罪と罰++二律背反
SWATCH設定/運用
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
単語検索
|
最終更新
|
ヘルプ
] [
リンク元
]
開始行:
[[Swatch]]
*設定ファイルを.swatchrcファイルに記述する [#g20a277f]
*起動ファイル [#aacdf2e4]
-/etc/init.d/swatch
*ログローテート対策 [#xd4b4b90]
-/etc/cron.daily/logrotate
-ローテート時に、swatchを停止しておく
#!/bin/sh
# swatch stop
/usr/bin/killall tail
/bin/sleep 3
# log rotate
/usr/sbin/logrotate /etc/logrotate.conf
touch /var/log/messages
touch /var/log/secure
# swatch start
/etc/init.d/swatch start
*参考 [#k54f49e2]
-DEER'N HOUSE: Swatchでログ監視する((http://www.deer-n-ho...
-LinuxWORLD 2002 Dec. クラッキング対策のイロハ
**swatchrc_secure [#f286a0b2]
# swatchrc_secure
watchfor = /refused/
echo
mail=aqure
**swatchrc_messages [#nbefd15f]
#
watchfor = /refused/
echo
mail=aqure
#
watchfor = /authentication failure/
echo
mail aqure
**swatch スクリプト [#xb80ff4b]
# swatch スクリプト
#!/bin/sh
#
# swatch swatch is monitaring for logs and specific ac...
# will send mail for specific users.
#
# chkconfig: 2345 42 42
# description: monitaring logs tool.
# processname: swatch
# config: /etc/swatch/swatch_secure
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/bin/swatch ] || exit 0
[ -f /etc/swatch/swatch_secure ] || exit 0
RETVAL=0
# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting swatch_secure: "
swatch -c /etc/swatch/swatch_secure -t /var/log/...
swatch -c /etc/swatch/swatch_messages -t /var/lo...
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/swatch
;;
stop)
# Stop daemons.
echo -n "Shutting down swatch: "
#killproc swatch
#pid=`pidof tail`
pid_secure=`ps ax | grep secure | awk '{print $1}'`
pid_message=`ps ax | grep message | awk '{print $1}'`
#kill -9 $pid > /dev/null 2>&1
kill -9 $pid_secure > /dev/null 2>&1
kill -9 $pid_message > /dev/null 2>&1
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/swatch
;;
status)
status swatch
RETVAL=$?
;;
restart|reload)
$0 stop
$0 start
RETVAL=$?
;;
*)
echo "Usage: swatch {start|stop|restart|reload|s...
exit 1
esac
exit $RETVAL
終了行:
[[Swatch]]
*設定ファイルを.swatchrcファイルに記述する [#g20a277f]
*起動ファイル [#aacdf2e4]
-/etc/init.d/swatch
*ログローテート対策 [#xd4b4b90]
-/etc/cron.daily/logrotate
-ローテート時に、swatchを停止しておく
#!/bin/sh
# swatch stop
/usr/bin/killall tail
/bin/sleep 3
# log rotate
/usr/sbin/logrotate /etc/logrotate.conf
touch /var/log/messages
touch /var/log/secure
# swatch start
/etc/init.d/swatch start
*参考 [#k54f49e2]
-DEER'N HOUSE: Swatchでログ監視する((http://www.deer-n-ho...
-LinuxWORLD 2002 Dec. クラッキング対策のイロハ
**swatchrc_secure [#f286a0b2]
# swatchrc_secure
watchfor = /refused/
echo
mail=aqure
**swatchrc_messages [#nbefd15f]
#
watchfor = /refused/
echo
mail=aqure
#
watchfor = /authentication failure/
echo
mail aqure
**swatch スクリプト [#xb80ff4b]
# swatch スクリプト
#!/bin/sh
#
# swatch swatch is monitaring for logs and specific ac...
# will send mail for specific users.
#
# chkconfig: 2345 42 42
# description: monitaring logs tool.
# processname: swatch
# config: /etc/swatch/swatch_secure
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/bin/swatch ] || exit 0
[ -f /etc/swatch/swatch_secure ] || exit 0
RETVAL=0
# See how we were called.
case "$1" in
start)
# Start daemons.
echo -n "Starting swatch_secure: "
swatch -c /etc/swatch/swatch_secure -t /var/log/...
swatch -c /etc/swatch/swatch_messages -t /var/lo...
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/swatch
;;
stop)
# Stop daemons.
echo -n "Shutting down swatch: "
#killproc swatch
#pid=`pidof tail`
pid_secure=`ps ax | grep secure | awk '{print $1}'`
pid_message=`ps ax | grep message | awk '{print $1}'`
#kill -9 $pid > /dev/null 2>&1
kill -9 $pid_secure > /dev/null 2>&1
kill -9 $pid_message > /dev/null 2>&1
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/swatch
;;
status)
status swatch
RETVAL=$?
;;
restart|reload)
$0 stop
$0 start
RETVAL=$?
;;
*)
echo "Usage: swatch {start|stop|restart|reload|s...
exit 1
esac
exit $RETVAL
ページ名: