- 追加された行はこの色です。
- 削除された行はこの色です。
[[amavisd-new TROUBLE]]
hotshot# portinstall security/swatch
[Gathering depends for security/swatch ................ done]
---> Installing 'swatch-3.2.3' from a port (security/swatch)
---> Building '/usr/ports/security/swatch'
/etc/rc.conf
http://www.hodogaya.org/home-server/swatch-ipfw.html
swatch_enable="YES"
swatch_rules="1"
swatch_1_flags="--tail-file=/var/log/auth.log --awk-field-syntax --config-file=/usr/local/etc/swatchrc -r 00:01 --daemon"
swatch_1_user="root"
swatch_1_pidfile="/var/run/swatch1.pid"
↓
swatch_enable="YES"
swatch_rules="1"
swatch_1_flags="--tail-file=/var/log/maillog --awk-field-syntax --config-file=/usr/local/etc/swatchrc -r 00:01 --daemon"
swatch_1_user="root"
swatch_1_pidfile="/var/run/swatch1.pid"
/usr/local/etc/swatchrc
watchfor /Failed password for root from/
exec /sbin/ipfw add 1 deny all from $11:255.255.255.255 to any
mail=root,subject=Failed_password_for_root_from
↓
watchfor /_DIE: Suicide in child_init_hook/
exec amavisd reload
mail=root,subject=Amavisd-new reloaded!
swatch --tail-file=/var/log/maillog --awk-field-syntax --config-file=/usr/local/etc/swatchrc -r 00:01 --daemon