4 files changed, 219 insertions, 0 deletions
diff --git a/community/swatch/APKBUILD b/community/swatch/APKBUILD
new file mode 100644
index 0000000000..54124edc81
--- /dev/null
+++ b/community/swatch/APKBUILD
@@ -0,0 +1,58 @@
+# Contributor: Mika Havela <mika.havela@gmail.com>
+# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
+pkgname=swatch
+_realname=swatchdog
+pkgver=3.2.4
+pkgrel=4
+pkgdesc="Logfile monitoring tool"
+url="https://sourceforge.net/projects/swatch/"
+arch="noarch"
+license="GPL"
+depends="perl perl-date-calc perl-date-format perl-date-manip perl-file-tail perl-carp-clan"
+makedepends="perl-dev"
+install=""
+subpackages="$pkgname-doc"
+source="$pkgname-$pkgver.tar.gz::https://downloads.sourceforge.net/project/$pkgname/$_realname/$_realname-$pkgver.tar.gz
+	swatch.initd
+	swatch.confd
+	swatchrc"
+
+_builddir="$srcdir"/$_realname-$pkgver
+build() {
+	cd "$_builddir"
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+        make || return 1
+        make test || return 1
+}
+
+package() {
+	cd "$_builddir"
+	make DESTDIR="$pkgdir" install
+        make realclean || return 1
+
+	# remove perllocal.pod and .packlist
+	find "$pkgdir" -name perllocal.pod -delete
+	find "$pkgdir" -name .packlist -delete
+
+	mkdir -p "$pkgdir"/etc/init.d/ "$pkgdir"/etc/conf.d/ \
+		"$pkgdir"/etc/$pkgname/ || return 1
+
+	cp "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	cp "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	cp "$srcdir"/${pkgname}rc "$pkgdir"/etc/$pkgname/${pkgname}rc
+
+	chmod 755 "$pkgdir"/etc/init.d/$pkgname
+}
+
+md5sums="df4c20ff7d3f6a46a2efd72a42078011  swatch-3.2.4.tar.gz
+69695f3a4bfb1096c7d66b5cf99f7273  swatch.initd
+a02a10a0266781a1ce16cc3b5e84968c  swatch.confd
+8a92d37f96982030e0283dc7fe706da8  swatchrc"
+sha256sums="5bb644d3750ee89b9aecab797df66b28b9fd174a5f0f96cd62367af8975b4f63  swatch-3.2.4.tar.gz
+95f077870c694ea099b45722adb820684e33d6edce48643ea23d64d179962310  swatch.initd
+6d538c6c915c14b5820e878876cb2410f782afb8f0a930edd9c941ab4011e9c8  swatch.confd
+8569d090eba3465e3f26705bd5ea738c7b35dabeae77b68f25508aee520cfca6  swatchrc"
+sha512sums="4e0a4e3feed00df0f0d04f94cc090e53e71fa9b20d46236ec41d63b98b5733d80a5941b491cffcbb0b655a9c7d2b5c9423ca7ae043346dbe1b05ee6ab24b9489  swatch-3.2.4.tar.gz
+4d274d4875664dee989016be71d8e72583766b88da684a4f0c242ec8d7b213c2a917395ee15cd5d446d2dbbfc9665bb75729e010a8fdcc6ba12985a19354b0ca  swatch.initd
+493f3e54e6472ee349c3d56537d3ad88405936d6551defa802911625e84a9afabc13c4975e2edfe63e723c48cfdfe09b966e807d05ca218b4cd238889b656fde  swatch.confd
+6579b3e998640f571097cddb65c7772f62855605fb38fbeb4e53976d72faacb6bdb90f7392727170e0e523d19ae74f19b30ec5fd0c5fab8c67f64976ee0f2d73  swatchrc"
diff --git a/community/swatch/swatch.confd b/community/swatch/swatch.confd
new file mode 100644
index 0000000000..5cbdc0a205
--- /dev/null
+++ b/community/swatch/swatch.confd
@@ -0,0 +1,8 @@
+## tail-args
+#   Arguments for tail program
+tailargs="-n 0 -F"
+
+## script-dir
+#   This switch causes the temporary watcher script to be written to a file in the specified directory rather than the user's home directory.
+#   It is highly advised that you do NOT use directories that are writable by others such as /tmp.
+scriptdir="/tmp/swatch"
diff --git a/community/swatch/swatch.initd b/community/swatch/swatch.initd
new file mode 100755
index 0000000000..1ca390f2b3
--- /dev/null
+++ b/community/swatch/swatch.initd
@@ -0,0 +1,50 @@
+#!/sbin/openrc-run
+
+# swatch init.d file for alpine linux.
+
+name=swatch
+daemon=/usr/bin/$name
+configfile=/etc/${name}/swatchrc
+tailfile=/var/log/messages
+
+SVC="${SVCNAME#*.}"
+if [ -n "${SVC}" ] && [ "${SVCNAME}" != "${name}" ]; then
+	SVCPID="${name}.${SVC}.pid"
+	configfile="${configfile}.${SVC}"
+	tailfile=$(find /var/log -name "${SVC}" | head -1)
+	[ ! "${tailfile}" ] && tailfile="/var/log/${SVC}"
+else
+	SVCPID="${name}.pid"
+fi
+
+depend() {
+#	need net
+	after syslog
+}
+
+start() {
+	ebegin "Starting ${name}"
+		einfo "Preparing to monitor ${tailfile}"
+		if [ ! -e "${tailfile}" ]; then
+			eerror "${tailfile} does not exist"
+			return 1
+		fi
+		if [ ! -e "${configfile}" ]; then
+			eerror "Configfile ${configfile} is missing"
+			return 1
+		fi
+		mkdir -p "${scriptdir}"
+		start-stop-daemon --start --quiet --background \
+			--make-pidfile --pidfile /var/run/${SVCPID} \
+			--exec ${daemon} -- \
+			--config-file="${configfile}" --script-dir="${scriptdir}" \
+			--tail-file="${tailfile}" --tail-args="${tailargs}"
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${name}"
+		kill $(ps | grep .swatch_script.$(cat /var/run/${SVCPID}) | grep -v 'grep' | awk '{ print $1}')
+	eend $?
+}
+
diff --git a/community/swatch/swatchrc b/community/swatch/swatchrc
new file mode 100644
index 0000000000..3ea2615a94
--- /dev/null
+++ b/community/swatch/swatchrc
@@ -0,0 +1,103 @@
+###############################################################################
+### Swatch example config
+#
+# The configuration file is used by the swatch(8) program to determine what
+# types of expression patterns to look for and what type of action(s) should be
+# taken when a pattern is matched.
+# Each line should contain a keyword and a, sometimes optional, value for that
+# keyword. The keyword and value are separated by a space or an equal (=) sign.
+#
+# watchfor regex
+# ignore regex
+#
+# echo [modes]
+#    Echo the matched line. The text mode may be normal, bold, underscore,
+#    blink, inverse, black, red, green, yellow, blue, magenta, cyan, white,
+#    black_h, red_h, green_h, yellow_h, blue_h, magenta_h, cyan_h,
+#    and/or white_h. The _h colors specify a highlighting color. The other
+#    colors are assigned to the letters. Some modes may not work on some
+#    terminals. Normal is the default.
+# bell [N]
+#    Echo the matched line, and send a bell N times (default = 1).
+# exec command
+#    Execute command. The command may contain variables which are substituted
+#    with fields from the matched line. A $N will be replaced by the Nth field
+#    in the line. A $0 or $* will be replaced by the entire line.
+# mail [addresses=address:address:...][,subject=your_text_here]
+#    Send mail to address(es) containing the matched lines as they appear
+#    (default address is the user who is running the program).
+# pipe command[,keep_open]
+#    Pipe matched lines into command. Use the keep_open option to force the
+#    pipe to stay open until a different pipe action is run or until swatch
+#    exits.
+# write [user:user:...]
+#    Use write(1) to send matched lines to user(s).
+# threshold track_by=key, type=<limit|threshold|both, count=number, seconds=number>
+#    Thresholding can be done for the complete watchfor block and/or for
+#    individual actions. Add ``threshold=on'' as an option along with the other
+#    threshold options when thresholding an individual action.
+#        track_by
+#            The value of this should be something that is unique to the
+#            watchfor regular expression. Tip: enclose unique parts of the
+#            regular expression in parentheses, then use the sub matches as
+#            part of the value (e.g. track_by=``$2:$4'').
+#        type
+#            There are three types of thresholding. They are as follows:
+#                limit
+#                    Perform action(s) for the first "count`` matches during
+#                    the time interval specified by ''seconds", then ignore
+#                    events for the rest of the time interval (kind of like
+#                    throttle)
+#                threshold
+#                    Perform action(s) on each match for up to count matches 
+#                    during the time interval specified by seconds
+#                both
+#                    Perform actions(s) once per time interval after "count``
+#                    matches occur, then ignore additional matches during the
+#                    time interval specified by ''seconds"
+# continue
+#    Use this action to cause swatch to continue to try to match other
+#    pattern/action groups after it is done with the current pattern/action
+#    block.
+# quit
+#    Use this action to cause swatch to clean up and quit immediately. 
+###############################################################################
+
+## Successful SSH Login Attempts
+watchfor        /sshd.*(: [aA]ccepted)(.*)( from )(.*)( port .*)$/
+		threshold track_by=$4,type=limit,count=1,seconds=60
+		echo bold green
+		#mail='receiver@foo.bar',SUBJECT=sshd: Accepted connection,MAILER=sendmail -t -S smtp.foo.bar -f sender\@foo.bar
+
+## Invalid SSH Login Attempts
+watchfor	/sshd.*(: [iI]nvalid [uU]ser )(.*)( from )(.*)$/
+		threshold track_by=$4,type=both,count=3,seconds=60
+		echo bold red
+
+## Failed SSH Login Attempts
+watchfor	/sshd.*(: [fF]ailed password for )(.*)( from )(.*)( port )(.*)$/
+		threshold track_by=$4,type=both,count=3,seconds=60
+		echo bold red
+
+## Failed SSH Login Attempts
+watchfor	/([aA]uthentication [fF]ailure for [iI]llegal [uU]ser )(.*)( from )(.*)$/
+        	threshold track_by=$4,type=both,count)3,seconds=60
+		echo bold red
+
+
+## Invalid sudo commands 
+watchfor        /sudo:.*[Cc]ommand not allowed/
+                echo bold red
+
+## File system full
+watchfor	/file system full/
+		echo bold blue
+
+## System crashes and halts
+watchfor	/(panic|halt)/
+		echo bold red
+
+## File system errors
+watchfor	/[Mm]edia [Ee]rror/
+		echo bold yellow
+