/images/nabou-logo.png

Software ↑     Config Download Install Modules Procmon Scriptlets Security Usage

Nabou is a system integrity monitor. That means, it runs every night and watches for changes on files. If a file has changed in any way, it will inform you by email(if you prefer that). Beside of this it can also look for changed or added user accounts, cronjobs, weird processes and suid files. And you can define your own checks using inline scriptlets.

It stores the properties for each file in a dbm database and will warn you if something has been changed on a file. The most important thing to check for, is the MD5-checksum. This checksum will never be the same if the file content has changed even if only one letter has changed. But you can also look for some other properties, like ownership or filemode. See the section configuration for more details on that!

You can use nabou as an Intrusion Detection System or simply as a system monitor.

Beside filesystem integrity you can use nabou as process monitor as well, in this special mode it can run as a daemon in the background and inform you if it finds a weird process. Take a look at the sample process monitoring config.

Nabou can also monitor crontab entries, UID 0 user accounts, User accounts and Listening TCP/UDP ports.

nabou requires perl and some Perl Modules.

If you are interested, here is a sample report generated by a nabou check run.

Be sure to check out the latest version: 2.4!