Welcome to the home of the lestat software - a simple, portable and stable system for viewing connection attempts and attacks against GNU/Linux and Unix machines.

Have you ever wanted to watch real time connection attempts on your publicly visible machines? View attack trends? Receive early notifications of new worms?

Lestat is software which is designed to allow you to do all that!

The software is divided into two parts:

• An agent, lestat, which will sit upon a public machine and capture connection requests, inserting details of all connections into a database.
• An independent collection of PHP scripts which process the database data, and provide simple visualization of the logs.

The connection attempts are recorded using a simple perl script which relies upon both Net::Pcap, and DBI packages. These are fairly common packages which should be available to all modern GNU/Linux distributions. Failing that you can find them upon CPAN.

For the visualisation script you will need PHP4, PHP4-GD and PHP-MySQL.

Once the software is installed you have a couple of different ways to use the software - you may edit the configuration file to include the IP address and interface you're using to monitor, or you may use the command line arguments like so:

  ./lestat --user=dbuser --pass=dbpass \
    --interface=eth1 --address=192.168.0.22
  

This line says that the script should log traffic destined for the IP address 192.168.0.22, using eth1 as the interface to bind upon, and write the data to the database 'lestat' on the localhost - using the login credentials 'dbuser + dbpass' to connect to it.

More information can be found by running ./lestat --help

Note: there is a configuration file which can be used to contain these settings so you don't need to specify them each time you invoke the program.