Plugins4379Themes and Skins11Addons732Documentation283Graphics and Logos36View All Categories
LinuxSecuritySNMPFile SystemCloud
New Listings Recently Updated Listings Most Favored Listings Most Popular Listings Most Rated Listings Most Reviewed Listings
Random Project
SNMP Check AIX Filesystem via SNMP
RSS Feed
Newest Listings Updated Listings
Top Contributors
Julien DESMAREST (4)Davide Lemma (4)deskwork_itunes142 (4)Joerg Hoerter (3)TcoUpLoad (1)
See More
Newest Contributors
Community Member (51)Davide Lemma (4)Alarig Le Lay (1)Penn Rabb (1)Sean Falzon (1)
See More

Thank you for your review!

Your review has been submitted and is pending approval.

Description

The security dashboard assumes /var/log/messages and /var/log/secure are being monitored. The associated query looks for things like “segfault” and “Failed password” and other things which may indicate an attack.

The second query looks for “Port scan detected” and relies on syslog messages sent from PSAD (Port Scan Automated Detection) running on a system. It analyzes iptables logs and alerts when a port scan is being run.

Taken together, these two queries and the dashboard can give a timeline of a potential attack taking place:

1.) Scans are run looking for open services (“Port scan detected”)
2.) Common SSH logins are attempted (“Failed password”)
3.) Failing that, the attacker finds a possibly-exploitable program and begins testing (“segfault”)
4.) If the attacker gets in, he might create a user for himself or delete one (“new user”)

Since /var/log/messages and /var/log/secure are present on nearly every Linux system, this dashboard (even without the PSAD query) can be used in many environments with little to no setup required.

Project Details

Current Version

Last Release Date

December 15, 2014

Owner

Trevor McDonald

Website

http://www.nagios.com/products/nagios-log-server

Compatible With

  • Nagios Log Server

Recommend

To:


From: