Re: light IDS

To: debian-russian@lists.debian.org
Subject: Re: light IDS
From: Mikolaj Golub <golub@inec.kharkov.com>
Date: Tue, 31 Jan 2006 09:20:58 +0200
Message-id: <[🔎] 87fyn4rhgl.fsf@zhuzha.inec.private>
In-reply-to: <[🔎] 61934139@tigger.lan.cryptocom.ru> (Artem Chuprina's message of "Mon, 30 Jan 2006 17:17:24 +0300")
References: <[🔎] 43DE01A5.2010000@cs.msu.su> <[🔎] 87k6chrguh.fsf@zhuzha.inec.private> <[🔎] 61934139@tigger.lan.cryptocom.ru>

On Mon, 30 Jan 2006 17:17:24 +0300 Artem Chuprina wrote:

 MG>> tail -f /var/log/messages | awk '/.../ {system "..."}'

 MG>> Только нужно перезапускать при ротации лога. Или через пайп. Например, в
 MG>> /etc/syslog.conf:

 MG>> auth,authpriv.* |/var/log/fifo

 MG>> Делаем:

 MG>> mkfifo /var/log/fifo
 MG>> awk '/sudo:.*COMMAND=\/bin\/ls/ {system ("echo ls command run")}' /var/log/fifo

 MG>> Проверяем:
 MG>> sudo ls

 AC> Здесь тоже придется перезапускать при ротации.

Угу. Точно. Поправимся :-)

     while awk '/.../ {system (...)}' /var/log/fifo; do : ;done

-- 
to my, trociny

Reply to:

References:
- light IDS
  - From: Alexander Gerasiov <gq@cs.msu.su>
- Re: light IDS
  - From: Mikolaj Golub <golub@inec.kharkov.com>
- Re: light IDS
  - From: Artem Chuprina <ran@ran.pp.ru>

Prev by Date: Re: Снять образ сидюка
Next by Date: Re: Снять образ сидюка
Previous by thread: Re: light IDS
Next by thread: Re: light IDS
Index(es):
- Date
- Thread