[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
port rule evaluation in hobbit-clients.cfg
- To: hobbit (at) hswn.dk
- Subject: port rule evaluation in hobbit-clients.cfg
- From: Jay Brislin <brislin (at) bc.edu>
- Date: Thu, 13 Sep 2007 09:20:08 -0400
- User-agent: Thunderbird 2.0.0.6 (X11/20070808)
I set up a PORT rule to alert for SENDMAIL logins in the DEFAULT section of my hobbit-clients.cfg file. I wanted
to override that rule for certain hosts to allow SENDMAIL logins. My hobbit-clients.cfg looks like this:
------------
HOST=luxuria
PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=9 color=green "TEXT=SENDMAIL logins"
DEFAULT
# These are the built-in defaults.
UP 1h
LOAD 5.0 10.0
DISK * 90 95
MEMPHYS 100 101
MEMSWAP 70 85
MEMACT 90 97
PROC cron
PROC ntpd
PORT "LOCAL=%([.:]23)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=TELNET logins"
PORT "LOCAL=%([.:]25)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=SENDMAIL logins"
PORT "LOCAL=%([.:]20)$" state=ESTABLISHED min=0 max=0 color=red "TEXT=FTP logins"
But I see this on the hobbit server display:
green SENDMAIL logins (found 1, req. at most 9)
green TELNET logins (found 0, req. at most 0)
red SENDMAIL logins (found 1, req. at most 0)
green FTP logins (found 0, req. at most 0)
Does anybody know why both rules for the SENDMAIL port are being evaluated? The man page for hobbit-clients.cfg
says:
The entire file is evaluated from the top to bottom, and the first match found is used. So you should put
the specific settings first, and the generic ones last.
--
Jay