swatch/Debianの自動起動設定 の変更点

• 追加された行はこの色です。
• 削除された行はこの色です。
• swatch/Debianの自動起動設定 へ行く。
• swatch/Debianの自動起動設定 の差分を削除

#author("2020-11-04T04:57:12+00:00","default:src128","src128")
&tag(swatch/Debianの自動起動設定);
*目次 [#ue0fae44]
#contents
*関連ページ [#u2750be0]
*参考情報 [#c0aef3c7]


*Debian 8 Jessieの自動起動設定 [#k7ac5331]

-[[Swatchでログを監視して、攻撃に合わせた対策を自動で実行する方法 | OXY NOTES:https://oxynotes.com/?p=7534]]が参考になる。
-/etc/init.d/swatchを作成
#pre{{
### BEGIN INIT INFO
# Provides:          src
# Required-Start:    $local_fs
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: swatch
### END INIT INFO


# Source function library.
#. /etc/rc.d/init.d/functions
 
PATH=/sbin:/usr/local/bin:/bin:/usr/bin
 
mkdir -p /var/log/swatch
 
start() {
     # Start daemons.
     ls /var/run/swatch_*.pid > /dev/null 2>&1
     if [ $? -ne 0 ]; then
          echo -n "Starting swatch"
          pno=0
          for conf in /etc/swatch/*.conf
          do
               pno=`expr $pno + 1`
               WATCHLOG=`grep "^# logfile" $conf | awk '{ print $3 }'`
               swatch --config-file $conf --tail-file $WATCHLOG \
               --script-dir=/tmp --awk-field-syntax --use-cpan-file-tail --daemon \
               --pid-file /var/run/swatch_$pno.pid \
               >> /var/log/swatch/swatch.log 2>&1
               RETVAL=$?
               [ $RETVAL != 0 ] && return $RETVAL
          done
          echo
          [ $RETVAL = 0 ] && touch /var/lock/subsys/swatch
          return $RETVAL
     else
          echo "swatch is already started"
     fi
}
 
stop() {
     # Stop daemons.
     ls /var/run/swatch_*.pid > /dev/null 2>&1
     if [ $? -eq 0 ]; then
          echo -n "Shutting down swatch"
          for pid in /var/run/swatch_*.pid
          do
               kill $(cat $pid)
               rm -f $pid
          done
          echo
          rm -f /var/lock/subsys/swatch /tmp/.swatch_script.*
     else
          echo "swatch is not running"
     fi
}
 
status() {
     ls /var/run/swatch_*.pid > /dev/null 2>&1
     if [ $? -eq 0 ]; then
          echo -n "swatch (pid"
          for pid in /var/run/swatch_*.pid
          do
               echo -n " `cat $pid`"
          done
          echo ") is running..."
     else
          echo "swatch is stopped"
     fi
}
 
case "$1" in
     start)
             start
             ;;
     stop)
             stop
             ;;
     restart)
          stop
          start
          ;;
     status)
          status
          ;;
     *)
          echo "Usage: swatch {start|stop|restart|status}"
          exit 1
esac
 
exit $RETVAL
}}
-以下のコマンドも
 chmod 755 /etc/init.d/swatch
 update-rc.d swatch defaults
-/etc/swatch/swatch.confを作成。自作スクリプトに全行を渡す場合。
#pre{{
# logfile /var/log/apache2/access.log

watchfor /.*/
         exec /root/bin/logchecker.rb '$_'

}}