Posted on 2009/02/26 10:58
Filed Under 리눅스기술문서/팁앤테크 조회수: view 7905

#

# Swatch configuration file for Linux box

#

# Last Modified 7 April, 2000

# Lance Spitzner

#

# swatch -c /etc/swatchrc -t /var/log/messages

#

### Snort honeypot alerts from firewall

watchfor /IDS/

echo bold

mail addressess=admin,subject=— Snort IDS Alert —

exec echo $0 >> /var/log/IDS-scans

throttle 01:00 use=IDS27


watchfor /PORTSCAN DETECTED/

echo bold

mail addresses=admin,subject=— Snort Port Scan Alert —

exec echo $0 >> /var/log/IDS-scans


### DNS zone transfers

watchfor /approved AXFR/

echo bold

mail addresses=admin,subject=— Zone transfer Alert —

exec echo $0 >> /var/log/IDS-scans


#########################################################

#       EXAMPLES    #
#########################################################


### Bad login attempts

# watchfor   /failed/

#        echo bold

#        mail addressess=root,subject=Failed Authentication


### Some is sniffing!

# watchfor   /promiscuous/

#        echo bold

#        mail addressess=root,subject=Someone is sniffing the network!


### Ignore this stuff

# ignore   /sendmail/,/nntp/,/xntp|ntpd/,/faxspooler/


### Kernel problems or system reboots

# watchfor   /(panic|halt|SunOS Release)/

#        echo bold

#        mail addresses=root,subject=System Panic,Halt, or Reboot!


# watchfor   /file system full/

#        echo bold

#        mail addresses=root,subject=File system Full

#        throttle 01:00


# watchfor   /su:/

#        echo bold

#        mail addresses=root,subject=Someone sued to root access

Writer profile
author image
-아랑 -
2009/02/26 10:58 2009/02/26 10:58

트랙백 주소 : 이 글에는 트랙백을 보낼 수 없습니다

About

by 서진우
Twitter :@muchunalang

Counter

• Total
: 4315360
• Today
: 1168
• Yesterday
: 1625