[EMAIL PROTECTED] wrote:
> I have a few questions about portsentry on Eigersteinbeta2. The firewall
> runs on an old 486DX266 with 16MB of RAM and works beautifully (all fans
> disabled BTW):
> 3) I want to get an email if psentry detects a scan. Right now scanning
> kills the firewall so I can't test this but does the following kill command
> look reasonable?
>
> KILL_RUN_CMD="mail -s "Portsentry Attack from:$TARGET$" [EMAIL PROTECTED]
> < /var/log/daemon.log"
>
> The mail command does work from the command line.
I'd stay away from using that redirection, as well as getting rid of the
quote marks; you're just asking for trouble. Best to write a program in
/bin/sh, like so:
#!/bin/sh
mail -s "Portsentry Attack from $1 on port $2" [EMAIL PROTECTED]
...and use a line like....
KILL_RUN_CMD="/usr/local/bin/psentry_mail $TARGET$ $PORT$"
I use this to send mail to my pager via a gateway when something
happens.
You probably don't want to send /var/log/daemon.log every time; the only
thing of interest would be the portsentry line. With your method,
you'll get replicated information every time the mail is sent out.
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
