From 1fbbc8c3b2d719581991b9c031929e50b6a78dfc Mon Sep 17 00:00:00 2001
From: Patrick Neumann <patrick@neumannsland.de>
Date: Fri, 16 Nov 2018 10:16:09 +0100
Subject: [PATCH] first try

---
 etc-cron.daily-anonymize-pafal | 17 ++++++
 index.php                      | 95 ++++++++++++++++++++++++++++++++++
 2 files changed, 112 insertions(+)
 create mode 100755 etc-cron.daily-anonymize-pafal
 create mode 100644 index.php

diff --git a/etc-cron.daily-anonymize-pafal b/etc-cron.daily-anonymize-pafal
new file mode 100755
index 0000000..181c3aa
--- /dev/null
+++ b/etc-cron.daily-anonymize-pafal
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# simple cronjob to anonymize IPv4 and IPv6 addresses
+#   in pafakedaccesslog logfile entries
+#   on a Debian GNU/Linux default Apache2 and PHP installation
+#   placed in /etc/cron.daily/ .
+
+# config
+readonly LOG="/var/www/html/pafal/faccess.log"
+
+# ipv4
+/bin/sed -i -E 's/^([[:digit:]]{1,3}\.)([[:digit:]]{1,3}\.)([^ ]*)(.*)/\1\20.0\4/' "${LOG}"
+
+# ipv6
+/bin/sed -i -E 's/^([[:xdigit:]]{1,4}:)([[:xdigit:]]{1,4}:)([[:xdigit:]]{1,4}:)([^ ]*)(.*)/\1\2\3:0\5/' "${LOG}"
+
+exit 0
\ No newline at end of file
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..973e64e
--- /dev/null
+++ b/index.php
@@ -0,0 +1,95 @@
+<?php
+
+// config
+$file = "faccess.log";
+$max = 100;
+$cron = false;
+
+ob_start();
+
+// show content of file
+?>
+<!DOCTYPE html>
+<html lang='de'>
+  <head>
+    <meta charset='utf-8'>
+    <title>PA | FakedAccessLog</title>
+    <meta content='Patrick Neumann' name='author'>
+    <meta content='1.0' name='version'>
+    <link rel='shortcut icon' type='image/x-icon' href='/favicon.ico'>
+  </head>
+  <body>
+    <h1>P (olizei) A (kademie) | F (aked) <a href='https://httpd.apache.org/docs/2.4/logs.html#combined' target='_blank'>A (ccess) L (og)</a></h1>
+    <pre>
+<?php
+
+readfile( $file );
+
+?>
+    </pre>
+    <p style='font-style:italic;font-size:.8em;'>
+      No access permissions to a "real" access.log are required.
+      - Logrotation with a maximum of 100 entries.
+<?php if( $cron ) {
+echo "      - Daily anonymization of IPv4 (last 16 bits) and IPv6 (last 80 bits) addresses.";
+} ?>
+    </p>
+  </body>
+</html>
+<?php
+
+// count size in bytes
+$size = ob_get_length();
+
+ob_end_flush();
+
+// assemble log line
+$line  = $_SERVER[ "REMOTE_ADDR" ];
+$line .= " ";
+$line .= "-"; // mod_ident is mostly disabled!
+$line .= " ";
+$line .= ( empty( $_SERVER[ "REMOTE_USER" ] ) ) ? "-" : $_SERVER[ "REMOTE_USER" ];
+$line .= " ";
+$line .= strftime( "[%d/%b/%Y:%H:%M:%S %z]", $_SERVER[ "REQUEST_TIME" ] );
+$line .= " \"";
+$line .= $_SERVER[ "REQUEST_METHOD" ];
+$line .= " ";
+$line .= $_SERVER[ "REQUEST_URI" ];
+$line .= " ";
+$line .= $_SERVER[ "SERVER_PROTOCOL" ];
+$line .= "\" ";
+$line .= http_response_code();
+$line .= " ";
+$line .= $size;
+$line .= " \"";
+$line .= ( empty( $_SERVER[ "HTTP_REFERER" ] ) ) ? "-" : $_SERVER[ "HTTP_REFERER" ];
+$line .= "\" \"";
+$line .= $_SERVER[ "HTTP_USER_AGENT" ];
+$line .= "\"";
+$line .= "\n";
+
+// prepare error message
+$user = shell_exec( "whoami" );
+$emsg = "The webserver has no permissions to read and/or write $file.<br>";
+$emsg .= "How to fix it:<br>";
+$emsg .= "~# touch $file<br>";
+$emsg .= "~# chown $user $file<br>";
+$emsg .= "~# chmod 644 $file";
+
+// delete oldest log line if max is reached
+if( $log = file( $file ) ) {
+  if( count( $log ) >= $max ) $log = array_slice( $log, 1 );
+} else {
+  die( $emsg );
+}
+
+// append log line to file
+$log[] = $line;
+if( $add = fopen( $file, 'w' ) ) {
+  fwrite( $add, implode( '', $log ) );
+  fclose( $add );
+} else {
+  die( $emsg );
+}
+
+?>
\ No newline at end of file