Installing LSM (Linux Socket Monitor) on Linux server
Definition of LSM (Linux Socket Monitor)LSM is a network socket monitor. It is designed to track changes to Network sockets and Unix domain sockets.
Its a comprehensive alert system, simple program usage & installation make LSM ideal for deployment in any linux environment (geared for web servers). Using a rather simple yet logical structure, LSM identifies changes in both Network Sockets and Unix Domain Sockets. By recording a base set of what sockets should be active then comparing the currently active socket information to that of the base comparison files, we highlight otherwise unknown services.
Definition: LSM is a bash scripted network socket monitor. It is designed to track changes to Network sockets and Unix domain sockets.
LSM will ignore services that are currently holding sockets open. Events are only applicable when a 'new' socket is created, be it UDS Stream Socket or TCP Network Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets, but will in the future.
Download the current release of LSM distributed under the GNU general public license :
# wget http://www.r-fx.ca/downloads/lsm-current.tar.gz
# tar -zxvf lsm-current.tar.gz
#cd lsm-current
# ./install.sh
This will install LSM to /usr/local/lsm, and symlink its executable to /usr/local/sbin/lsm
There will be a cron.d entry added to /etc/cron.d/lsm, set to run it once every 10 minutes.
All projects on rfxnetworks.com are free for use and distribution in accordance with the gnu gpl; funding for the continued development and research into this and other projects, is solely dependent on public contributions and donations. If you are using this software first time, we would request you to evaluate it and consider a small donation; for those who are either frequent or continue users of this and other projects. We would also request you to make an occasional small donation to help ensure the future of our public projects.
Applications of LSM:
1) A comprehensive alert system, simple program usage & installation make LSM ideal for deployment in any linux environment (geared for web servers). Using a rather simple yet logical structure, LSM identifies changes in both Network Sockets and Unix Domain Sockets. By recording a base set of what sockets should be active then comparing the currently active socket information to that of the base comparison files, we highlight otherwise unknown services.
2) LSM will ignore services that are currently holding sockets open. Events are only applicable when a 'new' socket is created, be it UDS Stream Socket or TCP
Network Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets, but will in the future.
3) Usage
LSM has 3 arguments that perform the following operations respectively:
-g Generate base comparision files
-c Compare current socket information to comparision files
-d Delete base comparision files
Upon installation, LSM generates its base comparison files, but we recommend you manualy do so to ensure it has been done.
# /usr/local/sbin/lsm -g
Then to check for changes in sockets, use the -c argument. This will compare the current sockets running, with the generated base comparision files. If any changes are found you will be notified, otherwise it will remain as it is.
When changes are found, LSM issues an email alert to the configured addresses in
#/usr/local/lsm/lsm.conf
posted by The Great Anil @ 4:46 PM
Comments: 0
