I am currently running a 64-bit Fedora 14 server which hosts a game server, a voice server, and remote desktop functionality, each on a distinct TCP port. I am currently using the built-in firewall to deny all traffic other than ICMP ping/pong and TCP traffic on those specific ports.I am looking for a graphical application which will let me monitor any connections being made to my server in order to keep an eye out for possible security concerns. To be more specific, I'd like to be able to see the source IP addresses, TCP/UDP ports, and individual bandwidth in use by external connections being made to the server, along with any other information that might be helpful in identifying a possible intrusion attempt.
I have a third party program (tightvnc) which I want to monitor and detect if it loses a connection with a client. I don't care if the client has the program open but isn't doing anything with it, I only want to know if the actual TCP connection is lost.
Since TCP takes forever to die on it's own I was thinking the best way to detect if a connection is lost is by bandwidth the bandwidth on the tcp port allocated to the VNC connection. Are there any tools built in to redhat (RHEL 5.2) which I could use to do this? Since I don't have full control of the operating system I would prefer to use built in tools rather then trying to get a new tool installed.
how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
Is there a program that monitors and displays 'who' is on your wireless Internet signal that one may not be aware of? Like, the ability to see when someone that you don't know is accessing your locked wireless?
I was reading a magazine article today which was a discussion of internet detective work for tracking down ip addresses which attempt an ssh login to your machine. I have never really paid much attention to network security since I only run a small home network. I have WPA encryption and a firewall on my router. But while reading this article, I remembered that I myself has seen log files in the past that inidicated someone somewhere had attempted to log into my machine (attempts all failed). This had happened a few times, but I never really considered it a threat.
But, the more I read about home computers becoming "zombies" for criminals, I guess I am getting a little paranoid in my old age, particularly since my wife does quite a bit of business on the net with credit cards. I have four computers connected to the net and each other on this network, and would like to be able to easily detect attempted log ins and deal with them quickly.
So my reason for posting is to ask if someone could recommend a novice-friendly application for monitoring traffic to check this intermittently. I have read bodhi.zazen's excellent tutorial on snort, but I it appears to be written for large lan's or web servers and is over-kill for a small home network.
dear can someone highly gui or text base/command line tool that use as "isp bandwidth monitoring tools in linux".i do have leased line,frame relay, wireless linke,dsl too. i want to monitor what is uploading and downloading.
I just need to ask about any existing tool in linux which can show us the CPU memory and swap utilizations of overall system for particular time duration and generate graphs.?i m a student of computer science and want this information of resource utilization for my project..kindly reply if any of u liux fans knows about such tools.
I am looking for some monitoring tools (such as disk usage,memory usage, cpu,etc) for my linux machines. I came across two tools, cacti and splunk.Which one is better ? It will be nice if you can also let me know the reason.
System activity monitoring tools - top, iotop, ntop, sar, collectl, etc - may be a good reference to judge the system activity when the system transitions to sleep state.But if I make the system transition to sleep state when i/o activity is zero during 15 minutes, for example, it won't sleep forever because slight i/o by daemons, etc occurs continuously even if no user i/o.So how can I judge the system activity to change the state by using those tools?
I have a scenario where I want to monitor at disk performance (cpu and memory also if possible) on a RHEL 5 server functioning as a NAS. I have several machines that backup content to this server via scheduled cronjobs and I'm curious to see if the machine is hitting a bottleneck under load.I attempted to setup cacti on one of our LAMP servers and had a miserable time due to running PHP 5.3 and deprecated function issues.Can anyone recommend an alternative keeping in mind I have only very basic experience with SNMP?
Anyone know if the collection of STD tools have been included in Fedora repositories? Would love to recreate a STD disk based off of F12+ live cd and those tools. (Knoppix Secuity Tools Disk that seem to have died out a couple years back) Great tools, just the distro doesnt support new hardware....but if in a F12+package......all would be good.
It seems the fingerprint reader is detected, and several related packages are installed, but I can't find any tools available to either set it up. or activate it for use.
I use network Manager to connect to wireless broadband on Fedora 12.Are there any tools that can provide me logs about connection times, bandwidth monitoring etc.Basically, I need logs like what kppp provides with accounting.
I can use kppp to connect and get the logs I need but I want to connect to the network as soon as I plug it in - Only Network Manager allows this.
I have a home PC which connects through internet via a Zyxel ADSL router. I use Fedora 14 as my one and only operating system and sometimes I am seeing the LEDs of my modem blinking very fast which means that something is downloading. I want to know which application download what on my PC. Is there any tool in Fedora that can show which application uses my network?
I want to know that the tools used for Network Auditing in linux fedora, can any one share with me the names and little bit detail related to these specific tools. it will be the nice favor for me,
We have few servers and we need to monitor mysql and ping (port 80) on our servers to send us email notification and also we need sms notification when something is wrong, we can ask our developer to write sms notification (which is very important for us) because we already have the API and only need a output from a good monitoring tools to show to our developer and ask him to write the notification program.
Our primary sever is centos with WHM installation and hosts about 600 websites.(need to monitor mysql & port 80 on this.)The secondary one is windows server with virtuzzu installation and host about 15 windows VPS (The server crashing some times and we need to findout its out of service ASAP .)Should we use monitoring websites such as hypersins.com or siteuptime.com (which is a little expensive for us especially because of international sms rates.) or there is nice tools we can easily configure and use !
I've firewall machine customers connect on it then connect to one of another 3 machines as root through ssh key , is there any way to know which user connect to which machine and what command that he has executed without using script command ?
How do I monitor who is ssh'ing into a box (SLES) as well as failed attempts? How can I log their IP addresses, even if they're not in DNS?/var/log/messages I see their hostname but no IP address
I'm going to start monitoring our Linux servers with a log management/correlation tool to take a proactive approach to the security of our systems.
Right now I'm going to search for log events that include the following:
Any other commands or logs that would be good to correlate or be alerted on when a potential breach or suspicous activity is happening on the box? Logging cleared, permission changes on accounts or particular files or directories? What would you want to see while monioring your servers?
have around 20-30 HP and Dell Hardware where we have attached Pen Drive. There is no Rack-lock facility. A misuse of Pen Drive is reported and it happens every alternative day that someone unplug and theft the drive attached.There is no camera facility to monitor.I have a plan to write a script which will login to every machine through ILO and watch the USB availability. In case anyone dettach the USB, a mail will be sent to the administrator and thereby the steps could be taken.Does this idea look feasible.
At our company we have a central server with client files. This server has a SSH server installed, and through Nautilus all employees can access the files. However, I have a few questions:
1. Most employees need access to all folders, because they might use them at some point in time. However, I want to make sure they are not accessing things they do not need. How can I do this? For instance, if somebody copies all of the folders to his/her computer, I want to be able to see this in some sort of log. Can this be done? Copying and accessing in general is what is of my concern.
2. Some employees only need access to specific folders. Can this be easily configured with SFTP?
3. Some also use SSH and type commands which I want to check every now and then (e.g. to make sure an intern is not again copying information or accessing folders they should not be in). What is a good way to do this?
I am striving to setup OSSEC to monitor some specific files for realtime changes! Is this possible? I can't really find a lot of info from their Documentation
Some Examples: /etc/myfile.txt is deleted. I need this to be reported. /etc/myfile.txt is created again so I need this to be reported again!
This has to happen instantly though, because the file might be deleted and created again many times in a short period of time.. Another one... /etc/passwd is touched (accessed) even if there is no changes! Can this be reported as well?
I have been using VMware Player for some time to host Fedora VMware images on Windows XP. I have been using Fedora 11 and 12 (both 32 and 64 bit) and recently started to use Fedora 13.
I use as a base the images provided by thoughtpolice. http://www.thoughtpolice.co.uk/
I usually install VMware tools and also keep the images updated (yum update) which sometimes changes the kernel.
I have recently had problems with the snapshots not having a network when I restore them. So far I don't have the problem with Fedora 11 and do have it with Fedora 12 (but used not to). I do have it with Fedora 13.
In each case the problem goes away when I uninstall the VMware tools and comes back when I install them again.
One of the symptoms is that SElinux complains about not being able to do something with /var/run/vmware-active-nics.
It looks to me that something is incorrect in the actions being taken when the snapshot is being restored. It does not happen every time and sometimes the network restores itself.
The network can be restored by rebooting the image.
