罪と罰++二律背反

SWATCH設定／運用 の変更点

http://aqure.sakura.ne.jp/wiki/index.php?SWATCH%C0%DF%C4%EA%A1%BF%B1%BF%CD%D1

[ トップ ]   [ 編集 | 差分 | バックアップ | 添付 | リロード ]   [ 新規 | 一覧 | 単語検索 | 最終更新 | ヘルプ ]   [ リンク元 ]

• 追加された行はこの色です。
• 削除された行はこの色です。
• SWATCH設定／運用 へ行く。

---

[[Swatch]]

*設定ファイルを.swatchrcファイルに記述する [#g20a277f]
*起動ファイル [#aacdf2e4]
-/etc/init.d/swatch

*ログローテート対策 [#xd4b4b90]
-/etc/cron.daily/logrotate
-ローテート時に、swatchを停止しておく
 #!/bin/sh
 
 # swatch stop
 /usr/bin/killall tail
 /bin/sleep 3
 
 #  log rotate
 /usr/sbin/logrotate /etc/logrotate.conf
 
 touch /var/log/messages
 touch /var/log/secure
 
 # swatch start
 /etc/init.d/swatch start

*参考 [#k54f49e2]
-DEER'N HOUSE: Swatchでログ監視する((http://www.deer-n-horse.jp/linux/tips/swatch.html))
-LinuxWORLD 2002 Dec. クラッキング対策のイロハ

**swatchrc_secure [#f286a0b2]
 # swatchrc_secure
 watchfor = /refused/
 	echo
 	mail=aqure
 
**swatchrc_messages [#nbefd15f]
 #
 watchfor = /refused/
 	echo
 	mail=aqure
 #
 watchfor = /authentication failure/
 	echo
 	mail aqure
 
**swatch スクリプト [#xb80ff4b]
 # swatch スクリプト
 #!/bin/sh
 #
 # swatch   swatch is monitaring for logs and specific action from external
 #          will send mail for specific users.
 #
 # chkconfig: 2345 42 42
 # description: monitaring logs tool.
 # processname: swatch
 # config: /etc/swatch/swatch_secure
 
 # Source function library.
 . /etc/rc.d/init.d/functions
 
 # Source networking configuration.
 . /etc/sysconfig/network
 
 # Check that networking is up.
 [ ${NETWORKING} = "no" ] && exit 0
 
 [ -f /usr/bin/swatch ] || exit 0
 [ -f /etc/swatch/swatch_secure ] || exit 0
 
 RETVAL=0
 
 # See how we were called.
 case "$1" in
   start)
         # Start daemons.
         echo -n "Starting swatch_secure: "
         swatch -c /etc/swatch/swatch_secure -t /var/log/secure &
         swatch -c /etc/swatch/swatch_messages -t /var/log/messages &
 	RETVAL=$?
         echo
         [ $RETVAL -eq 0 ] && touch /var/lock/subsys/swatch
         ;;
   stop)
         # Stop daemons.
         echo -n "Shutting down swatch: "
 	#killproc swatch
         #pid=`pidof tail`
 
 	pid_secure=`ps ax | grep secure | awk '{print $1}'`
 	pid_message=`ps ax | grep message | awk '{print $1}'`
 
         #kill -9 $pid > /dev/null 2>&1
         kill -9 $pid_secure > /dev/null 2>&1
         kill -9 $pid_message > /dev/null 2>&1
 
 	RETVAL=$?
         echo
         [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/swatch
         ;;
   status)
 	status swatch
 	RETVAL=$?
 	;;
   restart|reload)
 	$0 stop
 	$0 start
 	RETVAL=$?
 	;;
   *)
         echo "Usage: swatch {start|stop|restart|reload|status}"
         exit 1
 esac
 
 exit $RETVAL

       

Site admin: aqure

PukiWiki 1.4.7 Copyright © 2001-2006 PukiWiki Developers Team. License is GPL.
Based on "PukiWiki" 1.3 by yu-ji. Powered by PHP 5.2.17. HTML convert time: 0.003 sec.