Just in Love 愛在其衷

昨天下大雨，在圖書館耗了兩堂路途遙遠的國文課，翻了一些 Unix 網路安全的書，發現一些監測 log 的工具值得研究，再加上剛發現的一些玩意。 部落格架了幾天下來，log 檔裡面一堆攻擊紀錄，更需要好好研究。

AWStats - Free real-time logfile analyzer to get advanced statistics

AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically.

Webalizer - A GPL application that generates web pages of analysis, from access and usage logs. （已安裝，需要再微調）

The Webalizer is a fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.

sshdfilter - ssh brute force attack blocker 看到 secure.log 裡同一個 IP 連續的 "Failed password for root"，還滿惱人的，一直吃容量。

sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output and generating iptables rules, the process can be quick enough to block an attack before they get a chance to enter any password at all.

Swatch - The Simple WATCHer of Logfiles

Swatch: the active log file monitoring tool. Swatch started out as the "simple watchdog" for activly monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log.

Logcheck - Logfile Scanner

Logcheck is a simple utility which is designed to allow a system administrator to view the logfiles which are produced upon hosts under their control.

Nmap - Free Security Scanner For Network Exploration & Security Audits. （已安裝，待找出之前同學上課的投影片）

Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available.

QuiXplorer - web-based file-management 拿來架自己個人用的 FTP 感覺還滿有親和力的。

QuiXplorer is a multi-user, web-based file-manager. It allows you to manage and/or share files over the internet, or an intranet.