W zalaczniku latka na logwatch'a, ktora powinna ulatwic wspolzycie pomiedzy
logwatch'em i spop3d.
w wyniku jej dzialania zamiast dostawac w mailu takie smieci:
---
spop3d(pam_unix)[15379]: session opened for user xavier by (uid=0)
spop3d(pam_unix)[15379]: session closed for user xavier
spop3d(pam_unix)[15381]: session opened for user okarel by (uid=0)
spop3d(pam_unix)[15381]: session closed for user okarel
---
otrzymamy takie:
---
spop3d user connections:
aosta: 2 Time(s)
errors: 52 Time(s)
ironman: 8 Time(s)
lists: 410 Time(s)
okarel: 164 Time(s)
towdiii: 620 Time(s)
xavier: 2045 Time(s)
spop3d connection failures:
xavier: 1 Time(s)
spop3d connections(sum): 3301
spop3d connection errors: 1
----
Jednak nie jestem mistrzem perlowym i pewnie mozna to poprawic,
wiec jak sa chetni..., a jak nie to prosze o wrzucenie do CVS :)
--
Grzegorz Zebrowski
*** scripts/services/secure.old Wed May 19 00:19:56 2004
--- scripts/services/secure Wed May 19 00:12:51 2004
***************
*** 31,36 ****
--- 31,38 ----
$Ignore = $ENV{'ignore_services'};
$Summarize = $ENV{'summarize_connections'};
$ConsoleLock = 0;
+ $spop3d_opened=0;
+ $spop3d_errors=0;
use Logwatch ':ip';
while (defined($ThisLine = <STDIN>)) {
***************
*** 54,59 ****
--- 56,82 ----
( $ThisLine =~ /^(xinetd|xinetd-ipv6)\[\d+\]: EXIT: ([^ ]+) pid=\d+/)
) {
# Ignore these entries
+ } elsif ($ThisLine =~ /^spop3d/) {
+ @line=split(": ",$ThisLine);
+ if($line[1]=~/^session opened for user/)
+ {
+ $spop3d_opened++;
+ @bzz=split(" ",$line[1]);
+ $PopUser= $bzz[4];
+ $PopLogin{$PopUser}++;
+ }
+ if($line[1]=~/^authentication failure;/)
+ {
+ # authentication failure; logname= uid=0 euid=0 tty=
+ # ruser= rhost= user=xavier
+
+ $spop3d_errors++;
+ @bzz=split(" user=",$line[1]);
+ $PopErr=$bzz[1];
+ $PopErrors{$PopErr}++;
+ }
+
+
} elsif ( ($Host,$User) = ($ThisLine =~ /^login: FAILED LOGIN \d+ FROM ([^ ]+) FOR ([^,]+),/ ) ) {
$FailedLogins->{$User}->{$Host}++;
} elsif ( ($Service,$IP) = ($ThisLine =~ /^([^ ]+)\[\d+\]: connect(ion)? from "?(\d+\.\d+\.\d+\.\d+).*/) ) {
***************
*** 319,324 ****
--- 342,365 ----
}
}
+ if (keys %PopLogin) {
+ print "\nspop3d user connections:\n";
+ foreach $PopUser (sort {$a cmp $b} keys %PopLogin) {
+ print " $PopUser\:\t$PopLogin{$PopUser} Time(s)\n";
+ }
+ }
+
+ if (keys %PopErrors) {
+ print "\nspop3d connection failures:\n";
+ foreach $PopErr (sort {$a cmp $b} keys %PopErrors) {
+ print " $PopErr\:\t$PopErrors{$PopErr} Time(s)\n";
+ }
+ }
+
+ print "\nspop3d connections(sum):\t".$spop3d_opened."\n";
+ print "spop3d connection errors:\t".$spop3d_errors."\n";
+
+
if ($#SudoList >= 0) {
print "\nUnauthorized sudo commands attempted (" . ($#SudoList + 1) . "):\n";
print @SudoList;
*** logwatch.spec~ 2004-05-19 00:08:47.424712448 +0200
--- logwatch.spec 2004-05-19 00:30:30.808567984 +0200
***************
*** 4,10 ****
Summary(pl): Logwatch - analizator log�w systemowych
Name: logwatch
Version: 5.1
! Release: 8
License: MIT
Group: Applications/System
#Path for pre-versions:
--- 4,10 ----
Summary(pl): Logwatch - analizator log�w systemowych
Name: logwatch
Version: 5.1
! Release: 9
License: MIT
Group: Applications/System
#Path for pre-versions:
***************
*** 28,33 ****
--- 28,34 ----
Patch10: %{name}-amavis.patch
Patch11: %{name}-sendmail.patch
Patch12: %{name}-clam-update.conf.patch
+ Patch13: %{name}-spop3d.patch
URL: http://www.logwatch.org/
BuildRequires: rpm-perlprov
Requires: perl-modules
***************
*** 66,71 ****
--- 67,73 ----
%patch10 -p0
%patch11 -p0
%patch12 -p0
+ %patch13 -p0
%install
rm -rf $RPM_BUILD_ROOT
_______________________________________________________
z�ota zasada - kto si� nie zna, niech si� nie wypowiada
