Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

How will you identify a virus threat from Linux System?

I have used netstat -antp command for listening port and lsof command for checking the opened file. Verify all the opened file related to the port. Please let me know you thoughts for avoiding hacking attempt

user-image
Question added by Muhammad Anzar , DevOps/DevSecOps Architect , Confidential
Date Posted: 2013/09/19
Roshan Firozkhan
by Roshan Firozkhan , IT System Administrator , Emirates Driving Institute

#netstat -plan|grep :80|awk {'print $5'}|cut -d: -f1|sort|uniq -c|sort -nk1

 

#cat /var/log/messages |grep SYN| cut -d "=" -f5|cut -d " " -f1 > synattack

 

#ps -eo pcpu,pid,user,args | sort -k1 -r | head -10

Deleted user
by Deleted user

you can install IDS package in linux system like snort or suricata to protect you from virus, ddos and hacking attempt. you can also log them in mysql thru barnyard and view it thru snorby (web-based monitoring).

By installing this package, make sure you have oinkcode account from snort VRT in order for you to download the signatures from your snort or suricata sensors.

 

Deleted user
by Deleted user

selinux policies is also very helpful in detecting unusual behviours that may result from rootkits or vulnerable program or server that is being\was exploited and it can also detect misbehaviour from good|legal programs ..

More Questions Like This