Python has an issue with hash collisions that potentially can allow denial of service when exposed to untrusted input. Note that starting with version 1.6 of Mercurial, the hgwebdir.cgi script no longer exists, and its functionality has been merged into the hgweb.cgi script which in most cases can be used with the same configuration. Some are more powerful than others but may require more effort to set up and administer.įor private or restricted-access repositories, aside from the solutions explicitly marked as "private/internal" in the table below, authentication measures (certificates, logins) can be applied to many of the "public" solutions in order to restrict access. There are a variety of different ways to publish your Mercurial repositories.
See SecuringRepositories for guidance on how to secure a Mercurial repository published via the Internet. The table in the next section gives a comprehensive overview of the different repository publishing options. We won't cover it here, see StaticHTTP instead. This uses a much slower 'serverless' protocol called static-http. It is not really recommended except for temporary situations where you need to publish a repository for a few minutes, for example to pull changes from a laptop. This is hgweb, but running within Mercurial's built-in Web server.
The recommended method for self-publishing repositories over HTTP is to use the hgweb scripts with a dedicated Web server such as Apache or IIS. The easiest way to share changes with other people using Mercurial is to publish them on the Web.
Sample: Does a random sampling of the log lines in order to look at a certain percentage, this is useful when the user doesn't want to do a full scan of all the log, but just ping it to see if there is some problem.Īttack: Specify what classes of vulnerabilities the tool will look at (eg, look only for XSS, SQL Injection, etc.) Period: Specify a time-frame to look at, all the rest will be ignored Tough: Will decode a part of potential attacks (this is done to use better the regexp from PHP-IDS in order to - decrease the false-negative rate) Scalp has a couple of options that may be useful in order to save time when scalping a huge log file or in order to perform a full examination the default options are almost okay for log files of hundreds of MB.Įxhaustive: Won't stop at the first pattern matched, but will test all the patterns
Scalp started as a simple python script which is still maintained, but I plan to focus my effort on the binary version (written in C++) for efficiency when it comes to scalp huge log files.
(actually, Scalp! can even download it for you :3 )
You will then need latest version of this file in order to run Scalp. These regexp has been chosen because of their quality and the top activity of the team maintaining that project. Scalp is basically using the regular expression from the PHP-IDS project and matches the lines from the Apache access log file. The main idea is to look through huge log files and extract the possible attacks that have been sent through HTTP/GET (By default, Apache does not log the HTTP/POST variable).ĭefault_filters.xml is a part of PHP IDS project How it works
Scalp! is a log analyzer for the Apache web server that aims to look for security problems developed by Romain Gaucher.
Scalp!/Anathema is a fork (or rather saving the code before GoogleCode collapses) of the original project originally hosted at GoogleCode (one of thousands forks, I feel) My aim is to rewrite outdated places (Scalp! was written at 2008, and since then Python has made a big step forward), add multiprocessing plus implement Anathema heuristic module.