INSTALLATION
wget http://rfxnetworks.com/downloads/lsm-current.tar.gz
tar -zxvf lsm-current.tar.gz
cd lsm-0.*
./install.sh
/usr/local/sbin/lsm -g
LSM Testing
/usr/local/sbin/lsm -c
=====================
1) What is LSM ?
-LSM is a bash scripted network socket monitor. It is designed to track
changes to Network sockets and Unix domain sockets.
A comprehensive alert system, simple program usage & installation make LSM
ideal for deployment in any linux environment (geared for web servers). Using
a rather simple yet logical structure, LSM identifies changes in both
Network Sockets and Unix Domain Sockets. By recording a base set of what
sockets should be active then comparing the currently active socket informationto that of the base comparison files, we highlight otherwise unknown services.
LSM will ignore services that are currently holding sockets open. Events are
only applicable when a 'new' socket is created, be it UDS Stream Socket or TCPNetwork Socket, LSM will identify it. Currently LSM does not track DGRAM Unix Domain Sockets.
2) Setup:
-To setup LSM, simply execute the 'install.sh' script inside the extraced path.
This will install LSM to /usr/local/lsm, and symlink its executable to
/usr/local/sbin/lsm. As well, there will be a cron.d entry added to
/etc/cron.d/lsm, set to run it once every 10 minutes.
3) Usage:
LSM has 3 arguments that perform the following operations respectivly:
-g Generate base comparision files
-c Compare current socket information to comparision files
-d Delete base comparision files
Upon installation, LSM generates its base comparison files, but we recommend
you manualy do so to ensure it has been done.
Thanks,
Vijayarajan.A
No comments:
Post a Comment