diff options
Diffstat (limited to 'main/swatch')
-rw-r--r-- | main/swatch/APKBUILD | 58 | ||||
-rw-r--r-- | main/swatch/swatch.confd | 8 | ||||
-rwxr-xr-x | main/swatch/swatch.initd | 50 | ||||
-rw-r--r-- | main/swatch/swatchrc | 103 |
4 files changed, 219 insertions, 0 deletions
diff --git a/main/swatch/APKBUILD b/main/swatch/APKBUILD new file mode 100644 index 0000000000..9d06df638e --- /dev/null +++ b/main/swatch/APKBUILD @@ -0,0 +1,58 @@ +# Contributor: Mika Havela <mika.havela@gmail.com> +# Maintainer: Mika Havela <mika.havela@gmail.com> +pkgname=swatch +pkgver=3.2.3 +pkgrel=0 +pkgdesc="Logfile monitoring tool" +url="http://sourceforge.net/projects/swatch/" +license="GPL" +depends="perl perl-date-calc perl-date-format perl-date-manip perl-file-tail perl-carp-clan" +makedepends="perl-dev" +install= +subpackages="$pkgname-doc" +source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz + swatch.initd + swatch.confd + swatchrc" + +_builddir="$srcdir"/$pkgname-$pkgver + +prepare() { + cd "$_builddir" +} + +build() { + cd "$_builddir" + PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1 + make || return 1 + make test || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR="$pkgdir" install + make realclean || return 1 + + # remove perllocal.pod and .packlist + find "$pkgdir" -name perllocal.pod -delete + find "$pkgdir" -name .packlist -delete + + +#echo "pkdir= $pkgdir" +#echo "srcdir= $srcdir" + + mkdir -p "$pkgdir"/etc/init.d/ + mkdir -p "$pkgdir"/etc/conf.d/ + mkdir -p "$pkgdir"/etc/$pkgname/ + + cp "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname + cp "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname + cp "$srcdir"/${pkgname}rc "$pkgdir"/etc/$pkgname/${pkgname}rc + + chmod 755 "$pkgdir"/etc/init.d/$pkgname +} + +md5sums="1162f1024cf07fc750ed4960d61ac4e8 swatch-3.2.3.tar.gz +cc99f0831b4a069f90fdedee82495523 swatch.initd +a02a10a0266781a1ce16cc3b5e84968c swatch.confd +8a92d37f96982030e0283dc7fe706da8 swatchrc" diff --git a/main/swatch/swatch.confd b/main/swatch/swatch.confd new file mode 100644 index 0000000000..5cbdc0a205 --- /dev/null +++ b/main/swatch/swatch.confd @@ -0,0 +1,8 @@ +## tail-args +# Arguments for tail program +tailargs="-n 0 -F" + +## script-dir +# This switch causes the temporary watcher script to be written to a file in the specified directory rather than the user's home directory. +# It is highly advised that you do NOT use directories that are writable by others such as /tmp. +scriptdir="/tmp/swatch" diff --git a/main/swatch/swatch.initd b/main/swatch/swatch.initd new file mode 100755 index 0000000000..ec625e4026 --- /dev/null +++ b/main/swatch/swatch.initd @@ -0,0 +1,50 @@ +#!/sbin/runscript + +# swatch init.d file for alpine linux. + +name=swatch +daemon=/usr/bin/$name +configfile=/etc/${name}/swatchrc +tailfile=/var/log/messages + +SVC="${SVCNAME#*.}" +if [ -n "${SVC}" ] && [ "${SVCNAME}" != "${name}" ]; then + SVCPID="${name}.${SVC}.pid" + configfile="${configfile}.${SVC}" + tailfile=$(find /var/log -name "${SVC}" | head -1) + [ ! "${tailfile}" ] && tailfile="/var/log/${SVC}" +else + SVCPID="${name}.pid" +fi + +depend() { +# need net + after syslog +} + +start() { + ebegin "Starting ${name}" + einfo "Preparing to monitor ${tailfile}" + if [ ! -e "${tailfile}" ]; then + eerror "${tailfile} does not exist" + return 1 + fi + if [ ! -e "${configfile}" ]; then + eerror "Configfile ${configfile} is missing" + return 1 + fi + mkdir -p "${scriptdir}" + start-stop-daemon --start --quiet --background \ + --make-pidfile --pidfile /var/run/${SVCPID} \ + --exec ${daemon} -- \ + --config-file="${configfile}" --script-dir="${scriptdir}" \ + --tail-file="${tailfile}" --tail-args="${tailargs}" + eend $? +} + +stop() { + ebegin "Stopping ${name}" + kill $(ps | grep .swatch_script.$(cat /var/run/${SVCPID}) | grep -v 'grep' | awk '{ print $1}') + eend $? +} + diff --git a/main/swatch/swatchrc b/main/swatch/swatchrc new file mode 100644 index 0000000000..3ea2615a94 --- /dev/null +++ b/main/swatch/swatchrc @@ -0,0 +1,103 @@ +############################################################################### +### Swatch example config +# +# The configuration file is used by the swatch(8) program to determine what +# types of expression patterns to look for and what type of action(s) should be +# taken when a pattern is matched. +# Each line should contain a keyword and a, sometimes optional, value for that +# keyword. The keyword and value are separated by a space or an equal (=) sign. +# +# watchfor regex +# ignore regex +# +# echo [modes] +# Echo the matched line. The text mode may be normal, bold, underscore, +# blink, inverse, black, red, green, yellow, blue, magenta, cyan, white, +# black_h, red_h, green_h, yellow_h, blue_h, magenta_h, cyan_h, +# and/or white_h. The _h colors specify a highlighting color. The other +# colors are assigned to the letters. Some modes may not work on some +# terminals. Normal is the default. +# bell [N] +# Echo the matched line, and send a bell N times (default = 1). +# exec command +# Execute command. The command may contain variables which are substituted +# with fields from the matched line. A $N will be replaced by the Nth field +# in the line. A $0 or $* will be replaced by the entire line. +# mail [addresses=address:address:...][,subject=your_text_here] +# Send mail to address(es) containing the matched lines as they appear +# (default address is the user who is running the program). +# pipe command[,keep_open] +# Pipe matched lines into command. Use the keep_open option to force the +# pipe to stay open until a different pipe action is run or until swatch +# exits. +# write [user:user:...] +# Use write(1) to send matched lines to user(s). +# threshold track_by=key, type=<limit|threshold|both, count=number, seconds=number> +# Thresholding can be done for the complete watchfor block and/or for +# individual actions. Add ``threshold=on'' as an option along with the other +# threshold options when thresholding an individual action. +# track_by +# The value of this should be something that is unique to the +# watchfor regular expression. Tip: enclose unique parts of the +# regular expression in parentheses, then use the sub matches as +# part of the value (e.g. track_by=``$2:$4''). +# type +# There are three types of thresholding. They are as follows: +# limit +# Perform action(s) for the first "count`` matches during +# the time interval specified by ''seconds", then ignore +# events for the rest of the time interval (kind of like +# throttle) +# threshold +# Perform action(s) on each match for up to count matches +# during the time interval specified by seconds +# both +# Perform actions(s) once per time interval after "count`` +# matches occur, then ignore additional matches during the +# time interval specified by ''seconds" +# continue +# Use this action to cause swatch to continue to try to match other +# pattern/action groups after it is done with the current pattern/action +# block. +# quit +# Use this action to cause swatch to clean up and quit immediately. +############################################################################### + +## Successful SSH Login Attempts +watchfor /sshd.*(: [aA]ccepted)(.*)( from )(.*)( port .*)$/ + threshold track_by=$4,type=limit,count=1,seconds=60 + echo bold green + #mail='receiver@foo.bar',SUBJECT=sshd: Accepted connection,MAILER=sendmail -t -S smtp.foo.bar -f sender\@foo.bar + +## Invalid SSH Login Attempts +watchfor /sshd.*(: [iI]nvalid [uU]ser )(.*)( from )(.*)$/ + threshold track_by=$4,type=both,count=3,seconds=60 + echo bold red + +## Failed SSH Login Attempts +watchfor /sshd.*(: [fF]ailed password for )(.*)( from )(.*)( port )(.*)$/ + threshold track_by=$4,type=both,count=3,seconds=60 + echo bold red + +## Failed SSH Login Attempts +watchfor /([aA]uthentication [fF]ailure for [iI]llegal [uU]ser )(.*)( from )(.*)$/ + threshold track_by=$4,type=both,count)3,seconds=60 + echo bold red + + +## Invalid sudo commands +watchfor /sudo:.*[Cc]ommand not allowed/ + echo bold red + +## File system full +watchfor /file system full/ + echo bold blue + +## System crashes and halts +watchfor /(panic|halt)/ + echo bold red + +## File system errors +watchfor /[Mm]edia [Ee]rror/ + echo bold yellow + |