Munin est un outil de monitoring fonctionnant par script et collectant des informations sur le systeme à interval régulier (5min par défaut), Munin affiche des graphiques concernants des informations qu’il collecte dans /proc. Les graphiques sont accessibles via apache, il faut donc également sécuriser l’accès à celui-ci. Il faut installer trois choses différentes :
le programme munin,
le daemon munin-node qui va monitorer les informations système,
et apache2 qui nous permettra de visualiser les graphiques.
Here are some basic munin plugins for snort using perfmon (Enable preprocessor perfmonitor in snort.conf) The snort.conf entry should look something like:
preprocessor perfmonitor: time 300 file /your/path/to/snort.stats pktcnt 5000
(Read the snort docs for more info on performance issues etc.)
Today I found myself reconfiguring a wireless access point I hadn’t used in a very long time. I no longer have the manual (so I could reset it to factory defaults) nor do I remember what the obscure IP address I configured it with was. Luckily I do know what network it’s setup for ( 192.168.1.x ) but I don’t want to have to try to connect to all 254 IP addresses (192.168.1.1 through 192.168.1.254) as that would take quite some time.
So what I’m going to do is use Nmap a swiss army knife for network operators and system admins. What we’re going to do is use Nmap to scan the entire network and tell us which IP addresses are active. This will allow us to drastically reduce the number of IP addresses we have to try.
There are Nmap versions for all three major OS’s *nix, OS X and Windows. I’ll be showing you the syntax for the *nix/OS X version.
nmap -sP 192.168.1.0/24
replace 192.168.1.0/24 with whatever network it is you’re trying to scan. The /24 is the netmask of the network in CDIR notation. If you need a cheat sheet you can find one here
Once you press return (or enter) Nmap will start to work pinging each and every IP address on your network and noting which ones respond and which don’t. (Note that if your device has a firewall that discards ping requests it will appear to be down to this scan)
You’ll quickly get an output similar to the following
Starting Nmap 4.50 ( http://insecure.org ) at 2008-08-19 10:15 PDT
HOST 192.168.1.25 appears to be up.
MAC Address: 0:0F:1F:4C:0B:E6 (WW Pcba Test)
Nmap finished: 256 IP addresses (3 hosts up) scanned in 5.711 seconds
Un jour vous pouvez resté bloqué par un mot de passe perdu pour accéder à Webmin et vous auriez besoin d’un moyen de le changer.
Voici comment: pour commencer, connectez-vous à votre système en ssh.Vous devez trouver où Webmin est installé et donc le chemin que le script utilisera pour réinitialiser le mot de passe. Lire la suite…
Private Eye is a free real-time network monitor app for Mac OS X that is extremely easy to use. Upon launching the app, you’ll start to see all open network connections by application and process, and you can then filter connections by app, monitor all open connections, or watch only incoming or outgoing transfer.
Connections are reported by application, the time of the connection, and arguably the most useful, the IP address that is being connected to by the app, making it easy to see socket and routing data, letting you know exactly what app is communicating with what server or IP address, for both local and broader internet networks. If you have any interest in networking, privacy, security, or you just want to keep an eye on what apps are connecting to the internet and to where, you should download this app, but it’s also an amazingly useful tool for troubleshooting network problems and figuring out what is using the network.
Download and install Private Eye by putting it into your /Applications/ folder, then open PrivateEye to get started. The list of open network connections is easy to read, you’ll see a time stamp of the connection, the application name, and where the connection is going to by IP (or coming from, as determined by the arrow pointing left for in, or right for out).
Using the left side menu you can quickly break down connections to see them all, only show incoming transfers, outgoing connections, or display connections by specific application only. Apps are easy to identify in this list, as are daemons running in the background (like PubSubAgent), and command line processes belonging to the user are also visible (ssh, for example).
This is a simple yet powerful tool without the complexity or the learning curves related to compiling and using the command line tools lsof, watch, open_ports, or wireshark, and is therefore highly recommended for anyone who is interested in seeing this kind of information, whether it’s out of general curiosity, or to help troubleshoot and diagnose specific network activities.