You want to set up Snort, a network-intrusion detection system.
Snort is included with SuSE but not Red Hat. If you need it (or you want to upgrade), download the source distribution from http://www.snort.org and unpack it:
$ tar xvpzf snort-*.tar.gz
Then compile it:
$ cd `ls -d snort-* | head -1` $ ./configure $ make
and install the binary and manpage as root:
# make install
Next, create a logging directory. It should not be publicly readable, since it will contain potentially sensitive data:
# mkdir -p -m go-rwx /var/log/snort
Finally, install the configuration files and rules database:
# mkdir -p /usr/local/share/rules # cp etc/* rules/*.rules /usr/local/share/rules
Snort is a network intrusion detection system (NIDS), sort of an early-warning radar system for break-ins. It sniffs packets from the network and analyzes them according to a collection of well-known signatures characteristic of suspicious or hostile activities. This may remind you of an anti-virus tool, which looks for patterns in files to identify viruses.
By examining the protocol information and payload of each packet (or a sequence of packets) and applying its pattern-matching rules, Snort can identify the telltale fingerprints of attempted buffer overflows, denial of service attacks, port scans, and many other kinds of probes. When Snort detects a disturbing event, it can log network trace information for further investigation, and issue alerts so you can respond rapidly.
snort(8). The Snort home page is http://www.snort.org.