There are two types of network monitors: those that monitor your own system's network settings and those that monitor network traffic. The latter includes security tools (that can also be used as hackers tools) for exposing security weaknesses in a network. Be aware and be safe! A list of available tools is at Top Ubuntu Security Tools.
Netstat is the Linux command-line tool to monitor network status and functions. There are many usage parameters. See the manual for help.
Etherape (Network monitoring)
EtherApe is a graphical utility that allows you to see (in real-time) where connections are being made on your network, or between your network (or computer) and the Internet. If you are experiencing unexpected network activity on your computer or LAN and wish to see where the activity is occurring, this is an easy tool to use. Both "local" user and "root user" installations are created; in general you must use the root user installation to see all your network traffic.
sudo apt-get install etherape
List open files
lsof -i -n -P
sudo apt-get install nmap
Scan your own PC:
(Once you have found out which ports are open, use a firewall to close the ones you don't want open.)
sudo apt-get install nmapfe
- or you can try Zenmap:
sudo apt-get install zenmap
Nessus is a proprietary comprehensive vulnerability scanning suite that is free for personal, non-enterprise usage. See the website for details.
Snort is the de facto open source standard for intrusion detection. Install:
sudo apt-get install snort
It can be used with an MySQL database (sudo apt-get install snort-mysql) or with a PostgreSQL database (sudo apt-get install snort-pgsql).
AcidBase is an intrusion detection / basic analysis and security engine that uses Snort. Install:
sudo apt-get install acidbase
AppArmor is a set of security enhancements developed by Novell for SUSE Linux. It is installed in (K)ubuntu by default.
AppArmor can prevent some services from running as expected and cannot be used in conjunction with SELinux. To disable it:
/etc/init.d/apparmor stop update-rc.d -f apparmor remove apt-get remove apparmor apparmor-utils
SE Linux (Security Enhanced Linux) is an NSA (US National Security Administration) recommended set of tools for enhanced security in Linux systems. It enforces strict access controls (privileges) and is meant for mission-critical installations. It is not suitable for the casual desktop user. It was first available in Hardy Heron and is being updated for Intrepid Ibex. It is not compatible with AppArmor (which must first be removed).
sudo apt-get install selinux
Knockd (Port security)
Knockd is a small server that listens for a pre-defined sequence of port opening attempts (a "knock") before opening an otherwise closed firewall port for communications. Install:
sudo apt-get install knockd
Monitor your network or datacenter with a framework of utilities. Comparable to IBM Tivoli (which can cost thousands of dollars), these solutions are generally available as either community or enterprise editions.
- Hyperic is an open-source network monitoring framework that can be used in either a datacenter or a cloud environment (it is used for Amazon Cloud). Both a free community version and a subscription enterprise version are available.
- Groundwork OpenSource offers a community edition that integrates other packages such as Nagios, Nmap, and others. There is a subscription enterprise version as well. It has its roots in a university setting.
- OpenQRM is the GPL-licensed, free open-source community successor to the very popular network monitoring solution Qlusters. It is available as a Debian/Ubuntu package. See the website for details.
- Canonical offers the Landscape network management service for $150 per node, with a free trial available.
- Zenoss is a commercial network monitoring subscription package (about $150/node) with a limited free "core" edition also available.
Nagios is a free open source network monitoring solution. It is administered from a web interface (http://localhost/nagios) and is expandable using a large number of available plugins. For additional configuration information, see the official Ubuntu documentation. Install:
sudo apt-get install nagios3
Munin is a free GPL-licensed open source networking monitoring tool based on RRDTool, in which a master network node queries other network resources, cataloging and graphically displaying changes. It has a web interface and multiple plugins. For additional configuration information, see the official Ubuntu documentation. Install:
sudo apt-get install munin
Cacti Monitoring Server
Cacti is a complete, free open source network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. It uses MySQL and PHP (part of the LAMP server stack). All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices. For more info see Cacti Server Setup. Install:
sudo apt-get install cacti
ClusterSSH allows replication of a command on an administration console to be replicated via SSH to multiple computers in a cluster. Install:
sudo apt-get install clusterssh
Enterprise Network Firewall
IPCop is a free open source (GPL-licensed) firewall solution for use as an independent appliance (on a dedicated PC) in an enterprise network. It allows remote management and can protect multiple servers, including web and email servers. IPSec-based OpenVPN is supported. The CD image .iso and other files can be downloaded here. Installation instructions are on the website.
SmoothWall Express is an award-winning, free, open source (with a GPL license) firewall solution for use as an independent appliance (on a dedicated PC) in an enterprise network. Download the installation CD .iso image here (server OS included), burn onto a CD, and install on a new, dedicated PC. Many features, however, such as VPN server, database access authentications, and content filtering are only implemented in a commercial version, however, and are not available in the community version.
Endian is a very robust, free, open source universal threat management appliance similar to IPCop and Smoothwall. It also incorporates OpenVPN. Like Smoothwall, Dansguardian is used for content filtering (and is included in the community edition). Commercial and hardware versions with some additional features, automatic updates, and professional support are available. See the website for details.
LTSP (Thin client support)
LTSP (the Linux Terminal Server Project) adds thin-client support to Linux servers. The package is free, GPL-licensed, and the client can be used to run programs on either Linux or Windows LTSP servers. There is a module for classroom management (ltsp-controlaula) as well. Installation instructions are here. The alternate LiveCD can also be used to install a terminal server, as indicated in these instructions.
sudo apt-get install ltsp-server ltsp-manager
sudo apt-get ltsp-client
iTALC (Thin client for Education)
iTALC is a free, open source (GPL-licensed) thin client solution that supports both (K)Ubuntu Linux and Windows XP. It has been used widely in educational settings to monitor, share, and control multiple workstations. See the website for download and installation instructions.
Internet Cafe software
Internet Cafe (or CyberCafe) software is specialized LAN-administration software that includes time usage monitoring, billing, and administration. It can also be used in schools, libraries, and organizations with multiple monitored workstations requiring usage limits.
OutKafe is a free, open-source, GPL-licensed cybercafe solution based on a postgreSQL database server stack. It is run on hundreds of sites. It is GTK-based but can be run with Kubuntu (KDE).
OpenKiosk is a free open source multi-platform server/client solution for administering and monitoring groups of workstations, such as in libraries, school labs, and internet cafes. Installation is from source files. See the website for details.
CafePilot is a free multi-platform Java-based server/client solution for real-time monitoring and billing of Cybercafe workstations.
This thread discusses several other solutions, including:
Pessulus (Lockdown Editor)
Pessulus is a GTK (Gnome)-based utility that allows an a computer administrator to restrict acccess to several administrative functions, including the command-line Terminal and many other functions. This is useful on public kiosk PCs, for example. Install:
sudo apt-get install pessulus
Cluster (cloud) computing
Cloud computing is the co-ordination of many servers to maximise computing resources and efficiency. The use of virtual machines, load balancing, and VLAN technology are combined into an integrated system. Distributed computing and parallel processing underlies the networks of computers that are now used in a number of supercomputing applications.
OpenStack is the technology currently used by Ubuntu for cloud computing as part of the Ubuntu Cloud Infrastructure. (Also see the Ubuntu community help.) It is now included as part of Ubuntu server versions (starting with 12.04 LTS Precise).
- See the Ubuntu private cloud information to set up an OpenStack cluster.
Eucalyptus is a project from University of California Santa Barbara to facilitate cluster computing on servers that have the Xen virtual machine implementation enabled. Prior to 11.10 (Oneiric) it was available for the Ubuntu server edition as the Ubuntu Enterprise Cloud.
- See the instructions for installing Eucalyptus on Debian systems.
The Beowulf cluster computing project is one of the earliest cluster computing examples and provides the underpinning for a number of Linux-based supercomputing clusters. A Beowulf cluster is designed to function like a single supercomputer, and can be scaled to any number of nodes. It uses open source components. See this introductory article on creating a Beowulf cluster with Ubuntu.
- OSCAR is a software platform that allows the creation of a Beowulf cluster on RedHat or Debian/Ubuntu Linux servers. See here for instructions on installing the .deb packages from repositories.
BOINC (Berkeley Open Infrastructure for Network Computing)
BOINC is middleware software developed at UC Berkeley to allow multiple computers to operate as a grid-based (cloud based) supercomputer. There are over half a million computers participating in BOINC projects. To install BOINC and participate in one or more of these projects:
sudo apt-get install boinc
A warning about distributed computing
Cloud computing is often mistaken for remote hosting. While cloud computing using public hosts may be beneficial in "farming out" a few of your non-sensitive computing needs, the recent ease of cloning filesystems and the promiscuity of datacenters has placed a great deal of sensitive data at risk when databases and critical server functions themselves are remotely hosted at a site not under your complete control. Even "trusted" banks and other large businesses routinely trade and sell our sensitive "private" data to multiple partners (sometimes for profit and sometimes unwittingly). Hosted servers are compromised on a daily basis and it is not very easy for an end customer to know how effective are the security practices of a remote hosting service. Further, any data left on public storage devices (cloud servers) in the US for more than 180 days are subject to search and seizure by government agencies there. Therefore, it is almost always more secure to host your own server(s) in house and to limit the traffic and access to your databases and servers to members of your own organization. Learning how to run your own servers is worth the effort, and powerful hardware on which to run them is inexpensive these days.
The Ubuntu cloud computing environment allows you to recruit the multiple computers within your own organization for distributed ("cloud") computing and thereby keep it all "in house" (behind secure firewalls). You do not need to expose your organization to insecure remote public hosts in order to use cloud computing.