> awk '/path/[s]watch/{printf "kill -9 -%s\n", $2}'|sh
Of course the biggest problem is that swatch, when run,
takes the swatch rules (from .swatchrc, etc) and dynamically
generates a perl executable which it then runs. This
program will have a random filename, '.swatch_script.$$'
(or something similar, I don't remember for sure.)
Additionally, swatch resets argv[0] to 'swatch' (since
it was invoked with 'perl .swatch_script.$$') but that
can play havock with some ps programs.
The option I usually pick is to write a swatch config
file, then use the '--dump-script' option to dump
the resulting script to STDOUT, and redirect it to a
file, for example 'swatch.syslog' or 'swatch.apache',
quick chmod 555, and then run that version directly,
should work better.
You can remove the setting of argv[0] by removing the line
\$0="swatch";
from the actual swatch executable, or by removing
$0="swatch";
from the dumped script.
I sometimes have more than one swatch running to check
different files, and having argv[0] not be munged is
helpful to differentiate them.
--
Brian Hatch Jury: Twelve people who
Systems and determine which client
Security Engineer has the better attorney.
www.hackinglinuxexposed.com
Every message PGP signed
This archive was generated by hypermail 2b30 : Fri Aug 24 2001 - 17:09:27 PDT