Embed Size (px)
Citation preview
Cen
tral
ized
Lin
ux
C
entr
aliz
ed L
inu
x
Secu
rity
Ser
ver
Secu
rity
Ser
ver
Un
isys
Sch
ola
rs P
rogra
m
Un
isys
Sch
ola
rs P
rogra
m ––
Fin
al
Fin
al
Rep
ort
Rep
ort
By:
Luca
s M
achad
oBy:
Luca
s M
achad
o
May
3M
ay 3
rdrd, 20
04, 20
04
Ove
rvie
wO
verv
iew
!!In
troduct
ion
Introduct
ion
!!Li
nux
Syst
em L
ogg
ing
Linux
Syst
em L
ogg
ing
!!W
indow
s Sy
stem
Logg
ing
Win
dow
s Sy
stem
Logg
ing
!!W
indow
s/Li
nux
Bridge
Win
dow
s/Li
nux
Bridge
!!Lo
gwat
chLo
gwat
ch!!
Secu
rity
Secu
rity
!!Se
rver
/Clie
nt St
atus
Monitoring
Serv
er/C
lient St
atus
Monitoring
!!Concl
usi
on
Concl
usi
on
Intr
od
uct
ion
Intr
od
uct
ion
Infr
astr
uct
ure
Co
nfi
gura
tio
nIn
fras
tru
ctu
re C
on
figu
rati
on
Clie
nts
Linu
x Se
curit
y Se
rver
Clie
nts
on th
e ne
twor
k se
nd s
ecur
ity in
form
atio
n to
the
Linu
x se
rver
. H
ere,
the
syst
em a
dmin
istra
tor m
onito
rs th
e ac
tivity
on
all o
f the
clie
nt m
achi
nes.
Syst
em L
ogg
ing
Syst
em L
ogg
ing
!!It c
an b
e im
portan
t to
know
what
is
It c
an b
e im
portan
t to
know
what
is
hap
pen
ing
on the
mac
hin
es b
oth
when
hap
pen
ing
on the
mac
hin
es b
oth
when
yo
u a
re a
nd a
ren’t
ther
e.
you a
re a
nd a
ren’t
ther
e.
!!W
hy?
Why?
!!Fi
ndin
g/D
ebugg
ing
erro
rs o
n the
syst
emFi
ndin
g/D
ebugg
ing
erro
rs o
n the
syst
em
!!K
eep tra
ck o
f w
ho is
doin
g w
hat
Kee
p tra
ck o
f w
ho is
doin
g w
hat
!!Se
curity
Secu
rity
Lin
ux
Sy
stem
Lo
ggin
gLi
nu
x S
yst
em L
ogg
ing
Mo
dif
yin
g M
od
ifyin
g sy
slo
g.co
nf
sysl
og.
con
f
!!Lo
catio
n: /e
tc/
Loca
tion: /e
tc/ s
yslo
g.co
nf
sysl
og.
conf
!!Sy
slog
Sysl
og
Faci
litie
s:Fa
cilit
ies:
!!au
thpriv
auth
priv
logi
n a
uth
entic
atio
nlo
gin a
uth
entic
atio
n!!
cron
cron
cron
cron
subsy
stem
subsy
stem
!!dae
mon
dae
mon
syst
em s
erve
r pro
cess
essy
stem
ser
ver
pro
cess
es!!
use
ruse
ruse
r pro
cess
esuse
r pro
cess
es!!
kern
kern
linux
linux
kern
elke
rnel
!!lp
rlp
rsp
oolin
g su
bsy
stem
spoolin
g su
bsy
stem
!!m
ail
mai
lm
ail su
bsy
stem
mai
l su
bsy
stem
!!new
snew
snew
s su
bsy
stem
new
s su
bsy
stem
Lin
ux
Sy
stem
Lo
ggin
gLi
nu
x S
yst
em L
ogg
ing
Mo
dif
yin
g M
od
ifyin
g sy
slo
g.co
nf
sysl
og.
con
f
!!Se
verity
Lev
els:
Seve
rity
Lev
els:
!!em
erg
emer
gsy
stem
unusa
ble
syst
em u
nusa
ble
!!al
ert
aler
tta
ke im
med
iate
act
ion
take
im
med
iate
act
ion
!!cr
itcr
itcr
itica
l co
nditi
on
criti
cal co
nditi
on
!!er
rer
rer
ror
mes
sage
erro
r m
essa
ge!!
war
nw
arn
war
nin
g m
essa
gew
arnin
g m
essa
ge!!
notice
notice
norm
al b
ut si
gnific
ant co
nditio
nnorm
al b
ut si
gnific
ant co
nditio
n!!
info
info
info
rmat
ional
info
rmat
ional
!!deb
ug
deb
ug
deb
ug
mes
sage
deb
ug
mes
sage
!!none
none
N/A
N/A
!!G
ener
al S
ynta
x:
Gen
eral
Syn
tax:
fa
cili
ty.le
vel
faci
lity
.leve
ld
esti
na
tion
des
tin
ati
on!!
Sends
logs
for
“Se
nds
logs
for
“ fa
cili
tyfa
cili
ty”
at s
ever
ity lev
el “
” at
sev
erity
lev
el “
leve
lle
vel ”
or
hig
her
to
” or
hig
her
to
““ des
tin
ati
ond
esti
na
tion
””
Lin
ux
Sy
stem
Lo
ggin
gLi
nu
x S
yst
em L
ogg
ing
Mo
dif
yin
g M
od
ifyin
g sy
slo
g.co
nf
sysl
og.
con
f
!!D
efin
ing
Multi
ple
Fac
ilitie
s &
Sev
erity
Lev
els:
Def
inin
g M
ulti
ple
Fac
ilitie
s &
Sev
erity
Lev
els:
faci
lity
1, fa
cili
ty2
.leve
l1fa
cili
ty1
, fa
cili
ty2
.leve
l1!!
Logs
for
“Lo
gs for
“ fa
cili
ty1
faci
lity
1”
& “
” &
“fa
cili
ty2
faci
lity
2”
at s
ever
ity lev
el “
” at
sev
erity
lev
el “
leve
l1le
vel1
” an
d
” an
d
hig
her
are
sen
t to
the
sam
e des
tinat
ion
hig
her
are
sen
t to
the
sam
e des
tinat
ion
faci
lity
1.le
vel1
;fa
cili
ty2.le
vel2
faci
lity
1.le
vel1
;fa
cili
ty2.le
vel2
!!Lo
gs for
“Lo
gs for
“ fa
cili
ty1
faci
lity
1”
at “
” at
“le
vel1
leve
l1”
& logs
for
“”
& logs
for
“ fa
cili
ty2
faci
lity
2”
at “
” at
“le
vel2
leve
l2” ”
are
sent to
the
sam
e des
tinat
ion
are
sent to
the
sam
e des
tinat
ion
!!An “
*” c
an b
e use
d a
s a
wild
card
for
both
fac
ility
An “
*” c
an b
e use
d a
s a
wild
card
for
both
fac
ility
an
d lev
elan
d lev
el
Lin
ux
Sy
stem
Lo
ggin
gLi
nu
x S
yst
em L
ogg
ing
Mo
dif
yin
g M
od
ifyin
g sy
slo
g.co
nf
sysl
og.
con
f
!!Sy
nta
x Fo
rmat
s:Sy
nta
x Fo
rmat
s:!!
faci
lity
faci
lity
.. lev
elle
vel
logs
lo
gs l
evel
leve
lan
d h
igher
mes
sage
san
d h
igher
mes
sage
s!!
faci
lity
faci
lity
.=.=le
vel
leve
l
lo
gs o
nly
lo
gs o
nly
lev
elle
velm
essa
ges
mes
sage
s!!
faci
lity
faci
lity
.!.! lev
el
leve
l
lo
gs
logs
lev
elle
velan
d low
er m
essa
ges
and low
er m
essa
ges
!!fa
cili
tyfa
cili
ty.!=.!=
leve
lle
vel
logs
all
but
logs
all
but
leve
lle
velm
essa
ges
mes
sage
s
!!D
estin
atio
n:
Des
tinat
ion:
!!A file
nam
eA file
nam
e!!
A d
evic
e (i.e
. te
rmin
al)
A d
evic
e (i.e
. te
rmin
al)
!!A lis
t of one
or
more
use
rs (
com
ma
A lis
t of one
or
more
use
rs (
com
ma --
separ
ated
)se
par
ated
)!!
An “
*” s
ends
mes
sage
s im
med
iate
ly to a
ll lo
gged
An “
*” s
ends
mes
sage
s im
med
iate
ly to a
ll lo
gged
-- in u
sers
in u
sers
!!@@
hos
tna
me
hos
tna
me :
mes
sage
s ar
e se
nt to
the
: m
essa
ges
are
sent to
the
sysl
og
sysl
og
faci
lity
on the
faci
lity
on the
spec
ifie
d h
ost
for
pro
cess
ing
sp
ecifie
d h
ost
for
pro
cess
ing
Win
do
ws
Syst
em L
ogg
ing
Win
do
ws
Syst
em L
ogg
ing
Logg
ing
Logg
ing
Usi
ng
Usi
ng
gped
it.m
scgp
edit
.msc
!!Tel
ling
Win
dow
s w
hat
to a
udit:
Tel
ling
Win
dow
s w
hat
to a
udit:
!!St
art
Star
t ""Run
Run""
gped
it.m
scgp
edit.
msc
!!Lo
cal Com
pute
r Polic
yLo
cal Com
pute
r Polic
y ""Com
pute
r Com
pute
r Config
Config""
Win
dow
s Se
ttin
gsW
indow
s Se
ttin
gs""
Secu
rity
Set
tings
Secu
rity
Set
tings""
Loca
l Lo
cal
Polic
ies
Polic
ies ""
Audit
Polic
yAudit
Polic
y
!!Polic
ies:
Polic
ies:
!!Acc
ount m
anag
emen
tAcc
ount m
anag
emen
t
!!Lo
gon e
vents
Logo
n e
vents
!!O
bje
ct a
cces
sO
bje
ct a
cces
s
!!Polic
y ch
ange
Polic
y ch
ange
!!Pro
cess
tra
ckin
gPro
cess
tra
ckin
g
!!Sy
stem
eve
nts
Syst
em e
vents
Win
do
ws/
Lin
ux
Bri
dge
Win
do
ws/
Lin
ux
Bri
dge
!!Eve
ntR
eporter
Eve
ntR
eporter
!!Se
nds
Win
dow
s 2k
logs
to s
erve
r ru
nnin
g Se
nds
Win
dow
s 2k
logs
to s
erve
r ru
nnin
g sy
slog
sysl
og
dae
mon (
incl
udes
man
y oth
er fea
ture
s)dae
mon (
incl
udes
man
y oth
er fea
ture
s)
!!Fr
ee to try
/$59
to b
uy
Free
to try
/$59
to b
uy
!!Eas
y to
use
inte
rfac
e; C
onfigu
ring
to s
end logs
Eas
y to
use
inte
rfac
e; C
onfigu
ring
to s
end logs
to
ser
ver
take
s le
ss than
5 m
inute
sto
ser
ver
take
s le
ss than
5 m
inute
s
Logf
ile
Logf
ile: /
: / v
arva
r /lo
g/m
essa
ges
/lo
g/m
essa
ges
Logw
atch
Logw
atch
!!Pro
vides
ove
rvie
w o
f Pro
vides
ove
rvie
w o
f lo
gfile
slo
gfile
s!!
Configu
ratio
n info
rmat
ion: /e
tc/
Configu
ratio
n info
rmat
ion: /e
tc/ l
og.
dlo
g.d
!!M
odifyi
ng
Def
ault S
ettings
:M
odifyi
ng
Def
ault S
ettings
:!!
Com
man
d lin
e options
Com
man
d lin
e options
!!/e
tc/
/etc
/ log.
d/l
ogw
atch
.conf
log.
d/l
ogw
atch
.conf
!!O
ptio
ns:
Optio
ns:
!!D
etai
l le
vel
Det
ail le
vel
!!Pro
cess
spec
ific
Pro
cess
spec
ific
logf
ilelo
gfile
logs
logs
!!Pro
cess
spec
ific
ser
vice
logs
Pro
cess
spec
ific
ser
vice
logs
!!Sc
an/d
on’t
scan
arc
hiv
esSc
an/d
on’t
scan
arc
hiv
es!!
Dat
e ra
nge
: ye
ster
day
, to
day
, al
lD
ate
range
: ye
ster
day
, to
day
, al
l!!
Wher
e to
sen
d
Wher
e to
sen
d logw
atch
logw
atch
outp
ut (p
rint,
mai
l, file
, host
nam
e)outp
ut (p
rint,
mai
l, file
, host
nam
e)
LogW
atch
LogW
atch
Secu
rity
Secu
rity
!!A
good w
ay to c
hec
k if a
clie
nt has
bee
n
A g
ood w
ay to c
hec
k if a
clie
nt has
bee
n
bre
ached
is
to c
hec
k w
het
her
key
file
s th
at
bre
ached
is
to c
hec
k w
het
her
key
file
s th
at
should
not be
modifie
d h
ave
in fac
t bee
n
should
not be
modifie
d h
ave
in fac
t bee
n
modifie
d. Exa
mple
s:m
odifie
d. Exa
mple
s:!!
/etc
/gro
ups
/etc
/gro
ups
!!/e
tc/
/etc
/ pas
swd
pas
swd
!!// s
bin
sbin
!!// v
arvar /
logs
/logs
!!H
ow
to c
hec
k? T
ripw
ire
How
to c
hec
k? T
ripw
ire
Secu
rity
Secu
rity
Tri
pw
ire
Tri
pw
ire
!!M
onitors
file
attribute
s th
at s
hould
not
Monitors
file
attribute
s th
at s
hould
not
chan
ge:
chan
ge:
!!Si
zeSi
ze
!!Fi
le p
erm
issi
ons/
Ow
ner
ship
File
per
mis
sions/
Ow
ner
ship
!!La
st a
cces
s tim
eLa
st a
cces
s tim
e
!!La
st m
odific
atio
n tim
eLa
st m
odific
atio
n tim
e
!!B
inar
y Si
gnat
ure
sB
inar
y Si
gnat
ure
s
Secu
rity
Secu
rity
Tri
pw
ire
Tri
pw
ire
!!N
eeds
two d
atab
ases
to c
om
par
e:N
eeds
two d
atab
ases
to c
om
par
e:!!
1) O
rigi
nal
dat
abas
e co
nta
inin
g al
l th
e in
form
atio
n o
f file
s 1)
Origi
nal
dat
abas
e co
nta
inin
g al
l th
e in
form
atio
n o
f file
s bei
ng
monitore
dbei
ng
monitore
d!!
2) D
atab
ase
with
curr
ent file
info
rmat
ion
2) D
atab
ase
with
curr
ent file
info
rmat
ion
!!M
ust
mak
e su
re o
rigi
nal
dat
abas
e ca
nnot be
Must
mak
e su
re o
rigi
nal
dat
abas
e ca
nnot be
tam
per
ed w
ith. So
lutio
n: Rea
dta
mper
ed w
ith. So
lutio
n: Rea
d-- O
nly
med
ia.
Only
med
ia.
!!G
reat
sys
tem
for
a fe
w o
r le
ss m
achin
es, how
ever
, G
reat
sys
tem
for
a fe
w o
r le
ss m
achin
es, how
ever
, w
ith m
ore
mac
hin
es this
sys
tem
is
not su
ffic
ient:
with
more
mac
hin
es this
sys
tem
is
not su
ffic
ient:
!!W
rite
Write
-- once
har
dw
are
for
each
mac
hin
e is
exp
ensi
ve.
once
har
dw
are
for
each
mac
hin
e is
exp
ensi
ve.
!!CD
’s c
an b
e dam
aged
, burn
ing
them
after
eac
h c
han
ge is
not
CD
’s c
an b
e dam
aged
, burn
ing
them
after
eac
h c
han
ge is
not
pra
ctic
al, an
d c
hec
king
each
mac
hin
e one
pra
ctic
al, an
d c
hec
king
each
mac
hin
e one --
by
by --
one
was
tes
one
was
tes
time/
money
.tim
e/m
oney
.
!!Ther
e m
ust
be
a bet
ter
solu
tion…
..Ther
e m
ust
be
a bet
ter
solu
tion…
..
Secu
rity
Secu
rity
LAN
Tri
pLA
NT
rip
!!Req
uires
a s
imple
sys
tem
: 13
3Req
uires
a s
imple
sys
tem
: 13
3 --M
Hz
w/6
4MB
M
Hz
w/6
4MB
RAM
. H
ard D
rive
siz
e dep
ends
on h
ow
man
y RAM
. H
ard D
rive
siz
e dep
ends
on h
ow
man
y cl
ient m
achin
es.
clie
nt m
achin
es.
!!St
eps:
Step
s:!!
LAN
Trip
LAN
Trip
store
s a
copy
of th
e Tripw
ire
inst
alla
tion a
nd
store
s a
copy
of th
e Tripw
ire
inst
alla
tion a
nd
the
origi
nal
dat
abas
e on the
secu
rity
ser
ver.
the
origi
nal
dat
abas
e on the
secu
rity
ser
ver.
!!A
t a
certai
n tim
e (o
r at
ran
dom
), a
copy
of th
e A
t a
certai
n tim
e (o
r at
ran
dom
), a
copy
of th
e in
stal
latio
n &
dat
abas
e ar
e co
pie
d fro
m the
host
to a
in
stal
latio
n &
dat
abas
e ar
e co
pie
d fro
m the
host
to a
ra
ndom
direc
tory
on e
ach c
lient.
ra
ndom
direc
tory
on e
ach c
lient.
!!
Tripw
ire
is e
xecu
ted a
nd the
resu
lts a
re r
ecord
ed.
Tripw
ire
is e
xecu
ted a
nd the
resu
lts a
re r
ecord
ed.
!!The
resu
lts a
re s
ent bac
k to
the
serv
er.
The
resu
lts a
re s
ent bac
k to
the
serv
er.
!!The
Tripw
ire
inst
alla
tion &
dat
abas
e ar
e del
eted
fro
m
The
Tripw
ire
inst
alla
tion &
dat
abas
e ar
e del
eted
fro
m
the
clie
nt m
achin
eth
e cl
ient m
achin
e
Secu
rity
Secu
rity
Co
nfi
gura
tio
n o
n S
erve
rC
on
figu
rati
on
on
Ser
ver
!!Cre
ate
a trip
wire
use
r w
ho w
ill r
un
Cre
ate
a trip
wire
use
r w
ho w
ill r
un
Tripw
ire
on the
clie
nts
Tripw
ire
on the
clie
nts
!!<<la
ntrip
_direc
tory
lantrip
_direc
tory
>/d
ata/
>/d
ata/
host
s.co
nf
host
s.co
nf ::
!!D
eter
min
es w
hat
host
s to
chec
k fo
r in
tegr
ity.
Det
erm
ines
what
host
s to
chec
k fo
r in
tegr
ity.
!!Fo
rmat
:Fo
rmat
:H
ostn
am
eH
ostn
am
eR
emot
e U
ser
R
emot
e U
ser
O
S_A
rch
itec
ture
OS_
Arc
hit
ectu
re
!!Exa
mple
:Exa
mple
:unis
ys01
unis
ys01
trip
wire
trip
wire
Linux_
x86
Linux_
x86
unis
ys02
unis
ys02
trip
wire
trip
wire
Open
BSD
_Alp
ha
Open
BSD
_Alp
ha
unis
ys03
unis
ys03
trip
wire
trip
wire
Sola
ris_
SPARC
Sola
ris_
SPARC
Secu
rity
Secu
rity
Co
nfi
gura
tio
n o
n S
erve
rC
on
figu
rati
on
on
Ser
ver
!!<<la
ntrip
_direc
tory
lantrip
_direc
tory
>/d
ata/
>/d
ata/
rand_d
ir.c
onf
rand_d
ir.c
onf ::
!!In
cludes
direc
tories
wher
e In
cludes
direc
tories
wher
e LA
NTrip
LAN
Trip
should
copy
the
inst
alla
tion &
sh
ould
copy
the
inst
alla
tion &
dat
abas
e to
(th
ese
direc
tories
should
exi
st o
n a
ll m
achin
es a
nd
dat
abas
e to
(th
ese
direc
tories
should
exi
st o
n a
ll m
achin
es a
nd
must
be
writa
ble
by
the
trip
wire
use
r).
must
be
writa
ble
by
the
trip
wire
use
r).
!!Exa
mple
:Exa
mple
:// v
ar/t
mp
var/
tmp
// tm
ptm
p!!
The
more
direc
tories
the
bet
ter. I
ncr
ease
d R
andom
nes
s!!
The
more
direc
tories
the
bet
ter. I
ncr
ease
d R
andom
nes
s!!
!!<
< lan
trip
_direc
tory
lantrip
_direc
tory
>/
>/ l
antrip
_rep
ort.p
lla
ntrip
_rep
ort.p
l ::!!
Edit
firs
t co
uple
lin
es o
f th
e sc
ript to
sen
d r
eport e
mai
ls to p
Edit
firs
t co
uple
lin
es o
f th
e sc
ript to
sen
d r
eport e
mai
ls to p
roper
ro
per
em
ail ad
dre
ss.
emai
l ad
dre
ss.
!!A
dd a
A
dd a
cro
nta
bcr
onta
ben
try
to r
un
entry
to r
un L
AN
Trip
LAN
Trip
at a
spec
ific
or
at a
spec
ific
or
random
tim
e (this
is
not nec
essa
ry, as
you c
an r
un
random
tim
e (this
is
not nec
essa
ry, as
you c
an r
un
LAN
Trip
LAN
Trip
man
ual
ly)
man
ual
ly)
!!Se
ndm
ail
Sendm
ailm
ust
als
o b
e in
stal
led
must
als
o b
e in
stal
led
Secu
rity
Secu
rity
Co
nfi
gura
tio
n o
n C
lien
tsC
on
figu
rati
on
on
Cli
ents
!!Run: <
Run: <la
ntrip
_direc
tory
lantrip
_direc
tory
>/
>/ l
antrip
_clie
nt.p
lla
ntrip
_clie
nt.p
l!!
Pro
mpts
for
loca
tion o
f Tripw
ire
sourc
e an
d
Pro
mpts
for
loca
tion o
f Tripw
ire
sourc
e an
d s
shd
sshd
configu
ratio
n
configu
ratio
n
file
file
!!Auto
mat
ical
ly e
dits
configu
res
Tripw
ire
to b
e ab
le to b
e ru
n fro
Auto
mat
ical
ly e
dits
configu
res
Tripw
ire
to b
e ab
le to b
e ru
n fro
m
m
any
direc
tory
(th
is w
ill b
e use
d w
hen
the
trip
wire
use
r co
nnec
tsan
y direc
tory
(th
is w
ill b
e use
d w
hen
the
trip
wire
use
r co
nnec
tsre
mote
ly to r
un T
ripw
ire)
rem
ote
ly to r
un T
ripw
ire)
!!M
odifie
s M
odifie
s ss
hd_c
onfig
sshd_c
onfig
and s
ets
and s
ets
RSA
Host
sAllo
wRSA
Host
sAllo
wto
“Y
es”
to “
Yes
”!!
Com
pile
s Tripw
ire
Com
pile
s Tripw
ire
!!Copy
Tripw
ire
inst
alla
tion &
dat
abas
e to
sec
urity
ser
ver
Copy
Tripw
ire
inst
alla
tion &
dat
abas
e to
sec
urity
ser
ver
(this
only
nee
ds
to b
e done
once
for
each
arc
hite
cture
)(t
his
only
nee
ds
to b
e done
once
for
each
arc
hite
cture
)!!
Modify
<M
odify
<trip
wire_
direc
tory
trip
wire_
direc
tory
>/
>/ c
onfigs
/tw
.config
configs
/tw
.config
to tel
l to
tel
l Tripw
ire
what
file
s/fo
lder
s to
monito
r. F
or
assi
stan
ce,
Tripw
ire
what
file
s/fo
lder
s to
monito
r. F
or
assi
stan
ce,
refe
r to
the
sam
ple
re
fer
to the
sam
ple
tw
.config
tw.c
onfig
file
.file
.!!
Enab
le p
assw
ord
Enab
le p
assw
ord
-- les
s ac
cess
to the
trip
wire
use
rle
ss a
cces
s to
the
trip
wire
use
r
Secu
rity
Secu
rity
Ru
nn
ing
& U
pd
atin
g R
un
nin
g &
Up
dat
ing
LAN
Tri
pLA
NT
rip
!!U
pdat
ing:
Updat
ing:
!!To u
pdat
e Tripw
ire
dat
abas
es o
n the
serv
er,
To u
pdat
e Tripw
ire
dat
abas
es o
n the
serv
er,
run: <
run: <se
rver
_lan
trip
_direc
tory
serv
er_l
antrip
_direc
tory
>/
>/ l
antrip
.pl
lantrip
.pl–– ii
!!Runnin
g:Runnin
g:!!
To r
un
To r
un L
AN
Trip
LAN
Trip
man
ual
ly, on the
serv
er, ru
n:
man
ual
ly, on the
serv
er, ru
n:
<<se
rver
_lan
trip
_direc
tory
serv
er_l
antrip
_direc
tory
>/
>/ r
un_l
antrip
.pl
run_l
antrip
.pl
!!To s
end the
To s
end the
LAN
Trip
LAN
Trip
report m
anual
ly, on the
report m
anual
ly, on the
serv
er, ru
n:
serv
er, ru
n:
<<se
rver
_lan
trip
_direc
tory
serv
er_l
antrip
_direc
tory
>/
>/ l
antrip
_rep
ort.p
lla
ntrip
_rep
ort.p
l
LAN
Tri
pLA
NT
rip
Rep
ort
Rep
ort
Serv
er/C
lien
t St
atu
s Se
rver
/Cli
ent
Stat
us
Mo
nit
ori
ng
Mo
nit
ori
ng
!!O
ften
tim
es y
ou w
ant to
monito
r:O
ften
tim
es y
ou w
ant to
monito
r:!!
Serv
ices
runnin
g on the
serv
er &
clie
nts
, fo
r ex
ample
:Se
rvic
es r
unnin
g on the
serv
er &
clie
nts
, fo
r ex
ample
:!!
sshd
sshd
!!ftp
ftp
!!http
http
!!Im
portan
t at
trib
ute
s on s
erve
r &
clie
nt m
achin
es:
Importan
t at
trib
ute
s on s
erve
r &
clie
nt m
achin
es:
!!D
isk/
mem
ory
usa
geD
isk/
mem
ory
usa
ge
!!U
ptim
e/dow
ntim
eU
ptim
e/dow
ntim
e
!!Sy
stem
load
Syst
em load
!!Runnin
g pro
cess
esRunnin
g pro
cess
es
!!G
reat
tool fo
r st
atus
monito
ring:
G
reat
tool fo
r st
atus
monito
ring:
Nag
ios
Nag
ios
Serv
er/C
lien
t St
atu
s Se
rver
/Cli
ent
Stat
us
Mo
nit
ori
ng
Mo
nit
ori
ng
!!N
agio
sN
agio
s!!
Cap
able
of m
onitoring
all of th
e m
ost
cru
cial
Cap
able
of m
onitoring
all of th
e m
ost
cru
cial
in
form
atio
n/s
ervi
ces
info
rmat
ion/s
ervi
ces
!!Im
med
iate
notif
icat
ion o
f pro
ble
ms
(Im
med
iate
notif
icat
ion o
f pro
ble
ms
( ieie. E
. E-- m
ail)
mai
l)
!!Abili
ty to d
efin
e ev
ent han
dle
rsAbili
ty to d
efin
e ev
ent han
dle
rs
!!M
anual
chec
king
of se
rvic
es/c
lient at
trib
ute
sM
anual
chec
king
of se
rvic
es/c
lient at
trib
ute
s
!!Cap
able
of sc
hed
ulin
g dow
ntim
e of se
rvic
es/c
lients
Cap
able
of sc
hed
ulin
g dow
ntim
e of se
rvic
es/c
lients
!!W
eb inte
rfac
e! (
Req
uires
Web
ser
ver)
Web
inte
rfac
e! (
Req
uires
Web
ser
ver)
!!O
pen
sourc
e O
pen
sourc
e ��
FR
EE
!!F
RE
E!!
!!It tak
es tim
e to
lea
rn h
ow
to p
roper
ly c
onfigu
re
It tak
es tim
e to
lea
rn h
ow
to p
roper
ly c
onfigu
re
Nag
ios
Nag
ios
and u
se it to
it
and u
se it to
it �� s
full
pote
ntia
l, how
ever
, it
s fu
ll pote
ntia
l, how
ever
, it
is d
efin
itely
worth it.
is d
efin
itely
worth it.
Serv
er/C
lien
t St
atu
s Se
rver
/Cli
ent
Stat
us
Mo
nit
ori
ng
Mo
nit
ori
ng
!!Configu
ring
Configu
ring
Nag
ios
Nag
ios ::
!!Cre
ate
a Cre
ate
a nag
ios
nag
ios
use
r w
ho w
ill r
un
use
r w
ho w
ill r
un N
agio
sN
agio
sre
late
d s
crip
ts.
rela
ted s
crip
ts.
!!Y
ou m
ust
modify
most
of th
e co
nfigu
ration file
s. S
om
e of th
e Y
ou m
ust
modify
most
of th
e co
nfigu
ration file
s. S
om
e of th
e m
ost
im
portan
t ar
e:m
ost
im
portan
t ar
e:!!
<<nag
ios_
direc
tory
nag
ios_
direc
tory
>/e
tc/
>/e
tc/ h
ost
s.cf
ghost
s.cf
g!!
<<nag
ios_
direc
tory
nag
ios_
direc
tory
>/e
tc/
>/e
tc/ s
ervi
ces.
cfg
serv
ices
.cfg
!!<<nag
ios_
direc
tory
nag
ios_
direc
tory
>/e
tc/
>/e
tc/ c
onta
cts.
cfg
conta
cts.
cfg
!!<<nag
ios_
direc
tory
nag
ios_
direc
tory
>/e
tc/
>/e
tc/ c
onta
ctgr
oups.
cfg
conta
ctgr
oups.
cfg
!!<<nag
ios_
direc
tory
nag
ios_
direc
tory
>/e
tc/
>/e
tc/ h
ost
groups.
cfg
host
groups.
cfg
!!Se
t up w
eb s
erve
r (w
ith a
uth
entic
atio
n)
&
Set up w
eb s
erve
r (w
ith a
uth
entic
atio
n)
& N
agio
sN
agio
sw
eb inte
rfac
ew
eb inte
rfac
e!!
Star
t St
art
Nag
ios
Nag
ios :
/et
c/: /e
tc/ r
c.d/i
nit.
d/n
agio
src
.d/i
nit.
d/n
agio
sst
art
star
t
!!Sc
ripts
(lo
cate
d in <
Scripts
(lo
cate
d in <
nag
ios_
direc
tory
nag
ios_
direc
tory
>/
>/ l
ibex
eclib
exec
/) c
an a
lso
/) c
an a
lso
be
run m
anual
lybe
run m
anual
ly!!
Det
aile
d tuto
rial
s ca
n b
e fo
und a
ll ove
r th
e in
tern
etD
etai
led tuto
rial
s ca
n b
e fo
und a
ll ove
r th
e in
tern
et
Nag
ios
Nag
ios
––co
nta
cts.
cfg
con
tact
s.cf
g
Nag
ios
Nag
ios
––se
rvic
es.c
fgse
rvic
es.c
fg
Co
ncl
usi
on
Co
ncl
usi
on
!!This
pro
ject
was
aim
ed a
t puttin
g to
geth
er a
This
pro
ject
was
aim
ed a
t puttin
g to
geth
er a
se
curity
/monito
ring
serv
er u
tiliz
ing
man
y popula
r open
secu
rity
/monito
ring
serv
er u
tiliz
ing
man
y popula
r open
--so
urc
e so
ftw
are.
This
typ
e of ce
ntral
ized
ser
ver
is p
erfe
ct
sourc
e so
ftw
are.
This
typ
e of ce
ntral
ized
ser
ver
is p
erfe
ct
for
a net
work
that
conta
ins
man
y cr
uci
al s
erve
rs (
i.e.
for
a net
work
that
conta
ins
man
y cr
uci
al s
erve
rs (
i.e.
Univ
ersi
ty, B
usi
nes
s Corp
ora
tions)
or
even
for
a U
niv
ersi
ty, B
usi
nes
s Corp
ora
tions)
or
even
for
a cl
assr
oom
net
work
.cl
assr
oom
net
work
.!!
With
this
typ
e of se
rver
you w
ill b
e ab
le to:
With
this
typ
e of se
rver
you w
ill b
e ab
le to:
!!Eas
ily fin
d a
ny
erro
rs that
may
be
pla
guin
g a
clie
nt m
achin
eEas
ily fin
d a
ny
erro
rs that
may
be
pla
guin
g a
clie
nt m
achin
e!!
Find o
ut if s
om
eone
is a
ttem
pting
to d
o s
om
ethin
g th
ey s
hould
n’t
Find o
ut if s
om
eone
is a
ttem
pting
to d
o s
om
ethin
g th
ey s
hould
n’t
be
doin
gbe
doin
g!!
Det
ect unau
thorize
d a
cces
s to
your
clie
nt m
achin
es w
ithout
Det
ect unau
thorize
d a
cces
s to
your
clie
nt m
achin
es w
ithout
lettin
g th
e in
truder
know
you a
re d
oin
g so
lettin
g th
e in
truder
know
you a
re d
oin
g so
!!M
onitor
key
serv
ices
and c
lients
so that
the
pro
ble
ms
may
be
Monitor
key
serv
ices
and c
lients
so that
the
pro
ble
ms
may
be
fixe
d q
uic
kly
and e
ffic
iently
fixe
d q
uic
kly
and e
ffic
iently
!!So
me
of th
e to
ols
use
d in this
pro
ject
would
be
a gr
eat
Som
e of th
e to
ols
use
d in this
pro
ject
would
be
a gr
eat
additi
on to the
serv
ers
use
d in the
School of Engi
nee
ring
additi
on to the
serv
ers
use
d in the
School of Engi
nee
ring
net
work
.net
work
.
Ref
eren
ces
Ref
eren
ces
!!http:/
/ww
w.li
nux
http:/
/ww
w.li
nux-- m
ag.c
om
/200
0m
ag.c
om
/200
0 --10
/sec
urity
_01.
htm
l10
/sec
urity
_01.
htm
l
!!http:/
/ww
w.li
nux
http:/
/ww
w.li
nux-- m
ag.c
om
/200
0m
ag.c
om
/200
0 --09
/guru
_01.
htm
l09
/guru
_01.
htm
l
!!http:/
/ww
w.li
nux
http:/
/ww
w.li
nux-- m
ag.c
om
/200
0m
ag.c
om
/200
0 --10
/guru
_01.
htm
l10
/guru
_01.
htm
l
!!http:/
/http:/
/ ww
w.e
ventrep
orter
.com
ww
w.e
ventrep
orter
.com
/en/
/en/
!!"U
sing
Tripw
ire
on a
Net
work
with
"U
sing
Tripw
ire
on a
Net
work
with
LA
NTrip
LAN
Trip"
in
" in
Sy
sadm
inSy
sadm
inm
agaz
ine,
Oct
. 20
03
mag
azin
e, O
ct. 20
03
!!http:/
/http:/
/ ww
w.n
agio
s.org
ww
w.n
agio
s.org
//
!!http:/
/ww
w.o
nla
mp.c
om
/pub/a
/onla
mp/2
002/
09/
http:/
/ww
w.o
nla
mp.c
om
/pub/a
/onla
mp/2
002/
09/
05/n
agio
s.htm
l05
/nag
ios.
htm
l
Ack
no
wle
dgm
ents
Ack
no
wle
dgm
ents
!!Thro
ugh
the
Unis
ys S
chola
rs P
rogr
am I
was
Thro
ugh
the
Unis
ys S
chola
rs P
rogr
am I
was
ab
le to lea
rn a
gre
at d
eal ab
out Li
nux,
ab
le to lea
rn a
gre
at d
eal ab
out Li
nux,
net
work
ing,
and m
any
syst
em
net
work
ing,
and m
any
syst
em
adm
inis
trat
ion s
kills
while
hel
pin
g th
e ad
min
istrat
ion s
kills
while
hel
pin
g th
e st
uden
ts in the
cours
e at
the
sam
e tim
e.st
uden
ts in the
cours
e at
the
sam
e tim
e.!!
Than
ks to:
Than
ks to:
!!D
r. D
avid
Gar
din
erD
r. D
avid
Gar
din
er!!
Dr. D
oyl
e K
nig
ht
Dr. D
oyl
e K
nig
ht
!!D
r. A
lexe
i D
r. A
lexe
i K
ote
lnik
ov
Kote
lnik
ov
