Wednesday, April 16, 2014

System monitoring with AIDE, SAR and Wireshark


System monitoring techniques :

1.    AIDE [Advanced Intrusion Detection Environment]
2.    SAR  [System Activity Reporter]

AIDE
  • AIDE stands for Advanced Intrusion Detection Environment
  • Package name:- aide
  • Configuration file:- /etc/aide.conf
Installation:
# yum install aide -y
# vim /etc/aide.conf
  Comment all # Next device what directory/file you want to comment.
  # /boot   NORMAL
  # .............
  # .............
  # .............
  (comment the above line if you don't want to monitory)
  /test       NORMAL                        // you want to monitory /test in this example
  :wq

# mkdir /test
# cd /test
# touch a b c d
# aide --init                            // To create database or snapshot at this time
# zcat /var/lib/aide/aide.db.new.gz                // To view database
# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz    // To rename the file, after making changes and compare

Now, Make changes to the file or directory within /test
Add, remove or delete etc

# aide --init                            // Again, database will be created the above name (/var/lib/aide/aide.db.new.gz)
# aide --check                            // To view the changes done

SAR:- System Activity Reporter
Package name: sysstat

Install:
# yum install sysstat -y

# sar -A            // To check running process with utilisation
# sar 2 6            // same as above, 2 = seconds;6 = 6 times report i.e. after every 2 seconds 6 times

Network Monitoring

Wireshark is used for Network monitoring

# yum install wireshark-gnome -y
# wireshark

No comments:

Post a Comment