Network Security Monitor Daemon 4.0 review
DownloadThe Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs
|
|
The Network Security Monitor Daemon is a lightweight network security monitor for TCP/IP LANs. It will capture certain network events and record them in a relational database. The recorded data is available for analysis through a CGI-based interface.
You can run test version with './Monitord', just to see how it works. Production version should be run in background, v.g. with 'nohup ./monitord &'. Both versions will accept a device name as a parameter (default: eth0). You can send them SIGHUP at any time to print some stats. If you send SIGTERM, SIGQUIT or SIGINT, all threads will end gracefully.
What's New in This Release:
Linux Kernel with "packet sockets" and "socket filtering" support.
GNU C Library 2 (glibc2) with LinuxThreads support. (integrated in most recent versions).
Full MySQL, including headers and libmysqlclient_r.
GNU C Compiler (gcc).
GNU Make (make).
Perl (perl).
Wget (wget).
What's New in This Release:
Added 'chmod 4755 ...' in Makefile
Root should run 'make' now, but not the daemon ;-)
The daemon will drop root privileges as soon as possible
(after creating the raw socket with an attached linux socket
filter and putting the interface in promiscuous mode)
No threads run with root privileges so it's much safer
(specially the new server thread which reads remote user input)
Added stats thread
To calculate/mantain exponential averages
Added server thread
It accepts HTTP requests and serves stats in XML
Network Security Monitor Daemon 4.0 keywords