Linux Socket Monitor

Current Release:
http://www.rfxn.com/downloads/lsm-current.tar.gz
http://www.rfxn.com/appdocs/README.lsm
http://www.rfxn.com/appdocs/CHANGELOG.lsm

Description:
LSM is a network socket monitor; it is designed to track changes to Network sockets and Unix domain sockets, effectively a port monitor. It does this by a rather simple differential based comparison of current and new server sockets (Server Ports). A simple and configurable alerting system sends alerts whenever new ports activate. LSM will ignore services that are currently holding sockets open, events are only applicable when a ‘new’ socket (port) is created.

Funding:
Funding for the continued development and research into this and other projects, is solely dependent on public contributions and donations. If this is your first time using this software we ask that you evaluate it and consider a small donation; for those who frequent and are continued users of this and other projects we also ask that you make an occasional small donation to help ensure the future of our public projects.

5 Replies to “Linux Socket Monitor”

  1. another error report, cronjob (affects bfd, too).

    Oct 30 21:14:01 host /usr/sbin/cron[1585]: (*system*bfd) ERROR (Syntax error, this crontab file will be ignored)

    The version of cron shipped with debian and ubuntu seems to have problems with the assignment of the SHELL and MAILTO variables.

    SHELL=/bin/bash -> does not work
    SHELL=”/bin/sh” -> works

    Thanks for you efforts!

  2. Installed on Debian Squeeze, LSM keeps throwing errors:

    sh install.sh
    .: LSM installed
    Install path: /usr/local/lsm
    Config path: /usr/local/lsm/conf.lsm
    Executable path: /usr/local/sbin/lsm
    LSM version 0.6
    Copyright (C) 2004, R-fx Networks
    2004, Ryan MacDonald
    This program may be freely redistributed under the terms of the GNU GPL

    [: 186: 0.0.0.0:2299: unexpected operator
    [: 186: 0.0.0.0:9418: unexpected operator
    [: 186: :::9418: unexpected operator
    [: 186: 127.0.0.1:3306: unexpected operator
    [: 186: 127.0.0.1:80: unexpected operator
    generated base comparison files

    Any ideas? System is IPv6 enabled. This is the output of “netstat -npl”:
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:9418 0.0.0.0:* LISTEN 1866/git-daemon
    tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1757/mysqld
    tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 1533/apache2
    tcp 0 0 0.0.0.0:2299 0.0.0.0:* LISTEN 16259/sshd
    tcp6 0 0 :::9418 :::* LISTEN 1866/git-daemon
    udp 0 0 178.79.188.15:123 0.0.0.0:* 1787/ntpd
    udp 0 0 127.0.0.1:123 0.0.0.0:* 1787/ntpd
    udp 0 0 0.0.0.0:123 0.0.0.0:* 1787/ntpd
    udp 0 0 0.0.0.0:5353 0.0.0.0:* 1608/avahi-daemon:
    udp 0 0 0.0.0.0:48088 0.0.0.0:* 1608/avahi-daemon:
    udp6 0 0 :::123 :::* 1787/ntpd
    Active UNIX domain sockets (only servers)
    Proto RefCnt Flags Type State I-Node PID/Program name Path
    unix 2 [ ACC ] STREAM LISTENING 4596 1596/dbus-daemon /var/run/dbus/system_bus_socket
    unix 2 [ ACC ] STREAM LISTENING 3850 1608/avahi-daemon: /var/run/avahi-daemon/socket
    unix 2 [ ACC ] STREAM LISTENING 4654 1757/mysqld /var/run/mysqld/mysqld.sock
    unix 2 [ ACC ] STREAM LISTENING 50020 19824/clamd /var/run/clamav/clamd.ctl


  3. Jason:

    Hi,
    Great project, thanks!
    Quick question. In the conf the USER setting. Is this meant for a user or an email address?

    It can be a local system account, or an email address. A local system account requires the proper mail services installed locally. I would recommend you set this to an email address.

  4. very nice software
    i like it very much but i have a question that if i want to view the new generated comparison files with the help of lsm -g, how can i do that?????

Leave a Reply

Your email address will not be published. Required fields are marked *