インストールする。
$ sudo emerge --oneshot -avt arpwatch
ユーザーが追加される。
$ grep arpwatch /etc/passwd arpwatch:x:116:116:added by portage for arpwatch:/dev/null:/sbin/nologin
必要な場合、設定を修正する。
$ rcsdiff /etc/config-archive/etc/conf.d/arpwatch,v /etc/conf.d/arpwatch =================================================================== RCS file: /etc/config-archive/etc/conf.d/arpwatch,v retrieving revision 1.1 diff -r1.1 /etc/conf.d/arpwatch 5c5 < IFACES="eth0" --- > IFACES="br0"
起動する。
$ sudo rc-update add arpwatch default $ sudo /etc/init.d/arpwatch start
プロセスを確認する。
$ pstree -pal arpwatch arpwatch,29661 -i br0 -u arpwatch -f /var/lib/arpwatch/br0.dat -P /var/run/arpwatch.br0.pid -N -p $ ps auxwww|grep [a]rpwatch arpwatch 29661 0.0 0.0 19464 3752 ? S 09:05 0:00 /usr/sbin/arpwatch -i br0 -u arpwatch -f /var/lib/arpwatch/br0.dat -P /var/run/arpwatch.br0.pid -N -p
ログを閲覧する。
$ sudo grep -iP "\sarpwatch:\s" /var/log/messages|perl -pe 's/\d+(?:\.\d+){3}/xxx.xxx.xxx.xxx/'|perl -pe 's/[0-9A-Fa-f]{1,2}(?:\:[0-9A-Fa-f]{1,2}){5}/xx:xx:xx:xx:xx:xx/'
Jul 1 08:39:47 amdgentoo arpwatch: Wrote pid 23655 to /var/run/arpwatch.br0.pid
Jul 1 08:39:47 amdgentoo arpwatch: Running as uid=116 gid=116
Jul 1 08:39:47 amdgentoo arpwatch: listening on br0
Jul 1 08:39:49 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:39:49 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:39:56 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:39:57 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:40:00 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:40:02 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:40:21 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:40:27 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:40:32 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:45:18 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:49:11 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0
Jul 1 08:51:52 amdgentoo arpwatch: new station xxx.xxx.xxx.xxx xx:xx:xx:xx:xx:xx br0メールが来る。(たぶん -m xxx を指定しない場合 -u xxx ではなくローカルのroot)
件名: new station (kuroboxhg.localnet) br0
hostname: kuroboxhg.localnet
ip address: xxx.xxx.xxx.xxx
interface: br0
ethernet address: xx:xx:xx:xx:xx:xx
ethernet vendor: Buffalo Inc.
timestamp: Friday, July 1, 2011 8:51:52 +0900件名: new station (router.localnet) br0
hostname: router.localnet
ip address: xxx.xxx.xxx.xxx
interface: br0
ethernet address: xx:xx:xx:xx:xx:xx
ethernet vendor: NEC AccessTechnica, Ltd.
timestamp: Friday, July 1, 2011 8:40:32 +0900再起動してもメールは来ない。キャッシュあり。
$ ll /var/lib/arpwatch/ 合計 8 -rw-r--r-- 1 root root 0 2011-06-29 07:30:22 .keep_net-analyzer_arpwatch-0 -rw-r--r-- 1 arpwatch arpwatch 653 2011-07-01 09:05:03 br0.dat -rw-r--r-- 1 arpwatch arpwatch 653 2011-07-01 08:54:47 br0.dat- -rw-r--r-- 1 arpwatch root 0 2011-07-01 08:38:15 eth0.dat
使いそうであれば/var/lib/portage/worldに登録する。(--oneshotの場合)
$ sudo emerge --noreplace arpwatch
0 件のコメント:
コメントを投稿