# # name : monitor_conf.pl # # SCCS : %P%, %W%, # %E% %U% # # History : # <1> V1.1 Dec.6'93 (S.Boran) # FCS. # # FUNCTION: # Set all the custom variables for the log monitoring # scripts. This file is VERY site specific. # This file is real perl code, the syntax MUST be correct. # Be careful about forgetting ";" at line end, and forgetting # "$" before variable names. # # --- Who should mail be sent to? most places use 'root' ------- $user = 'security@yourdomain.com'; # --- Report any logins between $max_hour and $min_hour -- @check_logins=('host1','voodoo'); # $max_hour = '22'; # normally 20 (8pm) or so $min_hour = '07'; # normally 07 (7am) or so # --- Configuration for authfile analysis: "monitor_auth.pl" $authfile='/var/log/authlog'; $daemonlog='/var/log/daemonlog'; $alertfile='/var/log/alertlog'; $admin_server="voodoo"; $data_server1="host4"; $data_server2="host5"; $archive_clients= "host4|host5|host6"; # --- Configuration for kill_baddies.pl ----- @oper_hosts = ('host5a', 'host5b','host5b.boran.com'); $admin_server_clients= "host4|host5|host6"; # see also $admin_server ##=======> the rest is not (yet) used $space = '95'; # set % disk space free required # logfile analysis and --- "kill_baddies.pl" # # Make sure to use the | as a seperator for multiple host names! # $multiple_interfaces_ok="host6|host7"; # --- Configure hostnames (for remote administration): ------- @target_hosts = ( 'host9','host10' ); ########## For those not happy with the standard monitor_auth.pl: ######### # # ONLY CHANGE THIS IF YOU FEEL VERY COMFORTABLE WITH PERL. # The three subroutines must exit. # sub zero_counters { # set all counters to Zero return '1'; # All ok } sub analyse_log { # for each line of the log # print "GOT: $service, $fromhost ($msg)\n"; return '0'; # no action taken } sub print_results { return '1'; # All ok } # DON'T delete the next line: 1; #EOF