SIM is a system and services monitor for ‘SysVinit’ systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system.
It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes. Many other SIM modules sport different and in-depth features to bring a well rounded tool to your disposal to stop otherwise common issues daunting internet hosts.

Features:
- Service monitoring of HTTP, FTP, DNS, SSH, MYSQL & more
- Event tracking and alert system
- Auto restart ability for downed services
- Checks against network sockets & process list to ensure services are online
- Advanced HTTP service monitoring, to prevent commonly encountered issues
- System load monitor with customizable warnings & actions
- Ability to auto restart system with definable critical load level
- Priority change configurable for services, at warning or critical load level
- Informative command line status display
- Easily customizable configuration file
- Auto configuration script
- Auto cronjob setup feature
- Simple & Informative installation script
- Integrated auto-update feature
- And more...

From http://www.r-fx.org/sim.php

Installation is one more time straightforward:

# wget http://www.r-fx.ca/downloads/sim-current.tar.gz
# tar xvf sim-current.tar.gz
# cd sim-*

The installation of sim is easily acomplished, a simple shell script named  'setup' is included with SIM. Running this script will tend to all the install tasks for SIM.

# ./setup -i
-i     Install
-q     Quick install
-u     Uninstall
-c     Install/Uninstall cronjob

Press "SPACE" to go to the next page when you read the licence.

Press "RETURN" to quit

The readme is then displayed, press "SPACE", then "RETURN"

Ideally once SIM is configured it is best to run from a cronjob. The 'setup'
SIM 2.5-4 <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Creating installation paths:            [##########]
Installing SIM 2.5-4 to /usr/local/sim:         [##########]

SIM 2.5-4 installation completed, related notes:
Executable:             /usr/local/sim/sim
Executable symlink:     /usr/local/sbin/sim
Config file:            /usr/local/sim/conf.sim
Autoconf script:        /usr/local/sim/autoconf
Autoconf symlink:       /usr/local/sbin/sim-autoconf
Cronjob setup:          /usr/local/sim/sim -j

SIM 2.5-4 must now be configured for use on this system, Press
return to run the autoconf script (/usr/local/sim/autoconf).

SIM 2.5-4 Auto-Config Script

All questions default to value in brackets if no answer is given. If you
make a typo during the autoconf process, hit CTRL+C (^C) to abort and
rerun the autoconf script (/usr/local/sim/autoconf).

The below are general configuration options for SIM:
press return to continue...

Where is SIM installed ?
[/usr/local/sim]:
"RETURN"

Where should the sim.log file be created ?
[/usr/local/sim/sim.log]:
"RETURN"

Max size of sim.log before rotated ? (value in KB)
[128]:
"RETURN"

What is the location of your kernel log ?
Found kernel log at /var/log/messages
"RETURN"

Where should alerts be emailed to ? (e.g: root, user@domain)
[root]:  This email address is being protected from spambots. You need JavaScript enabled to view it.  
"RETURN" enter a external email, not one from the mail server domain!

Disable alert emails after how many events, to avoid email flood ?
(Note: events stats are cleared daily)
[8]:
"RETURN"

The below are configuration options for Service modules:
press return to continue...

Auto-restart services found to be offline ? (true=enable, false=disable)
[true]:
"RETURN"

Enforce laxed service checking ? (true=enable, false=disable)
[true]:
"RETURN"

Disable auto-restart after how many downed service events ?
(Note: events stats are cleared daily)
[10]:
"RETURN"

Enable FTP service monitoring ? (true=enable, false=disable)
[false]:
"RETURN"

Name of the FTP service as appears in 'ps' ?
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
Found service name as proftpd

TCP/IP port that FTP operates on ?
[21]:
"RETURN"

Path to FTP service init script ?
[/etc/init.d/proftpd]:
"RETURN"

Enable HTTP service monitoring ? (true=enable, false=disable)
[false]:true
"RETURN"

Name of the HTTP service as appears in 'ps' ?
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
Found service name as httpd

TCP/IP port that HTTP operates on ?
[80]:
"RETURN"

Path to HTTP service init script ?
[/etc/init.d/httpd]:
"RETURN"

Enable DNS service monitoring ? (true=enable, false=disable)
[false]:true
"RETURN"

Name of the DNS service as appears in 'ps' ?
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
Found service name as named


TCP/IP port that DNS operates on ?
Found service port as 53

Path to DNS service init script ?
Found service init script at /etc/init.d/named

Enable SSH service monitoring ? (true=enable, false=disable)
[false]:true
"RETURN"

Name of the SSH service as appears in 'ps' ?
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
Found service name as sshd

TCP/IP port that SSH operates on ?
Found service port as 22
"RETURN"

Path to SSH service init script ?
Found service init script at /etc/init.d/sshd

Enable MYSQL service monitoring ? (true=enable, false=disable)
[false]:true
"RETURN"

Name of the MYSQL service as appears in 'ps' ?
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
Found service name as mysqld

TCP/IP port that MYSQL operates on ?
Found service port as 3306

Path to MYSQL service init script ?
Found service init script at /etc/init.d/mysql

Enable SMTP service monitoring ? (true=enable, false=disable)
[false]:   
"RETURN"

Enable XINET service monitoring ? (true=enable, false=disable)
[false]:true

Name of the XINET service as appears in 'ps' ?
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
Found service name as xinetd

TCP/IP port that any XINET service operates on (e.g: pop3, 110) ?
[110]:
"RETURN"

In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source daemon which runs on many Unix systems and manages Internet-based connectivity. It offers a more secure extension to or version of inetd, the Internet daemon.

xinetd features access control mechanisms such as TCP Wrapper ACLs, extensive logging capabilities, and the ability to make services available based on time. It can place limits on the number of servers that the system can start, and has deployable defence mechanisms to protect against port scanners, among other things. from WikiPedia

Path to XINET service init script ?   see www.xinetd.org/faq.html  and 
Found service init script at /etc/init.d/xinetd

Enable ENSIM service monitoring ? (true=enable, false=disable)
[false]:
"RETURN"

Enable PGSQL service monitoring ? (true=enable, false=disable)
[false]:
"RETURN"

The below are configuration options for Service Specific features:
press return to continue...
After an unclean HTTP shutdown, semaphore array's may remain allocated
and cause the service to fall into a looping restart cycle. Using this
feature clears semaphore arrays on HTTP restart.
Enable semaphore cleanup ?
[false]:
"RETURN"

This is an implamented feature in the http module, its purpose is to
determine if/when the apache server locks up or otherwise stops
responding.
Enable URL aware monitoring ?
[false]:
"RETURN"

HTTP log files can grow large and cause the service to crash
(segfault), this feature will keep the main HTTP logs incheck.
Enable HTTP log monitor ?
[false]:true
"RETURN"

What is the location of your HTTP servers, log files ?
(should point to a directory, not file)
[/var/log/httpd]:/var/log/apache2

Max size of HTTP log files, before cleared ? (value in MB)
[300]:
"RETURN"

MySQL uses a /tmp symlink of its mysql.sock socket file. This
feature verifies that the symlink exists from the main mysql.sock
file, and if not it is recreated.
Enable MySQL Socket correction ?
[false]:
"RETURN"

The below are configuration options for System modules:
press return to continue...

Enable NETWORK monitoring ? (true=enable, false=disable)
[false]:true
"RETURN"

interface to monitor ?
[eth0]:
"RETURN"

Path to NETWORK init script ?
Found service init script at /etc/init.d/network

Enable LOAD monitor ? (true=enable, false=disable)
[false]:
"RETURN"

Configuration completed, saving conf.sim...
Done, conf.sim saved to /usr/local/sim.

Now the SIM (System Integrity Monitor) has been configured! add it as cron

# ./setup -c
SIM 2.5-4 <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Removed SIM cronjob.
# ./setup -c
SIM 2.5-4 <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Installed SIM cronjob.


if everything goes well, you can check the installation by typing:

# /etc/init.d/mysqld stop

This will stop mysql daemon!, You will receive an email  at the same time, showing that mysql has been stopped and restarted

System integrity monitor on xxxxx has taken action in responce to an event. Recent event logs are enclosed below for your inspection. There has been 1 events today, if an average of 8 events is reached, e-mail alerts will be terminated for the duration of the day.

- Events Summary:
Total event count:   1
Average event count: 0

- Service Summary:
FTP       
[online - 0 events]
HTTP      [online - 0 events]
DNS       [online - 0 events]
SSH       [online - 0 events]
MYSQL     [
restart success1 events]
XINET     [online - 0 events]

- System Summary:
NETWORK   [eth0 - online - 0 events]

- SIM Log:
[07/21/07 12:10:01]: touched log file.
[07/21/07 12:10:01]: sim.dat not found, created.
[07/21/07 12:10:01]: no .chk modules enabled.
[07/21/07 12:15:03]: no .chk modules enabled.
[07/21/07 12:20:01]: no .chk modules enabled.
[07/21/07 12:25:01]: NETWORK is online.
[07/21/07 12:25:01]: FTP service is offline.
[07/21/07 12:25:01]: FTP service is offline.
[07/21/07 12:25:01]: FTP restart failed, could not find /etc/init.d/proftpd.
[07/21/07 12:25:01]: FTP restart failed, could not find /etc/init.d/proftpd.
[07/21/07 12:25:01]: HTTP service is online.
[07/21/07 12:25:01]: DNS service is online.
[07/21/07 12:25:01]: SSH service is online.
[07/21/07 12:25:01]: MYSQL service is online.
[07/21/07 12:25:01]: XINET service is online.

comments powered by Disqus

You might like also

The Appthority® App Report
The Appthority® App Report for February 2013 provides an overview of the security risks behind 100 free iOS and Android apps. Appthority examined the differences between the Android and iOS app ecosystems; compared app behaviors across five popular app categories (business, education, entertainment, finance, games); and looked at the developers behind these apps. Report Highlights The vast majority of free apps send and receive data to outside parties without encryption. 96% of total apps share data with advertising networks and/or …
2178 Days ago
CryptoParty Handbook v1.1 has been released
CryptoParty is a grassroots global endeavor to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, True Crypt, and virtual private networks to the general public. The first draft of the 442-page CryptoParty&160;Handbook (the hard copy of which is available at cost), was pulled together in three days using the book sprint approach, and was released 2012-10-04 under a CC-BY-SA license; it remains under constant revision. The CryptoParty&160;Handbook v1.1 has been released and you …
2222 Days ago
Virtualizes a Linux server on the fly with RSYNC
You'll need a lot of patience...Since there is no VMWARE Converter for Linux...My objective is to virtualizes my Internet server running SUSE in a VMWARE to ease the migration to a more powerful and up to date server. I am using RSYNC since: I have no access to the machine, So I can't stop the server and make a binary images of the disk as the server is in a STRATO data center in Germany (Berlin) I don't like operations …
3870 Days ago
How to Secure Your Windows Computer and Protect Your Privacy
Anybody using internet should really read this article. While targeted at windows users, most of the rules also apply to users of Linux and mac. "Security consultant Howard Fosdick has contributed the latest entry in the 2008 OSNews Article Contest: a highly detailed examination of security and privacy on the Windows platform, and how to use free software tools and a little knowledge to protect your privacy online. Do you know that -- Windows secretly records all the web sites …
3978 Days ago
No Thumbnail was found
I know that Secure, Safe, Fast Linux Hosting sound silly as nothing can be fast and secure at the same time, but I've compiled a list of things that are worth doing if you are maintaining your own server. This list is clearly targeted for people running an open source stack made of Apache, MySQL, PHP and Linux. This list is an ongoing work, thta is why it has also a version number in it (v1.0). As soon as I …
4039 Days ago
Security made easy, automatic scan and update of your installed applications
If you are on the paranoia side, and you better should, if you're using ebanking on an internet connected pc. Secunia is a well known internet site, Secunia is a Danish computer security service provider best known for tracking vulnerabilities in more than 12,400 pieces of software and operating systems. Numbers of "unpatched" vulnerabilities in popular applications are frequently quoted in software comparisons.Secunia also tracks currently active computer viruses. Secunia has gained publicity and a notable reputation with the discovery …
4164 Days ago
No Thumbnail was found
FaF (File Anomaly Finder) is a wrapper for the *nix 'find' utility. It generates audit reports for data matching specific characteristics; such data as setgid/setuid, unowned, and more. The objectives are simply to create a simple anomaly finder that identifies common flawed permissions or otherwise suspicious file system characteristics. The main features of FaF are: simplistic and to the point audit reports easy setup and configuration audits emailed to customizable address or user ideal for web servers or general purpose …
4263 Days ago
No Thumbnail was found
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: MD5 hash compare Look for default files used by rootkits Wrong file permissions for binaries Look for suspected strings in LKM and KLD modules Look for hidden files Optional scan within plaintext and binary filesRootkit Hunter is released as GPL licensed project and free for everyone to use. …
4264 Days ago
No Thumbnail was found
chkrootkit is a tool to locally check for signs of a rootkit. chkrootkit is a common unix-based program intended to help system administrators check their system for known rootkits. It works by using several mechanisms, including comparison of file signatures to known rootkits, checking for suspicious activity (processes listed in the proc filesystem but not in the output of the 'ps' command. …
4264 Days ago
No Thumbnail was found
CSF : A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. It easily replace APF and (Advanced policy firewall) and BFD (Brute Force Detection). It is also runing 28 basics but non obvious checks... …
4266 Days ago