Swatchdog - Oluwo Oluṣakoso Wọle Rọrun ni Akoko Gidi ni Linux

Swatchdog (awọn\"Simple AYE DOG") jẹ iwe afọwọkọ Perl ti o rọrun fun mimojuto awọn faili log ti nṣiṣe lọwọ lori awọn eto irufẹ Unix bii Linux. O n wo awọn akọọlẹ rẹ da lori awọn ọrọ deede ti o le ṣalaye ninu faili iṣeto kan. O le ṣiṣe lati laini aṣẹ tabi ni abẹlẹ, ti ya kuro ni eyikeyi ebute nipa lilo aṣayan ipo daemon.

Akiyesi pe a pe ni akọkọ eto naa swatch (awọn\"Oluwo Simple") ṣugbọn ibeere nipasẹ ile-iṣọ atijọ ti Switzerland fun iyipada orukọ kan ri pe olupilẹṣẹ naa yi orukọ rẹ pada si swatchdog.

Ni pataki, swatchdog ti dagba lati iwe afọwọkọ kan fun wiwo awọn akọọlẹ ti a ṣe nipasẹ apo-iṣẹ syslog ti Unix, ati pe o le ṣe atẹle nipa eyikeyi iru awọn àkọọlẹ.

Bii o ṣe le Fi Swatch sinu Linux

Swatchdog package wa lati fi sori ẹrọ lati awọn ibi ipamọ osise ti awọn pinpin kaakiri Linux bi package “swatch” nipasẹ oluṣakoso package bi o ti han.

$ sudo apt install swatch	[On Ubuntu/Debian]
$ sudo yum install epel-release && sudo yum install swatch	[On RHEL/CentOS]
$ sudo dnf install swatch	[On Fedora 22+]

Lati fi ẹya tuntun ti swatchdog sori ẹrọ, o nilo lati ṣajọ lati orisun nipa lilo awọn ofin atẹle ni eyikeyi pinpin Linux.

$ git clone https://github.com/ToddAtkins/swatchdog.git
$ cd swatchdog/
$ perl Makefile.PL
$ make
$ sudo make install
$ sudo make realclean

Lọgan ti o ba ti fi swatch sori ẹrọ, o nilo lati ṣẹda faili iṣeto rẹ (ipo aiyipada ni /home/ $USER/.swatchdogrc tabi .swatchrc), lati pinnu iru awọn ọna ikosile lati wa ati iru iṣe (s) yẹ wa ni ya nigbati apẹẹrẹ baamu.

$ touch /home/tecmint/.swatchdogrc
OR
$ touch /home/tecmint/.swatchrc

Ṣafikun ikosile deede rẹ ninu faili yii ati laini kọọkan yẹ ki o ni koko ati iye (nigbakan jẹ aṣayan), yapa nipasẹ aaye kan tabi aami dogba (=) . O nilo lati ṣalaye apẹrẹ kan ati iṣẹ kan (s) lati mu nigbati apẹẹrẹ baamu.

A yoo lo faili iṣeto ti o rọrun, o le wa awọn aṣayan diẹ sii ni oju-iwe eniyan swatchdog, fun apẹẹrẹ.

watchfor  /sudo/
	echo red
	[email , subject="Sudo Command"

Nibi, ikosile wa deede jẹ okun gangan - “sudo”, tumọ si nigbakugba ti okun sudo ba han ninu faili log, yoo tẹjade si ebute ni ọrọ pupa ati meeli ṣe afihan iṣẹ ti o yẹ lati ṣe, eyiti o jẹ lati sọ iwoyi ti o baamu apẹẹrẹ lori ebute naa ki o firanṣẹ imeeli si adirẹsi ti a ti sọ tẹlẹ, ni gbigba.

Lẹhin ti o ti tunto rẹ, swatchdog ka faili/var/log/syslog nipasẹ aiyipada, ti faili yii ko ba si, o ka/var/log/awọn ifiranṣẹ.

$ swatch     [On RHEL/CentOS & Fedora]
$ swatchdog  [On Ubuntu/Debian]

O le ṣọkasi faili iṣeto oriṣiriṣi oriṣiriṣi nipa lilo asia -c bi o ṣe han ninu apẹẹrẹ atẹle.

Ni akọkọ ṣẹda itọsọna iṣeto swatch ati faili kan.

$ mkdir swatch
$ touch swatch/secure.conf

Nigbamii, ṣafikun iṣeto atẹle ni faili lati ṣe atẹle awọn igbiyanju wiwọle iwọle ti o kuna, awọn igbiyanju iwọle SSH ti o kuna, awọn ibuwolu wọle aṣeyọri SSH lati faili faili/var/log/to ni aabo.

watchfor /FAILED/
echo red
[email , subject="Failed Login Attempt"

watchfor /ROOT LOGIN/
echo red
[email , subject="Successful Root Login"

watchfor /ssh.*: Failed password/
echo red
[email , subject="Failed SSH Login Attempt"

watchfor /ssh.*: session opened for user root/ 
echo red
[email , subject="Successful SSH Root Login"

Bayi ṣiṣe Swatch nipa sisọ faili iṣeto ni lilo -c ati faili log ni lilo asia -t bi o ti han.

$ swatchdog -c ~/swatch/secure.conf -t /var/log/secure

Lati ṣiṣẹ ni abẹlẹ, lo asia --daemon ; ni ipo yii, o ti ya kuro ni ebute eyikeyi.

$ swatchdog ~/swatch/secure.conf -t /var/log/secure --daemon

Bayi lati ṣe idanwo iṣeto swatch, gbiyanju lati buwolu wọle sinu olupin lati oriṣi ebute oriṣiriṣi, o wo abajade atẹle ti a tẹ si ebute nibiti Swatchdog n ṣiṣẹ.

*** swatch version 3.2.3 (pid:16531) started at Thu Jul 12 12:45:10 BST 2018

Jul 12 12:51:19 tecmint sshd[16739]: Failed password for root from 192.168.0.103 port 33324 ssh2
Jul 12 12:51:19 tecmint sshd[16739]: Failed password for root from 192.168.0.103 port 33324 ssh2
Jul 12 12:52:07 tecmint sshd[16739]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 12 12:52:07 tecmint sshd[16739]: pam_unix(sshd:session): session opened for user root by (uid=0)

O tun le ṣiṣe ọpọlọpọ awọn ilana swatch lati ṣe atẹle ọpọlọpọ awọn faili log.

$ swatchdog -c ~/site1_watch_config -t /var/log/nginx/site1/access_log --daemon  
$ swatchdog -c ~/messages_watch_config -t /var/log/messages --daemon
$ swatchdog -c ~/auth_watch_config -t /var/log/auth.log --daemon

Fun alaye diẹ sii, ṣayẹwo oju-iwe eniyan swatchdog.

$ man swatchdog

Ibi ipamọ Swatchdog SourceForge: https://sourceforge.net/projects/swatch/

Atẹle yii jẹ diẹ ninu awọn itọsọna ibojuwo iforukọsilẹ ti iwọ yoo rii wulo:

  1. Awọn ọna 4 lati Wo tabi Bojuto Awọn faili Wọle ni Aago Gẹẹsi
  2. Bii o ṣe Ṣẹda Olupin Wọle Aarin pẹlu Rsyslog
  3. Atẹle Awọn akọọlẹ Server ni Akoko-gidi pẹlu\"Log.io" Ọpa
  4. lnav - Wo ati Ṣe itupalẹ Awọn àkọọlẹ Afun lati Ibudo Linux kan
  5. ngxtop - Atẹle Awọn faili Wọle Nginx ni Akoko Gidi ni Linux

Swatchdog jẹ irinṣẹ ibojuwo faili ti nṣiṣe lọwọ ti n ṣetọju fun awọn eto bii Unix bii Lainos. Gbiyanju o jade ki o pin awọn ero rẹ tabi beere eyikeyi ibeere ni apakan awọn ọrọ.