a client is sending request repeatedly. for this purpose we can use here clustering to make clusters of different patterns of client request and to identify which cluster of client requests can cause some security and performance issue in the server

3. If any kind of unusual pattern we got then we can use jenkins to perform certain task for example it can run some command to block that ip which is causing this trouble.

Here I'm explaining about my work :-

If we try to access the file in any web server which have only restricted permissions and not allowed to access by others then If we access them then the status code will be recorded as non 200 in the Apache access log file and I used that one to do my task.

I created automated system in Jenkins and the Jobs in Jenkins will do the following steps :-

-> First Job will Copy the access log file of apache2 from /var/log/apache2/access.log file to the destination directory and grants permissions to the log file and downloads the git repo and copies into the same destination directory...

-> Second Job will work with 3 python scripts and they will execute in the following manner

-> 1.txt_to_csv.py program will take input file which is access.log and creates a csv file in access.csv format

->2.headers.py will initialize the headers to the csv file and saves as task_5_final.csv

->extract_ip.py program will extract the ip address of the ip which is tried to access unauthorized files and it will dump the ip addresses into final.txt file

->Third job will take input from the final.txt file and bash shell will block that ips using the command

iptables -A INPUT -s ip_address -j DROP

Build-Pipeline view of all Jobs

And the final result of the task:-

Before Blocking the ip of a Windows pc

After ip blocked by Jenkins :-

Thanks to Vimal Daga Sir for providing very valuable content to all of us.......