LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Monitoring a file server for intruders
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-19-2010, 10:54 AM   #1
bellsal
Member
 
Registered: Aug 2007
Posts: 42

Rep: Reputation: 0
Monitoring a file server for intruders

Hello Everyone,

I have built a file server at home and my users data is secured on an encrypted partition. This, of course, only protects the users data if the server is stolen, but doesn't protect the users from network intruders. So, if I want to monitor for such intruders, what logs besides /var/log/syslog/ should I monitor?

Also, is there some free monitoring software (linux) that I can download? For example, nagios?

Thanks in advance,

bellsal
 
Old 02-19-2010, 11:42 AM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 167Reputation: 167
Nagios, Zenoss, Cacti, etc... will monitor the actual server's drive space, cpu, etc... less so security issues.

You probably want to install rkhunter and chkrootkit on the machine and set them up for a nightly run and mail the reports to you. It's also not a bad idea to install an application like tripwire, bsign, or systraq to monitor the system files for changes.

You might want to look at a more robust IDS like snort.
 
Old 02-28-2010, 11:19 AM   #3
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
You might also look at something like OSSEC, which is a handy tool for collecting and reporting various anomalies.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can intruders hide from who and w? otacon 14112 Linux - Security 3 04-04-2007 12:09 AM
LXer: Detecting Intruders with IPCop LXer Syndicated Linux News 0 10-09-2006 07:03 AM
How to secure the server and how to track down intruders? depam Linux - Security 5 07-01-2006 03:32 PM
susefirewall2 and seeing intruders oily_rags SUSE / openSUSE 12 12-17-2005 12:22 AM
tracking intruders bishal Linux - Security 1 08-14-2004 07:12 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:17 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration