Swatchdog - Ihe nlele faịlụ ndekọ dị mfe na ezigbo oge na Linux


Swatchdog (Simple WATCH DOG) bụ edemede dị mfe Perl maka nyochaa faịlụ ndekọ na-arụ ọrụ na sistemụ Unix dị ka Linux. Ọ na-elele ndekọ gị dabere na nkwupụta oge niile ị nwere ike ịkọwa na faịlụ nhazi. site na ahịrị iwu ma ọ bụ n'azụ, kewapụrụ na ọdụ ọ bụla site na iji ọnọdụ daemon nhọrọ.

Rịba ama na a na-akpọ mmemme ahụ na mbụ swatch (onye na-ekiri ihe dị mfe) mana arịrịọ nke ụlọ ọrụ nche ochie Switzerland rịọrọ maka mgbanwe aha hụrụ ka onye mmepụta gbanwee aha ya na swatchdog.

N'ụzọ dị mkpa, swatchdog tolitere site na edemede maka ikiri ndekọ nke Unix's syslog facility mepụtara, ọ nwekwara ike nyochaa ụdị ndekọ ọ bụla.

Otu esi etinye Swatch na Linux

Ihe ngwugwu swatchdog dị maka ịwụnye site na ebe nchekwa gọọmentị nke nkesa Linux bụ ngwugwu “swatch” site na njikwa ngwugwu dị ka egosiri.

$ sudo apt install swatch	[On Ubuntu/Debian]
$ sudo yum install epel-release && sudo yum install swatch	[On RHEL/CentOS]
$ sudo dnf install swatch	[On Fedora 22+]

Iji wụnye ụdị swatchdog kacha ọhụrụ, ịkwesịrị iji iwu na-eso na nkesa Linux chịkọta ya site na isi iyi.

$ git clone https://github.com/ToddAtkins/swatchdog.git
$ cd swatchdog/
$ perl Makefile.PL
$ make
$ sudo make install
$ sudo make realclean

Ozugbo i tinyechara swatch, ịkwesịrị ịmepụta faịlụ nhazi ya (ebe ndabere bụ/home/$USER/.swatchdogrc ma ọ bụ .swatchrc), iji chọpụta ụdị ụdị okwu ị ga-achọ na ụdị omume (s) kwesịrị ekwesị. a ga-ewere mgbe a na-atụnyere ụkpụrụ.

$ touch /home/tecmint/.swatchdogrc
OR
$ touch /home/tecmint/.swatchrc

Tinye okwu gị oge niile na faịlụ a na ahịrị ọ bụla kwesịrị ịnwe isiokwu na uru (mgbe ụfọdụ nhọrọ), nke oghere kewara ma ọ bụ akara (=) nhata. Ịkwesịrị ịkọwapụta ụkpụrụ na omume ị ga-eme mgbe ejikọta ụkpụrụ.

Anyị ga-eji faịlụ nhazi dị mfe, ị nwere ike ịchọta nhọrọ ndị ọzọ na ibe swatchdog man, dịka ọmụmaatụ.

watchfor  /sudo/
	echo red
	[email , subject="Sudo Command"

N'ebe a, okwu anyị na-emekarị bụ eriri nkịtị - sudo, pụtara oge ọ bụla eriri sudo pụtara na faịlụ log, a ga-ebipụta ya na njedebe na ederede uhie na mail kọwaa ihe a ga-eme, nke bụ ikwughachi ihe kwekọrọ na ya. ụkpụrụ na ọnụ ọnụ wee zipụ ozi-e na adreesị akọwapụtara, na-anabata ya.

Mgbe ị haziela ya, swatchdog na-agụ/var/log/syslog faịlụ na ndabara, ọ bụrụ na faịlụ a adịghị, ọ na-agụ /var/log/messages.

$ swatch     [On RHEL/CentOS & Fedora]
$ swatchdog  [On Ubuntu/Debian]

Ị nwere ike ezipụta faịlụ nhazi dị iche site na iji ọkọlọtọ -c dị ka egosiri na ihe atụ na-esonụ.

Mbụ mepụta ndekọ nhazi swatch na faịlụ.

$ mkdir swatch
$ touch swatch/secure.conf

Na-esote, tinye nhazi ndị a na faịlụ ahụ iji nyochaa mbọ nbanye na-emezughị, mbọ nbanye SSH dara, nbanye SSH na-aga nke ọma site na faịlụ /var/log/seure log.

watchfor /FAILED/
echo red
[email , subject="Failed Login Attempt"

watchfor /ROOT LOGIN/
echo red
[email , subject="Successful Root Login"

watchfor /ssh.*: Failed password/
echo red
[email , subject="Failed SSH Login Attempt"

watchfor /ssh.*: session opened for user root/ 
echo red
[email , subject="Successful SSH Root Login"

Ugbu a na-agba ọsọ Swatch site na ịkọwa faịlụ nhazi site na iji -c na faịlụ ndekọ site na iji -t ọkọlọtọ dị ka egosiri.

$ swatchdog -c ~/swatch/secure.conf -t /var/log/secure

Iji mee ya n'azụ, jiri ọkọlọtọ --daemon; na ọnọdụ a, a na-ewepụ ya na ọdụ ọ bụla.

$ swatchdog ~/swatch/secure.conf -t /var/log/secure --daemon  

Ugbu a iji nwalee nhazi swatch, gbalịa ịbanye n'ime ihe nkesa site na njedebe dị iche iche, ị na-ahụ mmepụta na-esote na-ebipụta na njedebe ebe Swatchdog na-agba ọsọ.

*** swatch version 3.2.3 (pid:16531) started at Thu Jul 12 12:45:10 BST 2018

Jul 12 12:51:19 tecmint sshd[16739]: Failed password for root from 192.168.0.103 port 33324 ssh2
Jul 12 12:51:19 tecmint sshd[16739]: Failed password for root from 192.168.0.103 port 33324 ssh2
Jul 12 12:52:07 tecmint sshd[16739]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 12 12:52:07 tecmint sshd[16739]: pam_unix(sshd:session): session opened for user root by (uid=0)

Ị nwekwara ike ịme ọtụtụ usoro swatch iji nyochaa faịlụ ndekọ dị iche iche.

$ swatchdog -c ~/site1_watch_config -t /var/log/nginx/site1/access_log --daemon  
$ swatchdog -c ~/messages_watch_config -t /var/log/messages --daemon
$ swatchdog -c ~/auth_watch_config -t /var/log/auth.log --daemon

Maka ozi ndị ọzọ, lelee ibe swatchdog man.

$ man swatchdog

Ebe nchekwa Swatchdog SourceForge: https://sourceforge.net/projects/swatch/

Ndị a bụ ụfọdụ ntuziaka nleba anya ndekọ ndekọ nke ị ga-ahụ na ọ bara uru:

  1. Ụzọ 4 iji lelee ma ọ bụ nyochaa faịlụ ndekọ na ezigbo oge
  2. Otu esi emepụta ihe nkesa nbanye na Rsyslog
  3. Nyochaa ihe nkesa na-abanye n'oge na-eji \Log.io Ngwa
  4. lnav – Lelee ma nyochaa ndekọ ndekọ Apache site na Linux Terminal
  5. ngxtop – Nyochaa Nginx Log Files na ezigbo oge na Linux

Swatchdog bụ ngwa nlekota faịlụ ndekọ dị mfe maka sistemụ Unix dịka Linux. Gbalịa ya wee kesaa echiche gị ma ọ bụ jụọ ajụjụ ọ bụla na ngalaba nkọwa.