Linux Socket Monitoring

faisalrrehman

Faisal Rehman

Posted on August 19, 2020

Linux Socket Monitoring

A socket is just like a port which is used to receive and transmit information in the network. Here we will discuss two types of sockets that are important in view of Socket Monitoring in Linux
Environment.:
 Internet Sockets
 Unix Domain Sockets
Internet Sockets are related with the reception & transmission of information in an ip-based network like Internet. Unix Domain Sockets are also called as inter-process communication sockets, similar to the internet sockets but without internet protocol.

What is LSM?
LSM stands for Linux Socket Monitoring. This tool is designed to track & monitor changes in the
Internet and Unix Domain Sockets. It is also a port monitor. There is a very simple working scenario of Linux Socket monitoring tool that it compares the current sockets with the new server sockets. Whenever new ports are activating, there is a simple and configurable alert system (via emails), also whenever the ports given in the files of “dat” directory are changed by some body, we will receive the alert emails.
There is a simple way of installing LSM which is given in the following steps:

  1. Firstly download the source package of LSM in the /usr/local/src directory using the wget command as: wget http://www.rfxn.com/downloads/lsm-current.tar.gz
  2. Untar the source package as: # tar –xzvf lsm-current.tar.gz
  3. There will be a script available for installation of LSM and it will be installed by running it: . /install.sh Now for getting email alerts we will have to make some configuration in the conf.lsm file in /usr/local/lsm directory. # cd /usr/local/lsm # vim conf.lsm and change the USER option which is set to root (by default) to your wanted email address as: USER=abc@example.com When we install LSM on our system, it generates the base comparison but it is recommended to generate the files again by running the following command: # lsm –g If we want to compare the current sockets with the new generated comparison file of sockets we will have to run the following command: # lsm –c It will tell us in case of any change of socket comparing to the comparison files. The comparison files can be deleted with: # lsm –d

Testing LSM:
First step after installation of LSM is to generate the comparison files, once these files are generated, every change in the sockets will be compared to that file in the future.
In order to test the functionality of LSM, let us change any port in the netserv.list file which contains the information regarding the internet sockets, let’s say the SMTP port or socket which is 25 and we change it to any other like 29, and then for by comparing we will find the result.

Similarly if the changes found in unix domain sockets, it will also inform us about that and an email
will be sent to the address that we had given in the conf.lsm file in the /usr/local/lsm directory.
The executable file of LSM is placed in the /usr/local/lsm and also in /usr/local/sbin/ directory.

Finally if we want no comparison files then these files can be deleted with the help of the following command:

lsm –d

💖 💪 🙅 🚩
faisalrrehman
Faisal Rehman

Posted on August 19, 2020

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related