10 Great Linux Monitoring Tools You Probably Never Used
Keeping your servers secure is a fundamental task to survive long-term. The following is a list of 10 great monitoring tools for Unix systems that don’t get as much publicity but are not short of what they can do.
The EDDIE Tool
The EDDIE Tool is a system and network monitoring, security, and performance analysis agent developed entirely in threaded Python. Its key features are portability, extendibility, and powerful configuration.
ZoneMinder
ZoneMinder is an integrated set of applications which provide a complete surveillance solution allowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a Linux based machine. It is designed to run on distributions which support the Video For Linux (V4L) interface and has been tested with video cameras attached to BTTV cards, various USB cameras and IP network cameras.
OS-SIM
OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc.
OSSIM features the following software components:
- Arpwatch – used for MAC anomaly detection.
- P0f – used for passive OS detection and OS change analysis.
- Pads – used for service anomaly detection.
- Nessus – used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
- Snort – the IDS, also used for cross correlation with nessus.
- Spade – the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signatures.
- Tcptrack – used for session data information which can prove useful for attack correlation.
- Ntop – which builds an impressive network information database from which we can identify aberrant behavior/anomaly detection.
- Nagios – fed from the host asset database, it monitors host and service availability information.
- Osiris – a great HIDS.
- OCS-NG – cross-platform inventory solution.
- OSSEC – integrity, rootkit, registry detection, and more.
- Download OS-SIM
Aware
The Aware project is an effort to create a software framework for measuring, monitoring, and controlling computer system resources. It is intended to enable system administrators to tune system variables, set monitoring/security alarms, and build adaptive distributed systems. Aware modules may be linked into applications making them ‘aware’ and able to participate in the larger managed system.
Deep Network Analyzer
The output adaptor component of the DNA architecture, encompassing a powerful data dictionary and plugable resource adaptors, is responsible for transforming processsed data objects to a portable format and trasmiting them to external resource managers.
RootkitHunter
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, sniffers, and malware. The application consists of the main shell script, a few text-based databases, and optional Perl scripts. It can recognise and run external applications like ’skdet’ and ‘unhide’. It should run on almost every Unix clone.
ModSecurity
ModSecurity is an intrusion detection and prevention engine for Web applications (sometimes called a Web application firewall). Operating embedded or as part of an Apache reverse proxy, it increases Web application security, protecting Web applications from known and unknown attacks. It is flexible and easy to configure. It monitors HTTP traffic (including POST payloads), detects or prevents attacks, enhances logging, performs anti-evasion, and allows administrators to create custom rules to suit their specific needs. It excels in HTTP traffic monitoring and just-in-time vulnerability patching.
PIKT
PIKT® is cross-categorical, multi-purpose software for monitoring and configuring computer systems, administering networks, organizing system security, and much more. PIKT is intended primarily for system monitoring, and secondarily for configuration management, but its versatility and extensibility evoke many other wide-ranging uses.
Apache httpd tools
Apache httpd tools is a collection of administrative and security tools originally developed for the book Apache Security (O’Reilly). Included are tools for Apache httpd monitoring, statistics, log analysis, DoS detection, and defense.
TorApplet
TorApplet is a simple GNOME applet for managing and monitoring the basic activities of the Tor daemon. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.
