Register now or log in to join your professional community.
I have used netstat -antp command for listening port and lsof command for checking the opened file. Verify all the opened file related to the port. Please let me know you thoughts for avoiding hacking attempt
#netstat -plan|grep :80|awk {'print $5'}|cut -d: -f1|sort|uniq -c|sort -nk1
#cat /var/log/messages |grep SYN| cut -d "=" -f5|cut -d " " -f1 > synattack
#ps -eo pcpu,pid,user,args | sort -k1 -r | head -10
you can install IDS package in linux system like snort or suricata to protect you from virus, ddos and hacking attempt. you can also log them in mysql thru barnyard and view it thru snorby (web-based monitoring).
By installing this package, make sure you have oinkcode account from snort VRT in order for you to download the signatures from your snort or suricata sensors.
selinux policies is also very helpful in detecting unusual behviours that may result from rootkits or vulnerable program or server that is being\was exploited and it can also detect misbehaviour from good|legal programs ..