Authentication Monitor for Debian and Ubuntu

What is Authentication Monitor?

If you have a Linux server running Debian or Ubuntu and want to be notified when certain users gain access to one or more of your critical services (e.g. “ssh/sshd” and “proftpd”), then Authentication Monitor might be just what you’re looking for.

Authentication Monitor runs silently in the background as a system service and monitors a user-defined list of services running on you server. Whenever a user successfully authenticates with one of these services from an unknown IP-address, you will receive an e-mail notifying you of the incident.

System Requirements

  • Debian or Ubuntu

I have made Authentication Monitor specifically with the Debian and Ubuntu in mind. Since Authentication Monitor relies heavily on the package management system in these operating systems, it is highly unlikely that Authentication Manager will work on any other flavor of Linux.

Authentication Monitor have been tested with the latest versions of Debian and Ubuntu (currently “Debian 6.0 Squeeze” and “Ubuntu 12.10″).

  • Root-privileges

In order to be able to install Authentication Monitor, you must have root-privileges on the system.

  • The “php5-cli” and “php-pear” system packages and the “System_Daemon” and “Mail” PHP-modules

Since Authentication Monitor is mainly written in PHP, a few system packages and PHP-modules are required in order for Authentication Monitor to work. If missing, these system packages and PHP-modules can, however, optionally be automatically installed during the main installation of Authentication Monitor.

Getting a Copy of Authentication Monitor

Installation and Configuration

Follow these steps to install and configure Authentication Monitor.

  1. Download the latest copy of Authentication Monitor.
    wget http://bwyan.dk/wp-content/uploads/2013/02/authmond-1.0.0.tar.gz
  2. Extract the contents of the installation package.
    tar xzvf authmond-1.0.0.tar.gz
  3. Start the installation (with root-privileges) and follow the instructions on the screen.
    sudo authmond-1.0.0/install.sh

    Note that during the installation you will have the option to stop the Authentication Monitor service from starting post-installation, if you should wish to adjust the user configurable variables/options beforehand.

  4. After the installation of Authentication Monitor has completed successfully, you can now adjust the user configurable variables/options (which determines how Authentication Monitor behaves and which services and users it should monitor), by editing the configuration file.
    sudo nano /etc/authmond/authmond.conf
  5. Remember to restart the Authentication Monitor service, in order for your changes to take effect.
    sudo /etc/init.d/authmond restart

Troubleshooting

If you should encounter any problems while using Authentication Monitor, or if you simply wish to keep an eye on what the Authentication Monitor service is up to, you should investigate the service log-file.

cat /var/log/authmond.log

Feedback

I always enjoy getting feedback on my projects. Please leave a reply with any thoughts, experiences or concerns you might have about Authentication Monitor, in the comment section at the end of this article.

License and Warranty

Authentication Monitor is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

One thought on “Authentication Monitor for Debian and Ubuntu

Leave a Reply