Install PRM
Product Name: PRM ( Process Resource Monitor )
Product Version: 0.5
Homepage: http://www.rfxn.com/projects/process-resource-monitor/
Description: RM monitors the process table on a given system and matches process id’s with set resource limits in the config file or per-process based rules. Process id’s that match or exceed the set limits are logged and killed; includes e-mail alerts, kernel logging routine and more…
Step 1: Downloading, Installing LES
cd /usr/local/src wget http://www.rfxn.com/downloads/prm-current.tar.gz tar -zxvf prm-current.tar.gz cd prm-0.* ./install.sh rm -Rf /usr/local/src/prm* && cd
Step 2: Configure PRM Config
nano -w /usr/local/prm/conf.prm
Step 2.1: Turn on Email Alerts
Change USR_ALERT="0" to USR_ALERT="1" Change USR_ADDR="root" to USR_ADDR="your@email.net"
Step 3: Configure PRM.Ignore, Adding users we want ignored fro PRM checks
nano -w /usr/local/prm/ignore
Step 3.1: If you installed OSSEC, you should add these users
ossec ossecm
Infomation:
PRM is set to run every 4 minutes, see /etc/cron.d/prm
PRM log is located at /usr/local/prm/prm_log
PRM Kill Log is located at /usr/local/prm/killed/
Usage:
/usr/local/sbin/prm -s (Standard run) /usr/local/sbin/prm -q (Quiet run)