Network Monitors

There are two types of network monitors: those that monitor your own system's network settings and those that monitor network traffic. The latter includes security tools (that can also be used as hackers tools) for exposing security weaknesses in a network. Be aware and be safe! A list of available tools is at Top Ubuntu Security Tools.

Netstat

Netstat is the Linux command-line tool to monitor network status and functions. There are many usage parameters. See the manual for help.

netstat

Etherape (Network monitoring)

EtherApe is a graphical utility that allows you to see (in real-time) where connections are being made on your network, or between your network (or computer) and the Internet. If you are experiencing unexpected network activity on your computer or LAN and wish to see where the activity is occurring, this is an easy tool to use. Both "local" user and "root user" installations are created; in general you must use the root user installation to see all your network traffic.

sudo apt-get install etherape

List open files

Sometimes you will see your network slowing and want to know which files are sending data over ports. Use this command:

lsof -i -n -P

Nmap

Nmap is a free open source utility for network exploration (including showing open ports and running services) and security auditing. Install:

sudo apt-get install nmap

Scan your own PC:

nmap localhost

(Once you have found out which ports are open, use a firewall to close the ones you don't want open.)

Nmap GUI

Install:

sudo apt-get install nmapfe

or you can try Zenmap:

sudo apt-get install zenmap

Nessus

Nessus is a proprietary comprehensive vulnerability scanning suite that is free for personal, non-enterprise usage. See the website for details.

Snort

Snort is the de facto open source standard for intrusion detection. Install:

sudo apt-get install snort

It can be used with an MySQL database (sudo apt-get install snort-mysql) or with a PostgreSQL database (sudo apt-get install snort-pgsql).

AcidBase

AcidBase is an intrusion detection / basic analysis and security engine that uses Snort. Install:

sudo apt-get install acidbase

Munin

Munin is a network resource monitoring tool in which a master network node queries other network resources, cataloging and graphically displaying changes. Install:

sudo apt-get install munin

AppArmor

AppArmor is a set of security enhancements developed by Novell for SUSE Linux. It is installed in (K)ubuntu by default.

Disable AppArmor

AppArmor can prevent some services from running as expected and cannot be used in conjunction with SELinux. To disable it:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

SELinux

SE Linux (Security Enhanced Linux) is an NSA (US National Security Administration) recommended set of tools for enhanced security in Linux systems. It enforces strict access controls (privileges) and is meant for mission-critical installations. It is not suitable for the casual desktop user. It was first available in Hardy Heron and is being updated for Intrepid Ibex. It is not compatible with AppArmor (which must first be removed).

sudo apt-get install selinux

Network Management

Monitor your network or datacenter with a framework of utilities. Comparable to IBM Tivoli (which can cost thousands of dollars), these solutions are generally available as either community or enterprise editions.

• Hyperic is an open-source network monitoring framework that can be used in either a datacenter or a cloud environment (it is used for Amazon Cloud). Both a free community version and a subscription enterprise version are available.
• Groundwork OpenSource offers a community edition that integrates other packages such as Nagios, Nmap, and others. There is a subscription enterprise version as well. It has its roots in a university setting.
• OpenQRM is the GPL-licensed, free open-source community successor to the very popular network monitoring solution Qlusters. It is available as a Debian/Ubuntu package. See the website for details.
• Canonical offers the Landscape network management service for $150 per node, with a free trial available.
• Zenoss is a commercial network monitoring subscription package (about $150/node) with a limited free "core" edition also available.

Nagios

Nagios is a free open source network monitoring solution. It is available as a package installation in Ubuntu. It is administered from a web interface (http://localhost/nagios) and is expandable using a large number of available plugins. Install:

sudo apt-get install nagios3

Cacti Monitoring Server

Cacti is a complete, free open source network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. It uses MySQL and PHP (part of the LAMP server stack). All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices. For more info see Cacti Server Setup.

Enterprise Network Firewall

IPCop

IPCop is a free open source (GPL-licensed) firewall solution for use as an independent appliance (on a dedicated PC) in an enterprise network. It allows remote management and can protect multiple servers, including web and email servers. IPSec-based OpenVPN is supported. The CD image .iso and other files can be downloaded here. Installation instructions are on the website.

SmoothWall

SmoothWall Express is an award-winning, free, open source (with a GPL license) firewall solution for use as an independent appliance (on a dedicated PC) in an enterprise network. Download the installation CD .iso image here (server OS included), burn onto a CD, and install on a new, dedicated PC. Many features, however, such as VPN server, database access authentications, and content filtering are only implemented in a commercial version, however, and are not available in the community version.

Endian

Endian is a very robust, free, open source universal threat management appliance similar to IPCop and Smoothwall. It also incorporates OpenVPN. Like Smoothwall, Dansguardian is used for content filtering (and is included in the community edition). Commercial and hardware versions with some additional features, automatic updates, and professional support are available. See the website for details.

LTSP (Thin client support)

LTSP (the Linux Terminal Server Project) adds thin-client support to Linux servers. The package is free, GPL-licensed, and the client can be used to run programs on either Linux or Windows LTSP servers. There is a module for classroom management (ltsp-controlaula) as well. Installation instructions are here. The alternate LiveCD can also be used to install a terminal server, as indicated in these instructions.

LTSP Server

Install:

sudo apt-get install ltsp-server ltsp-manager

LTSP Client

Install:

sudo apt-get ltsp-client

iTALC (Thin client for Education)

iTALC is a free, open source (GPL-licensed) thin client solution that supports both (K)Ubuntu Linux and Windows XP. It has been used widely in educational settings to monitor, share, and control multiple workstations. See the website for download and installation instructions.

Internet Cafe software

Internet Cafe (or CyberCafe) software is specialized LAN-administration software that includes time usage monitoring, billing, and administration. It can also be used in schools, libraries, and organizations with multiple monitored workstations requiring usage limits.

OutKafe

OutKafe is a free, open-source, GPL-licensed cybercafe solution based on a postgreSQL database server stack. It is run on hundreds of sites. It is GTK-based but can be run with Kubuntu (KDE).

OpenKiosk

OpenKiosk is a free open source multi-platform server/client solution for administering and monitoring groups of workstations, such as in libraries, school labs, and internet cafes. Installation is from source files. See the website for details.

CafePilot

CafePilot is a free multi-platform Java-based server/client solution for real-time monitoring and billing of Cybercafe workstations. A complete custom Ubuntu-based LiveCD server/multiple-client solution (including OS and many applications for unlimited workstations) is available for $100 here.

Miscellaneous solutions

This thread discusses several other solutions, including:

• Untangle
• m0n0wall
• ClearOS

Pessulus (Lockdown Editor)

Pessulus is a GTK (Gnome)-based utility that allows an a computer administrator to restrict acccess to several administrative functions, including the command-line Terminal and many other functions. This is useful on public kiosk PCs, for example. Install:

sudo apt-get install pessulus

Cluster (cloud) computing

Eucalyptus is a project from University of California Santa Barbara to facilitate cluster computing on Ubuntu servers that have Xen enabled. It has been included in the Lucid Lynx server edition. See the website for details.

A warning about distributed computing

Cloud computing is often mistaken for remote hosting. While cloud computing using public hosts may be beneficial in "farming out" a few of your non-sensitive computing needs, the recent ease of cloning filesystems and the promiscuity of datacenters has placed a great deal of sensitive data at risk when databases and critical server functions themselves are remotely hosted at a site not under your complete control. Even "trusted" banks and other large businesses routinely trade and sell our sensitive "private" data to multiple partners (sometimes for profit and sometimes unwittingly). Hosted servers are compromised on a daily basis and it is not very easy for an end customer to know how effective are the security practices of a remote hosting service. Therefore, it is almost always more secure to host your own server(s) in house and to limit the traffic and access to your databases and servers to members of your own organization. Learning how to run your own servers is worth the effort, and powerful hardware on which to run them is inexpensive these days.

The Ubuntu cloud computing environment allows you to recruit the multiple computers within your own organization for distributed ("cloud") computing and thereby keep it all "in house" (behind secure firewalls). You do not need to expose your organization to insecure remote public hosts in order to use cloud computing.