1. Engineering
  2. Computer Science
  3. unix the data file is comprised of a header followed...

Question: unix the data file is comprised of a header followed...

Question details

UNIX:

The data file is comprised of a header, followed by lines containing firewall events. You can

view the head of the file with the following command;

cat firewall.log | head

OUTPUT OF COMMAND:
#Version 1.5
#Software: Microsoft Windows Firewall
#Time Format: local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size

2018-05-25 11:47:02 FORWARD TCP 11.100.6.64 10.202.41.103 2176 7 953880
2018-02-22 03:34:00 FORWARD UDP 11.102.7.64 10.202.40.101 2075 65 116445
2018-03-20 04:47:11 REJECT UDP 9.102.8.65 10.202.41.101 2189 97 985631
2018-11-08 14:14:47 REJECT TCP 10.101.8.64 10.202.40.103 2158 63 164259
2018-07-24 22:46:54 REJECT TCP 11.100.6.65 10.202.41.103 2089 61 991882

TIP:

If you find yourself with a massive number of lines printing to the terminal; pressing

CTRL-C will stop the output of the file

QUESTION 1:

(10 points)

Write a command to count the number of firewall events in the file.

Your command should exclude the header using a simple regular

expression.

Notice that the firewall event fields are delineated by a single space and contain the following

data points; date, time, action, protocol, src-ip, dst-ip, src-port, dst-port, size

QUESTION 2:

(10 points)

Write a command to count the number of unique values in the src-ip

field.

The date field follows the format YYYY-MM-DD; the month and day values are padded to 2

characters.

QUESTION 3:

(20 points)

Write a command to count the number of events that match these

conditions;

-

The event occurred in August, 2018 OR on July 4th 2018

2018-08-xx OR 2018-07-04

-

The dst-port field is either 80 or 443

-

the action field is ACCEPT

The time field follows the format of; HH:MM:SS

QUESTION 4:

(20 points)

Write a command to count the number of events that meet this

criteria;

-

The event occurred between midnight and 3 AM

00:00:00 to 03:00:00

-

The dst-port is 22

-

The action is DROP

-

The protocol is TCP

For the last remaining question in part 1; recall that man pages provide details on available

arguments for the majority of programs on a Linux computer.

QUESTION 5:

(20 points)

Write a command to display the src-ip value for events that match

the following criteria;

-

The size field is less than or equal to 500

-

the dst-ip field starts with 10.202.40

Part 2 - 20 points

For this part, you will need to make use of the

sort

,

tail

and/or

head

programs. Study the man

pages for these programs to assist you with answering this question.

QUESTION 6:

(10 points Each)

Write a command to print the date and time of the earliest event in

the firewall.log file.

Create a second command to print the date and time of the latest

event in the file.

Solution by an expert tutor
Blurred Solution
This question has been solved
Subscribe to see this solution