ayre_bel_maniake

bash: docker: command not found
/dev/mapper/ubuntu--vg-ubuntu--lv on /var/log/modsecurity type ext4 (rw,relatime)
drwxr-xr-x 2 root root 4096 May 21 15:55 /var/log/modsecurity
total 0
SecAuditLogType Serial
SecAuditLog        /var/log/modsecurity/audit.log
SecAuditLogParts   ABIJDEFHZ
SecAuditLogRelevantStatus ".*" 
 security2_module (shared)
 proxy_module (shared)
 proxy_http_module (shared)
VirtualHost configuration:
*:80                   localhost (/usr/local/apache2/conf/extra/httpd-vhosts.conf:1)
ServerRoot: "/usr/local/apache2"
Main DocumentRoot: "/usr/local/apache2/htdocs"
Main ErrorLog: "/proc/self/fd/2"
Mutex default: dir="/usr/local/apache2/logs/" mechanism=default 
Mutex ssl-stapling-refresh: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/usr/local/apache2/logs/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name="www-data" id=33
Group: name="www-data" id=33
[1] 200
bash: curl: command not found
total 0
tail: [Wed May 21 18:32:48.089627 2025] [:error] [pid 13:tid 138134091593472] [client 10.0.2.15:58422] [client 10.0.2.15] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "10.0.2.10"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "10.0.2.10"] [uri "/"] [unique_id "aC4cUE6DAuzrrYbznoa0xgAAAAA"]
[Wed May 21 18:32:48.109900 2025] [:error] [pid 13:tid 138134083200768] [client 10.0.2.15:58422] [client 10.0.2.15] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "10.0.2.10"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "10.0.2.10"] [uri "/login.php"] [unique_id "aC4cUE6DAuzrrYbznoa0xwAAAAE"]
[Wed May 21 18:32:52.564859 2025] [:error] [pid 13:tid 138133999974144] [client 10.0.2.15:58422] [client 10.0.2.15] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "10.0.2.10"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "10.0.2.10"] [uri "/login.php"] [unique_id "aC4cVE6DAuzrrYbznoa0yAAAAAI"], referer: http://10.0.2.10/login.php
[Wed May 21 18:32:52.615218 2025] [:error] [pid 13:tid 138133991581440] [client 10.0.2.15:58422] [client 10.0.2.15] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "10.0.2.10"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "10.0.2.10"] [uri "/setup.php"] [unique_id "aC4cVE6DAuzrrYbznoa0yQAAAAM"], referer: http://10.0.2.10/login.php
[Wed May 21 18:32:58.841196 2025] [:error] [pid 21:tid 138134091593472] [client 10.0.2.15:47786] [client 10.0.2.15] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "735"] [id "920350"] [msg "Host header is a numeric IP address"] [data "10.0.2.10"] [severity "WARNING"] [ver "OWASP_CRS/3.3.2"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "10.0.2.10"] [uri "/<script>alert(\\"FD\\")</script>"] [unique_id "aC4cWn2aJHJD18Agz7Bq8QAAAEA"]
[Wed May 21 18:32:58.841805 2025] [:error] [pid 21:tid 138134091593472] [client 10.0.2.15:47786] [client 10.0.2.15] ModSecurity: Warning. Pattern match "(?i)<script[^>]*>[\\\\s\\\\S]*?" at REQUEST_FILENAME. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "82"] [id "941110"] [msg "XSS Filter - Category 1: Script Tag Vector"] [data "Matched Data: <script> found within REQUEST_FILENAME: /<script>alert(\\x22FD\\x22)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "10.0.2.10"] [uri "/<script>alert(\\"FD\\")</script>"] [unique_id "aC4cWn2aJHJD18Agz7Bq8QAAAEA"]
[Wed May 21 18:32:58.842243 2025] [:error] [pid 21:tid 138134091593472] [client 10.0.2.15:47786] [client 10.0.2.15] ModSecurity: Warning. Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "modsecurity"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "10.0.2.10"] [uri "/<script>alert(\\"FD\\")</script>"] [unique_id "aC4cWn2aJHJD18Agz7Bq8QAAAEA"]
[Wed May 21 18:32:58.844162 2025] [:error] [pid 21:tid 138134091593472] [client 10.0.2.15:47786] [client 10.0.2.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/modsecurity.d/owasp-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "91"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.2"] [tag "modsecurity"] [tag "event-correlation"] [hostname "10.0.2.10"] [uri "/<script>alert(\\"FD\\")</script>"] [unique_id "aC4cWn2aJHJD18Agz7Bq8QAAAEA"]
cannot open '/var/log/modsecurity/audit.log' for reading: No such file or directory
10.0.2.15 - - [21/May/2025:18:32:48 +0000] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"
10.0.2.15 - - [21/May/2025:18:32:48 +0000] "GET /login.php HTTP/1.1" 200 699 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"
10.0.2.15 - - [21/May/2025:18:32:52 +0000] "POST /login.php HTTP/1.1" 302 - "http://10.0.2.10/login.php"; "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"
10.0.2.15 - - [21/May/2025:18:32:52 +0000] "GET /setup.php HTTP/1.1" 200 1693 "http://10.0.2.10/login.php"; "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"
10.0.2.15 - - [21/May/2025:18:32:58 +0000] "GET /%3Cscript%3Ealert(%22FD%22)%3C/script%3E HTTP/1.1" 404 323 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"