Linux Socket Monitor 0.6

1) What is LSM
LSM is a bash scripted network socket monitor. It is designed to track
changes to Network sockets and Unix domain sockets.

A comprehensive alert system, simple program usage & installation make LSM
ideal for deployment in any linux environment (geared for web servers). Using
a rather simple yet logical structure, LSM identifies changes in both
Network Sockets and Unix Domain Sockets. By recording a base set of what
sockets should be active then comparing the currently active socket information
to that of the base comparison files, we highlight otherwise unknown services.

LSM will ignore services that are currently holding sockets open. Events are
only applicable when a 'new' socket is created, be it UDS Stream Socket or TCP
Network Socket, LSM will identify it. Currently LSM does not track DGRAM Unix
Domain Sockets, but will in the future.

2) Setup
To setup LSM, simply execute the 'install.sh' script inside the extraced path.
This will install LSM to /usr/local/lsm, and symlink its executable to
/usr/local/sbin/lsm. As well, there will be a cron.d entry added to
/etc/cron.d/lsm, set to run it once every 10 minutes.

3) Usage
LSM has 3 arguments that perform the following operations respectivly:
-g    Generate base comparision files
-c    Compare current socket information to comparision files
-d    Delete base comparision files

Upon installation, LSM generates its base comparison files, but we recommend
you manualy do so to ensure it has been done.

# /usr/local/sbin/lsm -g

Then to check for changes in sockets, use the -c argument. This will compare
the current sockets running, with the generated base comparision files. If any
changes are found you will be notified, otherwise it will note if no changes
are present.

When changes are found, LSM issues an email alert to the configured addresses
in /usr/local/lsm/lsm.conf. Details about changes will not be printed to
screen, in future i will creat a lsm.log of sometype. However my goal at this
point was to creat a socket monitor that issues email alerts.

4) License:
LSM is developed and supported on a volunteer basis by Ryan MacDonald
[ryan@r-fx.org]

LSM is distributed under the GNU General Public License (GPL) without
restrictions on usage or redistribution. The LSM copyright statement, and
GNU GPL, "COPYING.GPL" are included in the top-level directory of the
distribution. Credit must be given for derivative works as required under GNU
GPL.

5) Support:
All inquiries relating to SysBK should be directed to LSM@r-fx.org or check
the r-fx.org projects homepage at:
http://www.r-fx.org/proj.php

