Using Nagios for intrusion detection [article]

F Rodriguez Calonge, M Cardenas-Montes, E Perez-Calle
Implementing strategies for secured access to widely accessible clusters is a basic requirement of these services, in particular if GRID integration is sought for. This issue has two complementary lines to be considered: security perimeter and intrusion detection systems. In this paper we address aspects of the second one. Compared to classical intrusion detection mechanisms, close monitoring of computer services can substantially help to detect intrusion signs. Having alarms indicating the
more » ... ence of an intrusion into the system, allows system administrators to take fast actions to minimize damages and stop diffusion towards other critical systems. One possible monitoring tool is Nagios (, a powerful GNU tool with capacity to observe and collect information about a variety of services, and trigger alerts. In this paper we present the work done at CIEMAT, where we have applied these directives to our local cluster. We have implemented a system to monitor the hardware and system sensitive information. We describe the process and show through different simulated security threads how does our implementation respond to it.
doi:10.5170/cern-2005-002.860 fatcat:t7s3ayfy2jgzbigqdqhu4cau3m