LINUX SECURITY --- January 30, 2001
Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
__________________________________________________________________________
______
HIGHLIGHTS
* SNMP doesn't provide every security option. This week Rick examines
some alternative packages.
__________________________________________________________________________
______
Network Service Monitoring, Part 2
By Rick Johnson
Last week we discussed using SNMP (Simple Network Management Protocols)
to gather and monitor system information. While SNMP's extensive
functionality almost borders on magic, an SNMP agent cannot provide
certain features. The following monitoring packages offer additional
functionality.
* Big Brother (http://bb4.com) - Big Brother is a combination of
monitoring methods. While SNMP collects information by polling
devices, Big Brother acts as a central repository where it polls
networked systems and receives information broadcast by each
local system. This dual-gathering system creates a highly
efficient and redundant method for proactive network monitoring.
Big Brother displays information as Web pages and WML pages for
WAP-enabled devices, and includes historical status information
and reporting tools to assist with service-level agreements. It
is really worth a look.
* Mon (http://www.kernel.org/software/mon) - A general-purpose
resource monitoring system, Mon can be used to monitor such
things as network service availability, server problems, and
environmental conditions. Mon views resource monitoring as two
separate tasks: condition testing, and triggering an action upon
failure. Testing and action-taking tasks remain separate, as
stand-alone programs. Implemented as a scheduler, Mon executes
the monitors (which test a condition) and calls the appropriate
alerts if the monitor fails. Mon is simple and not terribly
flashy, but it just plain works. I have used it for a couple of
years with few problems.
* NetSaint (http://netsaint.sourceforge.net) - NetSaint is a
network monitoring application that monitors network services and
host resources. Defining network host hierarchy using "parent"
hosts, NetSaint detects and distinguishes between down and
unreachable hosts. When service or host problems occur and get
resolved, NetSaint performs contact notifications via email,
pager, or user-defined method. It also includes support for
implementing redundant monitoring hosts and offers an optional
Web interface for viewing current network status, notifications,
problem history, and log file. If you need a Web-based graphical
interface worthy of display to the masses, you have found it.
Of course, other packages exist besides the ones mentioned above, but I
chose to review tools based on my experiences with them. As always,
your mileage may vary.
About the author(s)
----------------
Rick Johnson is currently the Manager of Security Services for
FusionStorm, a remote managed services company. When not writing, he
heads the development team for PMFirewall, an Ipchains Firewall and
Masquerading Configuration Utility for Linux. Rick can be contacted via
email at rick@pointman.org or on the web at http://www.pointman.org.
__________________________________________________________________________
______
ADDITIONAL RESOURCES
Viewing your network in real-time
An examination of network monitoring protocols and tools
http://www.unixinsider.com/jsw/linsec_nl/swol-09-1999/swol-09-realtime2.ht
ml
Monitoring system and network performance metrics
http://www.unixinsider.com/jsw/linsec_nl/swol-10-1997/swol-10-realworld.ht
ml
Me and my SHADOW
Using the new SANS intrusion-detection software with Solaris
http://www.unixinsider.com/jsw/linsec_nl/swol-09-1998/swol-09-security.htm
l
Linux security basics
How to achieve the goal of every system admin: boring, predictable
computers
http://www.linuxworld.com/jlw/linsec_nl/lw-2001-01/lw-01-security.html
__________________________________________________________________________
______
<<attachment: winmail.dat>>