#!/bin/sh

EMAIL="user@example.org"

ACCESS_LOG="/tmp/suspic-access"
ERROR_LOG="/tmp/suspic-error"

egrep -h 'pma|admin|sql|w00t|CONNECT|wp-admin|wordpress|cgi-bin' /var/www/logs/access_log > ${ACCESS_LOG}
egrep -h 'client denied' /var/www/logs/error_log | grep 'server-status' > ${ERROR_LOG}

#cat ${ACCESS_LOG} | mail -s "Suspicious Webserver URLs" ${EMAIL}
#cat ${ERROR_LOG} | mail -s "Unauthorized server-status clients" ${EMAIL}

#rm ${ACCESS_LOG} ${ERROR_LOG}