Redhat: Audit outgoing connections

We want to audit all of the outgoing connections from redhat server.

With witch tool or audit rule we can do that?

We will know the programm executable too, from which the connection is initiated,
even if it is not more running.

Interesting information is: time, executable, target ip/port
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Slav ZabickiSystem EngineerCommented:
I recommend shorewall. it's simple to configure and based on zones defined by you.

to log all traffic(incoming or outgoing) you need to install a phaser

PostbankAuthor Commented:
thank you for answer.

Shorewall ist installed now and i can see in logfile the connections,
but steel without the information from which process/program there are initiated.
For example:
Jan  4 07:34:20 testsrv kernel: Shorewall:a2fw:ACCEPT:IN=bond0 OUT= MAC=00:29:29:4f:ac:b4:00:14:c2:75:c0:52:02:00 SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=50123 DF PROTO=TCP SPT=55818 DPT=5666 WINDOW=5840 RES=0x00 SYN URGP=0 2

there is no information about the program.

phaser shows only:
<table name="restab" width="100%" border>
<th>In I/F</th>
<th>Out I/F</th>
<th>From IP</th>
<th>Target IP</th>
<th>Src Port</th>
<th>Dest Port</th>

Slav ZabickiSystem EngineerCommented:
what phaser did you install?
PostbankAuthor Commented:


this was not an installation, but executable program
-rwxr-xr-x 1 root   root  10052 Mar 21  2003 parsefw
Slav ZabickiSystem EngineerCommented:
u know, I think that we need to change the approach to the matter.
I've used shorewall in almost all installations I did but I've never set up any parameter for execs.
I have to figure out.
it's pretty neat.

I touched squid as well, but the setup takes time.


by hand
u can try

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.