Simon icon Simon
Flexible server monitoring

User or Malware Change Monitoring

I am trying to monitor my server for any changes, whether from users or malware. I'm trying out Simon.

According to the following, Simon couldn't check all pages of a site:

http://www.dejal.com/forums/2010/05/11/malware-site-monitoring

This was posted in 2010. David Sinclair said "I have had one or two requests for a service that scans all pages on a site, and I'll probably add that in due course, though it isn't currently scheduled."

Has this been added?

Also, is there a way to check the server via FTP instead of depending on public web pages?

David Sinclair's picture

Re: User or Malware Change Monitoring

No, that feature idea has not yet been implemented. It is still something on my list for consideration, but hasn't been particularly popular a request, so hasn't bubbled to the top yet.

Re FTP, yes, Simon includes several services to check servers by other means, including FTP Directory Listing, SSH, and others.

Re: User or Malware Change Monitoring

OK, same question for FTP: can I set it up so I get notifications if anything on the server is changed, or do I have to monitor each directory on it's own?

David Sinclair's picture

Re: User or Malware Change Monitoring

You could use the FTP Directory Listing service to watch a directory for changes, but that'll only work for one directory. So you'd need to add separate tests for each directory you want to monitor.

However, Simon is flexible — if you try editing that service, you'll see that it is actually a shell script to basically cd to a directory, and ls to list its contents. So you could easily duplicate that service (in case you need to revert) and modify it to do that for multiple directories at once, e.g. by changing the ls line to the following, which would recursively list all subdirectories.

ls -R