|
|
|
Category Category |
|
|
swatch¸¦ ÀÌ¿ëÇØ ·Î±×ÆÄÀÏÀ» ½Ç½Ã°£À¸·Î ¸ð´ÏÅÍÇØ º¸ÀÚ. |
|
# ¸®´ª½º/À¯´Ð½º 2006-08-29 16:24
|
|
|
ÀÌ»ó¿ë
|
|
|
|
|
Swatch¶õ
swatch(The Simple Watcher and filer) ´Â ÆÞ·Î ÀÛ¼ºµÈ ½Ç½Ã°£ ·Î±× ¸ð´ÏÅ͸µ ÅøÀÌ´Ù.
·Î±×¸¦ ¸ð´ÏÅÍÇÏ¸é¼ Æ¯Á¤ ÆÐÅÏ¿¡ ¹ÝÀÀÇØ ¿äûÇÑ ÀÛ¾÷µéÀ» ÇØ ÁÙ¼ö ÀÖ´Ù.(ÄܼÖÃâ·Â,¸ÞÀÏÀü¼Ûµî)
¼³Ä¡³ª °ü¸®µîÀÌ °£ÆíÈ÷ ¿¹ÀüºÎÅÍ ¸¹ÀÌ »ç¿ëµÇ´Â ·Î±× ¸ð´ÏÅ͸µ ÅøÀÌ´Ù.
¼³Ä¡Çϱ⿡ ¾Õ¼
·Î±×¸¦ ¸ð´ÏÅÍÇÏ·Á¸é ´ç¿¬È÷ ·Î±× ±â·ÏÀÌ ÀÖ¾î¾ß ÇÑ´Ù.
/var/log/syslog³ª /var/log/messages ÆÄÀÏÀÌ Á¸ÀçÇÏ´ÂÁö, ±×¸®°í ·Î±×°¡ ½×ÀÌ°í ÀÖ´ÂÁö ºÎÅÍ È®ÀÎÀ» ÇØ¾ß ÇÑ´Ù.
±×¸®°í ´ç¿¬È÷ ÆÞÀÌ ¼³Ä¡µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù.
Swatch ´Ù¿î¹Þ±â
´Ù¿î : http://www.oit.ucsb.edu/~eta/swatch/
http://sourceforge.net/projects/swatch/ <== ÇöÀç´Â ÀÌ°÷¿¡¼ ¹ÞÀ»¼ö ÀÖ´Ù.
´Ù¿îÀ» ¹Þ¾Æº¸´Ï swatch-3.0.8 ÀÌ ÃֽŹöÀüÀÌ´Ù.
Swatch ¼³Ä¡Çϱâ
ÇØ´ç ÆÄÀÏÀ» Ç®°í ³µÚ /usr/local·Î mv¸¦ ½ÃÄÑ µÐ´Ù.
[root@dream swatch-3.0.8]# perl Makefile.PL
Checking if your kit is complete...
Looks good
Warning: prerequisite Date::Calc 0 not found.
Warning: prerequisite Date::Parse 0 not found.
Writing Makefile for swatch
swatch´Â Date::Calc Date::Parse File::Tail Time::HiRes ÀÇ ÆÞ ¸ðµâÀÌ ÇÊ¿äÇѵ¥..
Date::Calc, Date::ParseÀÌ ¾ø´Ù°í ³ª¿À°í ÀÖ´Ù.
¿ì¼± ÀÌµé ¸ðµâºÎÅÍ ¼³Ä¡¸¦ ÇØ¾ß ÇÑ´Ù.
http://search.cpan.org ·Î °¡¼ ¿ì¼± Date::Calc·Î °Ë»öÇØ Date-Calc-5.3¸¦ ´Ù¿î ¹ÞÀ»¼ö ÀÖ´Ù.
±×¸®°í Date::Parse·Î °Ë»öÇÑÈÄ ³ªÅ¸³ª´Â TimeDate-1.16 ¸¦ ´Ù¿î ¹Þ´Â´Ù.
tar·Î Ç®°í ³µÚ
[root@dream Date-Calc-5.3]# perl Makefile.PL
Checking if your kit is complete...
Looks good
Warning: prerequisite Bit::Vector 5.7 not found.
Writing Makefile for Date::Calc
Writing patchlevel.h for /usr/bin/perl (5.008)
Çϸé À§¿¡¼ WarningÀÌ ¶ß´Âµ¥.. ¹«½ÃÇصµ »ó°üÀÌ ¾ø´Ù.(INSTALL ¹®¼ ÂüÁ¶)
[root@dream Date-Calc-5.3]# make
[root@dream Date-Calc-5.3]# make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/f000....ok
.........(»ý·«)
t/m004....ok
t/m005....FAILED test 5
Failed 1/30 tests, 96.67% okay
t/m006....ok
t/m007....skipped
all skipped: no reason given
t/m008....skipped
all skipped: no reason given
t/m009....skipped
all skipped: no reason given
t/m010....skipped
all skipped: no reason given
t/m011....ok
Failed Test Stat Wstat Total Fail Failed List of Failed
-------------------------------------------------------------------------------
t/m005.t 30 1 3.33% 5
4 tests skipped.
Failed 1/48 test scripts, 97.92% okay. 1/2436 subtests failed, 99.96% okay.
make: *** [test_dynamic] ¿À·ù 29
100%·Î ¾ÈµÇ³ª ±×³É install ½ÃÅ´(¹öÀü¸¶´Ù ¾à°£¾¿ Â÷ÀÌ°¡ ÀÖÀ½)
[root@dream Date-Calc-5.3]# make install
[root@dream Date-Calc-5.3]# make realclean
À§¿Í µ¿ÀÏÇÏ°Ô ½ÇÇàÇÏ¸é µÈ´Ù.
[root@dream TimeDate-1.16]# Makefile.PL
[root@dream TimeDate-1.16]# make
[root@dream TimeDate-1.16]# make test
[root@dream TimeDate-1.16]# make install
[root@dream TimeDate-1.16]# make realclean
ÆÞ ¸ðµâÀ» ¸ðµÎ ¼³Ä¡ÈÄ ´Ù½Ã swatch·Î °¡¼
[root@dream rpm]# cd swatch-3.0.8/
[root@dream swatch-3.0.8]# perl Makefile.PL
Writing Makefile for swatch
¿¡·¯ ¾øÀÌ MakefileÀ» ½ÇÇàÇÑ´Ù..
[root@dream swatch-3.0.8]# make
[root@dream swatch-3.0.8]# make test
.........
t/01cpan_modules....Can't locate File/Tail.pm in @INC (@INC contains:....
BEGIN failed--compilation aborted at t/01cpan_modules.t line 8.
t/01cpan_modules....dubious
Test returned status 2 (wstat 512, 0x200)
DIED. FAILED test 1
Failed 1/1 tests, 0.00% okay
Failed Test Stat Wstat Total Fail Failed List of Failed
-------------------------------------------------------------------------------
t/01cpan_modules.t 2 512 1 1 100.00% 1
Failed 1/1 test scripts, 0.00% okay. 1/1 subtests failed, 0.00% okay.
make: *** [test_dynamic] ¿À·ù 2
ÀÌó·³ ¶Ç ¿¡·¯°¡ ¹ß»ýÇÑ´Ù..
File::Tail ¸ðµâÀ» ¼³Ä¡¸¦ ¾ÈÇϼ ±×·±°Í °°´Ù..
À§ÀÇ ÆÞ ¸ðµâ ¼³Ä¡¸¦ ÂüÁ¶ÇÏ¿© File::Tail ¸¦ ´Ù½Ã ±ñ´Ù.(File-Tail-0.98.tar.gz¸¦ ´Ù¿î ¹Þ¾Æ¼ ¼³Ä¡ÇÏ¸é µÈ´Ù.)
¼³Ä¡ÈÄ ´Ù½Ã µ¿ÀÏÇÏ°Ô swatch¸¦ make ÇØ ÁØ´Ù.
[root@dream swatch-3.0.8]# perl Makefile.PL
[root@dream swatch-3.0.8]# make
[root@dream swatch-3.0.8]# make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/01cpan_modules....ok
All tests successful.
Files=1, Tests=1, 0 wallclock secs ( 0.08 cusr + 0.01 csys = 0.09 CPU)
[root@dream swatch-3.0.8]# make install
[root@dream swatch-3.0.8]# make realclean
À̷νá swatch ¼³Ä¡°¡ ³¡³´Ù.
Swatch ¼³Á¤Çϱâ
¿ì¼± ÇØ´ç µð·ºÅ丮 ¹Ø¿¡ .swatchrc ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.
[root@dream swatch-3.0.8]# vi .swatchrc
watchfor /su/
echo=bold
±×¸®°í ÀÌó·³ °£´ÜÈ÷ ÀÔ·ÂÇØ ÀúÀåÇØ º¸ÀÚ.
À§´Â su¸í·É¾î¸¦ »ç¿ëÇÒ °æ¿ì ÄÜ¼Ö»ó¿¡ ±½°Ô ¸Þ¼¼Áö¸¦ º¸¿©ÁÖ°Ô µÈ´Ù.
±×·³ ¿©±â¼ Àá±ñ swatchrc¿¡¼ »ç¿ëµÇ´Â ¸í·É¾î¸¦ ¾Ë¾Æº¸ÀÚ.
watchfor : ÀÌ°ÍÀº swatch¿¡¼ °¨½ÃÇÒ ·Î±×ÀÇ ¸í·É¾îÀÌ´Ù. À§¿¡¼´Â /Priority\: 1/ snort ·Î±×Áß ¿ì¼±¼øÀ§°¡ 1ÀÎ(snort ·Î±× ±â·Ï½Ã Priority: 1·Î Ç¥±âµÇ´Â) ÆÐÅÏÀ» Àâ¾Æ³»´Â °ÍÀÌ´Ù. ¾ÕµÚ¿¡ / /¸¦ »ç¿ëÇØ ÁÖ¾î¾ß ÇÑ´Ù.
echo : ÀÏÄ¡ÇÏ´Â ¶óÀÎÀ» Âï¾îÁÖ´Â ¸í·É¾îÀÌ´Ù. bold,inverse,under-score °°Àº °ªµéÀÌ ¿Ã¼ö ÀÖ´Ù.
exec : ¿ÜºÎ ÇÁ·Î±×·¥À» ½ÇÇàÇÒ¶§ »ç¿ëµÇ´Â ¸í·É¾îÀÌ´Ù.(°æ·Î¸íÀº Àý´ë°æ·Î·Î..) ¿ÜºÎ¸í·É¾î ½ÇÇà½Ã $NÀ̳ª $0À» »ç¿ëÇØ¾ß ÇÑ´Ù.
½ÇÇà½Ã Àâ¾Æ¿À´Â °á°ú¹°Áß Æ¯Á¤¶óÀÎÀ» °¡Á®¿À·Á¸é $NÀ» »ç¿ëÇÏ°í, $0À̳ª $*´Â Àüü ¶óÀÎÀ» °¡Á®¿Â´Ù.
mail : ÇØ´ç °èÁ¤À¸·Î ¸ÞÀÏÀ» º¸³¾¼ö ÀÖ´Â ¸í·É¾îÀÌ´Ù. /etc/aliases¿¡ ±×·ìÀ» Ãß°¡Çϸé ÇØ´ç ±×·ìÀ¸·Î ¸ÞÀÏÀ» º¸³¾¼öµµ ÀÖ´Ù.
throttle : ½ÇÇàµÇ´Â °æ°íÀÇ ¼ö¸¦ Á¦ÇÑÇÏ´Â ¸í·É¾î·Î, ½Ã°£À» ÁöÁ¤Çϸé ÇØ´ç ½Ã°£µ¿¾È µ¿ÀÏÇÑ °æ°í ¸Þ¼¼Áö¸¦ º¸³»Áö ¾Ê´Â´Ù. ¼¹ö ºÎÇϳª ¸ÞÀϺÎÇϸ¦ ¸·¾ÆÁÖ±â À§ÇØ »ç¿ëµÈ´Ù.
(Çü½ÄÀº HH:MM:SS (½Ã:ºÐ:ÃÊ)·Î ³ªÅ¸³½´Ù.
¿¹¸¦ µé¾î throttle 5:00 0:16
À̸é 5ºÐµ¿¾È ÇØ´ç ÆÐÅÏ¿¡ ´ëÇÑ °æ°í ¸Þ¼¼Áö¸¦ ¹Ýº¹ÇÏÁö ¾Ê´Â´Ù.
0:16Àº ŸÀÓ½ºÅÆÇÁÀÇ À§Ä¡¿Í ±æÀ̸¦ ³ªÅ¸³½´Ù.
¿¹¹®À» ¸î°³ µé¾îº¸¸é..
watchfor /Priority\: 1/
echo=normal
exec /usr/local/bin/qpage -f test@domain.com -p IDS_admin '$0'
throttle 00:00:10
À§´Â ¼¾µå¸ÞÀÏ ´ë½Å¿¡ qpage¶ó´Â ´ë½ÅÇØ test@domain.com À̶ó´Â À̸ÞÀÏ ÁÖ¼Ò·Î IDS_admin¿¡°Ô ¸ÞÀÏÀ» º¸³»°Ô µÈ´Ù.
qpage·Î °æ°í ¹®±¸¸¦ ³Ñ±â±â À§ÇØ $0À» »ç¿ëÇßÀ¸¸ç, Priority: 1 À̶ó´Â ÆÐÅÏÀÌ 10ÃÊÀÌÀü¿¡ ¹ß»ýÇÏ¸é ¹«½ÃÇÏ°Ô µÈ´Ù.
(¸¸ÀÏ qpage¿¡ °üÇØ ¾Ë°í ½Í´Ù¸é, http://www.qpage.org ¸¦ Âü°íÇϱ⠹ٶõ´Ù.)
watchfor /Prioriy\: 2/
echo=bold,bell 5
À§´Â ÄÜ»ì»ó¿¡¼ °æ°í ¹®±¸°¡ Ãâ·ÂÀÌ µÇ°Ô µÈ´Ù.(boldÇÏ¸é ±½°Ô, inverse¸é ¼±ÅùÝÀü»óÅ·Î,normalÀº Ãâ·ÂÇÏÁö ¾Ê´Â´Ù.)
¿øÇÏ´Â ÇüÅ·ΠÆÐÅÏÀ» ÀÛ¼ºÇÑ µÚ swatch¸¦ ½ÇÇàÇØ º¸ÀÚ.
swatch ½ÇÇàÇϱâ
[root@dream swatch-3.0.8]# swatch -c /usr/local/swatch-3.0.8/.swatchrc /var/log/messages &
swatch ½ÇÇà½Ã »ç¿ëµÇ´Â ¿É¼ÇÀº
-c : .swatchrcÀÇ °æ·Î¸¦ ÁöÁ¤ÇÏ´Â ¿É¼Ç
-p : µû·Î ½ÇÇàµÈ ¸í·É¾îÀÇ Ãâ·Â Á¤º¸¸¦ ÀÐ¾î ¿À´Â ¿É¼ÇÀÌ´Ù.
±×¿Ü ¿É¼ÇÀº manÀ» ÂüÁ¶Çϱ⠹ٶõ´Ù.
ÀÌÁ¦ »õ·Î¿î â¿¡¼ ¿ø°Ý¿¡¼ Á¢¼ÓÀ» ÇØ º¸ÀÚ.. ±×¸®°í
$ su -l À¯Àú¸í
À» ÀÔ·ÂÈÄ Æнº¿öµå¸¦ ÀÔ·ÂÇϸé..
Äֻܼ󿡼 °æ°í ¸Þ¼¼Áö°¡ Ãâ·ÂµÉ °ÍÀÌ´Ù.(»õ·ÎÀÌ Á¢±ÙÇÑ °÷ÀÌ ¾Æ´Ñ swatch¸¦ ½ÇÇàÇÑ ÄܼÖâ¿¡..)
°£´ÜÈ÷ ¿¹¹®À» µé¾îÁö¸¸, ·Î±×±â·Ï¿¡ ´ëÇÑ ¸·°ÇÑ ±â´ÉÀ» ¹ßÈÖÇÒ¼ö ÀÖ´Â ÅøÀÌ´Ï È°¿ëÀ» ÇØ º¸±â ¹Ù¶õ´Ù.
snort¿Í °áÇÕ ÇÒ °æ¿ì attack¿¡ °üÇÑ °ÍµéÀ» ½Ç½Ã°£À¸·Î È®ÀÎÇØ º¼¼ö ÀÖ´Ù.
(´ÙÀ½¹ø¿¡ snort¿Í swatch¸¦ °áÇÕÇØ ½Ç½Ã°£ °æº¸¸¦ ±¸ÇöÇØ º¸ÀÚ°í ÇÑ´Ù.)
swatch µð·ºÅ丮¹Ø¿¡ exampleÀ̶ó´Â °÷¿¡ .swatchrc¸¦ ÀÛ¼ºÇÏ´Â ¿¹¹®µéµµ ÀÖÀ¸´Ï ÂüÁ¶Çϱ⠹ٶõ´Ù.
¸¶Ä¡¸ç..
ÇØ´ç ³»¿ëÁß À߸øµÈ °ÍÀ̳ª ¼öÁ¤ÇÒ °ÍÀÌ ÀÖ´Ù¸é ¸ÞÀÏÀ̳ª ±ÛÀ» ¿Ã·ÁÁÖ½Ã¸é °¨»çÇÏ°Ú½À´Ï´Ù.
±×·³ Áñ´ª½º ÇϽñ⠹ٶø´Ï´Ù..
| |
|
|
|
|
|
|
|
|
|
Copyright 1999-2024 Zeroboard / skin by eggnara
|
|