
Heat Up Your Keyboard with Hotkeys #28
Chapter 4, Related to X
|
91
HACK
Swatch
Swatch is a program that monitors your system logs to watch for certain
important keywords in one or more log files. If Swatch finds a keyword, per-
haps a word or pattern that indicates someone might be trying to guess pass-
words and break into your network, Swatch will do whatever you tell it to
do to issue the alert.
Normally, when Swatch issues an alert, it simply prints it to the screen
where Swatch is running. Swatch can also send you an email alert, but if
Swatch detected an attempted break-in, your network could be compro-
mised by the time you check your email. This hack exploits the power of
XOSD to give Swatch a better chance of grabbing your attention when
something potentially serious is afoot.
Here is an example of how to set up Swatch to tell you when someone tries
to log in, but fails (a possible indication that someone is trying to guess a
password). Assume that the Swatch configuration file you are using is /root/
.swatchrc, and the log file to be monitored is /var/log/auth.log, which, for
some Linux distributions, is the file that records all login attempts. Here is
just one section of a larger file called /root/.swatchrc, which looks for the
word “failure” in /var/log/auth.log:
# Bad login attempts
watchfor /failure/
pipe "osd_cat -c magenta -p middle \
-f \"-*-arial black-*-*-*-*-48-*-*-*-*-*-*-*\" -d ...