CSP2101 Scripting Languages Assignment 3- Software Based Solution
Having completed your two main portfolio activities, you are now required to further develop your shell scripting skills by developing a script that automates a task commonly performed by Linux administrators - the analysis of server access logs to identify and report upon suspicious activity.
Each server access log contains 500 records organised into the following columns:
|DATE||Not required for the assignment|
|DURATION||Not required for the assignment|
|PROTOCOL||TCP, UDP, ICMP, GRE|
|SRC IP||Various codes|
|SRC PORT||Port from which incoming packets have been sent|
|DEST IP||Various codes|
|DEST PORT||Port to which incoming packets have been sent|
|PACKETS||Number of packets sent in a transfer|
|BYTES||Size of packets sent in a transfer|
|FLOWS||Not required for the assignment|
|FLAGS||Not required for the assignment|
|TOS||Not required for the assignment|
|CLASS||suspicious or normal|
Part 1 – Write the Code (Shell Script, 30 marks)Functional Requirements (15 marks)
Your server access log must provide the user with the following functionality:
- Run a search on available server access logs based on one (1), two (2) and three (3) field criteria inputs.
- Give the user the option to a) search all server access logs available in a directory, or b) search just
one (1) specific log of the user’s choice.
- Export the results of any search to a text file and destination directory of the user’s choosing. Where the file and/or destination directory nominated by the user are non-existent, your script will create them.
- Any records in which the CLASS field is set to normal are to be automatically excluded from the search results printed to the screen
- When the PACKETS and/or BYTES fields are used as search criteria, the user should be able to choose greater than (-gt), less than (-lt), equal to (-eq) or not equal to !(-eq) the specific value they provide.
- When the PACKETS and/or BYTES fields are used as search criteria, totals for each of these should also be calculated and displayed as the final row of the search results printed to the screen
- When the SRC IP or DEST IP fields are used as search criteria, the user should only need provide a partial search string rather than a complete value, e.g. search using the partial string EXT rather than the exact value EXT_SERVER
Usability, Reliability and Efficiency Requirements (10 marks)
- All string-based searches should be case insensitive.
- The results of any search are to be printed to the screen in a columnar format, uniformly aligned and spaced.
- All user inputs are to be fully validated and sanitised as required to ensure the correct execution of subsequent code.
- The script is to display a high level of abstraction, .i.e. the hard-coding of values is to be avoided.
- The efficiency of your code will also be considered, hence the degree of thought you apply to the selection of and interaction between shell script elements such as logical tests, control structures (if- elif-fi, loops, arrays), functions, command substitution, regular expressions, piping, redirection and utilities, e.g. awk, is important.
- The user must be able to conduct as many search operations as they wish without the script terminating. Hence, the script must continue to run until the user specifically chooses to terminate it via a menu option.
- All menus, options and prompts are to be easily understood and require minimal input from the user in response.
- Sound code structure and full commenting will be examined by your tutor and factor into your grade.
Enhanced Functionality (5 marks)
Enhance the functionality of your server access log analysis tool by devising and coding one (1) additional feature that is not available as one of the default features listed under the Functional Requirements section of this brief. This additional feature is to allow the user to work with the server access logs in a useful and meaningful way that adds genuine value to the analysis tool. An example might be to provide the user with the ability to send a server access log analysis report to a specified email address instead of the default option of storing it as a text file in a given directory. Please do not use this example as your additional feature – it is provided as an example only.
Part 2 – Explain Your Work (Video, 10 Marks)
Required Video Elements
Record a video using Panopto that fulfills the following criteria:
- Begin with you appearing on-screen displaying your Student ID card and verbally stating your full name and student number.
- A full run-through of your code demonstrating Functional Requirements 1 through 7 in action.
- Explain how you have addressed Usability, Reliability and Efficiency Requirements 1 through 8, pointing to specific example(s) in the code and code output in each case.
- Explain and demonstrate the Enhanced Functionality achieved by the one (1) additional feature you created that allows the user to work with the server access logs in a useful and meaningful way that adds genuine value to the analysis tool.
- Change one element of code, e.g., such as a message displayed when invalid input is provided and then re-run the code to show the change in action.
- If there was any Functional or Usability, Reliability and Efficiency requirements you were not able to implement then briefly explain the reasons why this was the case, e.g. ran out of time, couldn’t figure out the code required, etc.
- Both the video and audio elements of your presentation should be of good quality.
- Your video must not be more than 8 minutes long, i.e. your tutor will stop viewing your presentation at the 8 minute mark and anything thereafter will not factor into your grade.