Posts

Showing posts from December, 2013

Detecting a Hacker Attack

I work as a system administrator for a company monitoring around 20 servers running open source applications . One of the application we are using is Jboss . The Jboss version we are running is an old version (4.0) as per client requirement .We have upgraded jboss to the latest after this incident . Besides this we  are using Nagios for application and Infrastructure monitoring. 
The alarm of a server getting compromised raised on a Monday morning when we saw continuous Nagios high load alerts from the server running old version of Jboss . The alerts actually started coming from Saturday morning .

I immediately logged to the affected machine and the first few commands I run was w and top command .
Checking System Load and identifying top contributor top command showed high load on the system with some perl commands running for 'jboss' user with CPU utilization around 100%

# top top - 15:03:03 up 22 days, 2:37, 1 user, load average: 29.02, 28.40, 23.27 Tasks: 310 total, 3 runn…

MRTG : Montoring Network Bandwidth of Linux Servers

About MRTG:

MRTG stands for Multi Router Traffic Grapher  is a free software for monitoring and measuring the traffic load on network devices . MRTG is written in perl and works on Unix/Linux as well as Windows and even Netware systems. MRTG is free software licensed under the Gnu GPL.


Download MRTG:

MRTG is available for download from
http://oss.oetiker.ch/mrtg/download.en.html . 

Steps to install MRTG is available here
http://oss.oetiker.ch/mrtg/doc/mrtg-unix-guide.en.html

Configuring MRTG:  We will be using MRTG to monitor traffic flow of  three Linux based servers . In order to proceed further , we need to configure SNMP on these Linux Servers . Following are the steps to be followed to configure SNMP . In part 2 , we will steps to configure MRTG to monitor these Linux servers.


Part 1: 

1. Install following net-snmp tools on all the three servers.

net-snmp-utils
     net-snmp

2.  Start snmpd service as root

service snmpd start 
         chkconfig snmpd on

3.  Default community string i…