System monitoring techniques :
1. AIDE [Advanced Intrusion Detection Environment]
2. SAR [System Activity Reporter]
AIDE
- AIDE stands for Advanced Intrusion Detection Environment
- Package name:- aide
- Configuration file:- /etc/aide.conf
# yum install aide -y
# vim /etc/aide.conf
Comment all # Next device what directory/file you want to comment.
# /boot NORMAL
# .............
# .............
# .............
(comment the above line if you don't want to monitory)
/test NORMAL // you want to monitory /test in this example
:wq
# mkdir /test
# cd /test
# touch a b c d
# aide --init // To create database or snapshot at this time
# zcat /var/lib/aide/aide.db.new.gz // To view database
# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz // To rename the file, after making changes and compare
Now, Make changes to the file or directory within /test
Add, remove or delete etc
# aide --init // Again, database will be created the above name (/var/lib/aide/aide.db.new.gz)
# aide --check // To view the changes done
SAR:- System Activity Reporter
Package name: sysstat
Install:
# yum install sysstat -y
# sar -A // To check running process with utilisation
# sar 2 6 // same as above, 2 = seconds;6 = 6 times report i.e. after every 2 seconds 6 times
Network Monitoring
Wireshark is used for Network monitoring
# yum install wireshark-gnome -y
# wireshark
No comments:
Post a Comment