Instalar swatchdog:
$ sudo apt install swatch hashtag#Ubuntu/Debian
$ sudo yum install epel-release && sudo yum install swatch hashtag#RHEL/CentOS
Configuração do swatchdog:
$ sudo vi .swatchrc
watchfor /sudo/
echo red
mail=admin@phantasy.com, subject="Sudo Command"
watchfor /FAILED/
echo red
mail=admin@phantasy.com, subject="Failed Login Attempt"
watchfor /ROOT LOGIN/
echo red
mail=admin@phantasy.com, subject="Successful Root Login"
watchfor /ssh.*: Failed password/
echo red
mail=admin@phantasy.com, subject="Failed SSH Login Attempt"
watchfor /ssh.*: session opened for user root/
echo red
mail=admin@phantasy.com, subject="Successful SSH Root Login"
Rodar swatchdog como daemon:
$ sudo swatch -c ~/.swatchrc -t /var/log/auth.log --daemon hashtag#Debian/Ubuntu
$ sudo swatchdog -c ~/.swatchrc -t /var/log/secure --daemon hashtag#RHEL/CentOS