# Copyright 2000 - 2004 George Shaffer
# Anyone may use or modify this code for any purpose PROVIDED
# that as long as it is recognizably derived from this code,
# that this copyright notice, remains intact and unchanged.
# No warrantees of any kind are expressed or implied.
HOSTS=bsd-req,anotherhost-req,host3-opt,four-req
HOST=bsd=6-r
HOST=anotherhost=6-r
HOST=host3=6-r
HOST=four=6-r
6~^ PID TTY?\s+STAT\s+TIME COMMAND$
HOST=bsd=101-r,102-r,103-r,104-r,105-r
HOST=anotherhost=101-r,102-r,103-r,104-r,105-r
HOST=host3=101-r,102-r,103-r,104-r,105-r
# BSD Kernel processes
# In 2.7 all 5 appeared. In 2.8 only /sbin/init appears; the other
# 4 are no longer listed by ps.
101~^ 0 \?\? DLs\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \(swapper\)$
102~^ 1 \?\? [IS]W?s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/sbin\/init\s?$
103~^ 2 \?\? DL\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \(pagedaemon\)$
104~^ 3 \?\? [DR]L\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \(update\)$
105~^ 4 \?\? [DR]L\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \(apm0\)$
HOST=four=111-r,112-r,113-r,114-r,115-r,116-r
# four (Linux) Kernel processes
111~^ 1 \?\s+S\s+[0-9]?[0-9]:[0-9]{2} init \[3\]
112~^ 2 \?\s+SW\s+[0-9]?[0-9]:[0-9]{2} \[kflushd\]
113~^ 3 \?\s+SW\s+[0-9]?[0-9]:[0-9]{2} \[kpiod\]
114~^ 4 \?\s+SW\s+[0-9]?[0-9]:[0-9]{2} \[kupdate\]
115~^ 5 \?\s+SW\s+[0-9]?[0-9]:[0-9]{2} \[kswapd\]
116~^ 6 \?\s+SW<\s+[0-9]?[0-9]:[0-9]{2} \[mdrecoveryd\]
HOST=bsd=201-r,202-r,203-r,204-a,205-r,206-r
HOST=anotherhost=201-r,202-r,203-r,204-a,206-r
HOST=host3=201-r,202-r,203-r,204-a,206-r
#BSD Daemons started at boot time
201~^ {0,4}[0-9]{1,5} \?\? [DS]s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} syslogd $
202~^ {0,4}[0-9]{1,5} \?\? [IS]W?\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} CRON \(cron\)$
203~^ {0,4}[0-9]{1,5} \?\? Ss\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} cron $
204~^ {0,4}[0-9]{1,5} \?\? IW?s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/usr\/sbin\/sshd -Q $
205~^ {0,4}[0-9]{1,5} \?\? (Ss|I)\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/usr\/sbin\/httpd YES $
206~^ {0,4}[0-9]{1,5} \?\? [IS]W?s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} inetd $
HOST=four=230-r,231-r,232-a,233-r,234-a,235-r,236-r,238-r
# four (Linux) daemons started at boot time
230~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (\[automount\]|\/usr\/sbin\/automount --timeout 60 \/misc file \/etc\/auto)
231~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (syslogd -m 0|\[syslogd\])
232~^ {0,4}[0-9]{1,5} \?\s+S\s+[0-9]?[0-9]:[0-9]{2} /usr/sbin/atd
233~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (crond|\[crond\])
234~^ {0,4}[0-9]{1,5} \?\s+S?\s+[0-9]?[0-9]:[0-9]{2} CROND
235~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} \[?inetd\]?
236~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (httpd|\[httpd\])
238~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (\[xfs\]|xfs -droppriv -daemon -port -1)
HOST=bsd=301-a,302-r,303-r
HOST=anotherhost=301-a,302-r,303-r
HOST=host3=301-a,302-r,303-r
# Cron jobs
301~^ {0,4}[0-9]{1,5} \?\? [IS]W?s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/bin\/sh -c \/bin\/sh $
302~^ {0,4}[0-9]{1,5} \?\? [RS]\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/bin\/sh \/usr\/local\/bin\/wps
303~^ {0,4}[0-9]{1,5} \?\? R\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} ps -ax
HOST=four=401-r,402-r
# four (Linux) cron jobs and other non terminal processes
401~^ {0,4}[0-9]{1,5} \?\s+S\s+[0-9]?[0-9]:[0-9]{2} \/bin\/sh -c \/usr\/local\/bin\/wps
402~^ {0,4}[0-9]{1,5} \?\s+R\s+[0-9]?[0-9]:[0-9]{2} ps -ax
HOST=bsd=501-r
HOST=anotherhost=501-a
HOST=host3=501-a
HOST=four=521-a
# Local console only interactive processes
501~^ {0,4}[0-9]{1,5} C[0-5] IW?s\+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/usr\/libexec\/getty Pc ttyC[0-5] $
521~^ {0,4}[0-9]{1,5} tty[1-6]\s+S\s+[0-9]?[0-9]:[0-9]{2} \[mingetty\]
HOST=bsd=701-a,702-a,703-a,704-a,713-a
HOST=anotherhost=701-a,702-a,703-a,704-a,712-a,713-a
HOST=host3=701-a,702-a,703-a,704-a,712-a,713-a
# Interactive processes from either local consoles or remote terminals
701~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]W?s\+?\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} -ksh \(ksh\)$
702~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) \S+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} -csh \(csh\)$
703~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) \S+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} ksh $
704~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]\+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} less
712~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]\+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} sh -c sh
713~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]\+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} /usr/bin/more -s /usr/share/man/cat./\S+
714~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]W?[s+]\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/bin\/sh -c \/bin\/sh $
HOST=four=801-a
# four (Linux) interactive processes, terminals or consoles.
801~^ {0,4}[0-9]{1,5} (pts\/[1-4]|tty[1-6])\s+S\s+[0-9]?[0-9]:[0-9]{2} -bash
HOST=bsd=1-r,2-r,3-a,4-a,5-a,6-r
HOST=anotherhost=1-r,2-r,3-a,4-a,5-a,6-r
HOST=host3=1-r,2-r,3-a,4-a,5-a,6-r
HOST=four=1-r,7-r,3-a,4-a,5-a,6-r
# Header lines and user logins from w
1~\s+[0-9]+\s+users?,\s+load averages?: [0-9]\.[0-9]{2}, [0-9]\.[0-9]{2}, [0-9]\.[0-9]{2}
2~USER TTY FROM LOGIN@ IDLE WHAT$
3~^(root|jack)\s+C[0-5] -\s+\S+\s+\S+\s+(\S.*$)$
4~^jack\s+p[0-4]\s+198\.168\.89\.(86|85)\s+\S+\s+\S+\s+(\S.*$)$
5~^jack\s+p[0-4]\s+(wks1|wks2)\.xyzinc\.com\s+\S+\s+\S+\s+(\S.*$)$
7~USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT$
Top of Page -
Site Map
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|
