LSMGPL v2
Linux Socket Monitor
Detect unauthorized network connections in real time
Linux Socket Monitor (LSM) is a network socket monitor designed to track changes to both network sockets and Unix domain sockets, effectively serving as a port monitor.
LSM works by performing differential-based comparison of current and new server sockets — it records a base set of active sockets on install, then compares current socket information against these base comparison files. It uses cron to schedule scans at configurable intervals and sends email alerts when differences are detected, highlighting otherwise unknown services.
Project Downloads & Supporting Files
2
3d
4
7d
15
30d
44
90d
184
1y
Feb 18 — Feb 21
Features
Monitoring
- Differential comparison of both network sockets and Unix domain sockets
- Base set recording with comparison against current socket state
- Highlights otherwise unknown services on the system
- Events only trigger for new sockets — ignores services already holding sockets open
Operation
- Configurable alerting system via email when new ports activate
- Lightweight compact bash script with minimal configuration
- Scans current ports and sockets on install to create base comparison files
- Cron-based scheduling at configurable intervals (default every 10 minutes)
Installation
bash
$ wget https://www.rfxn.com/downloads/lsm-current.tar.gz
$ tar xfz lsm-current.tar.gz
$ cd linux-socket-monitor-*
$ sudo ./install.shVerify Download
MD5 Signature Verification
Always verify the integrity of downloaded packages before installation.
bash
$ wget https://www.rfxn.com/downloads/lsm-current.tar.gz
$ wget https://www.rfxn.com/downloads/lsm-current.tar.gz.md5
$ md5sum -c lsm-current.tar.gz.md5