Home | Hardware | Internet News |Web Hosting |IT Management |Network Storage
LinuxPlanet
Search 
  Power Search | Tips 

 Front Door
 Discussion
 LinuxEngine
 Opinions
 Reports
 Reviews
 Tutorials
 News
 Technology Jobs

 Browse by subject.
Free Newsletter

Linux Planet
 Linux Today
More Free Newsletters

Be a Commerce Partner



internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
Print this article
Email this article
   LinuxPlanet / Tutorials


Admin Digest: The Basics of Linux Network Security
Monitoring Programs and Where/What They Log

Rob Reilly
Monday, January 6, 2003 01:36:47 PM

Linux has a comprehensive set of subsystems to let the systems administrator know what is going on with his or her system. All manner of log files are generally kept in the /var/log directory. Most of the standard services log information to /var/log/syslog and /var/log/messages about users connecting to them or attempting to connect. There are also log files for such services as apache (/var/log/httpd/access_log), mail (/var/log/mail) and firewall (/var/log/firewall).

The main problem with logging events is that one tends to end up with too much data. So careful filtering and only logging important information is important.

There are some good tools out there that will make this work easier.

Ethereal is a packet sniffer. With it you can capture various types of packets over a given period of time. It also shows all manner of information about the packets. It's useful for watching packets coming into and going out of your machine. Generally it will detect traffic on your network segment.

Another logging/intrusion detection type tool is called Tripwire. It takes a snapshot of your important system files and records their signature in a database. Various signature levels are available from mild to wild. You can also set the rules in a policy file to tell Tripwire what to check. After the database is initialized and signed Tripwire can be executed whenever you need to check the integrity of your system. The report will point out when your files are changed and the severity of the security risk. The Tripwire report is pretty easy to read and can be customized according to your file tracking needs. Why not set Tripwire up to run every day, early in the morning and have a report ready to look at, with your first cup of coffee?

A popular program for detecting access attempts (via the network) and port scans is Snort. The program produces files that log these types of activities and even gives some idea of where to find out more information. Of course, then you have the same problem as with other log files. It gets tough for a busy system administrator to review all the log files on a regular basis.

Next: Stop The Evil Forces Of The Internet With Firewalls »

Skip Ahead

1 Introduction
2 Averting Break-Ins
3 Keep Out The Prying Eyes With Ssh (Secure Shell System)
4 Monitoring Programs and Where/What They Log
5 Stop The Evil Forces Of The Internet With Firewalls





Linux is a trademark of Linus Torvalds.


internet.com home | search | help! | about us

Jupiter Online Media

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Web Hosting | Newsletters | Tech Jobs | Shopping | E-mail Offers