Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

How will you identify a virus threat from Linux System?

I have used netstat -antp command for listening port and lsof command for checking the opened file. Verify all the opened file related to the port. Please let me know you thoughts for avoiding hacking attempt

Linux Linux Internals Linux server administration
user-image
Question added by Muhammad Anzar , DevOps/DevSecOps Architect , Confidential
Date Posted: 2013/09/19
Upvote (1) Views (14) Followers (3) Answers (3) Report Question
Write an Answer
Register now or log in to answer.
Roshan Firozkhan
by Roshan Firozkhan , IT System Administrator , Emirates Driving Institute

#netstat -plan|grep :80|awk {'print $5'}|cut -d: -f1|sort|uniq -c|sort -nk1

 

#cat /var/log/messages |grep SYN| cut -d "=" -f5|cut -d " " -f1 > synattack

 

#ps -eo pcpu,pid,user,args | sort -k1 -r | head -10

Deleted user

you can install IDS package in linux system like snort or suricata to protect you from virus, ddos and hacking attempt. you can also log them in mysql thru barnyard and view it thru snorby (web-based monitoring).

By installing this package, make sure you have oinkcode account from snort VRT in order for you to download the signatures from your snort or suricata sensors.

 

Deleted user

selinux policies is also very helpful in detecting unusual behviours that may result from rootkits or vulnerable program or server that is being\was exploited and it can also detect misbehaviour from good|legal programs ..

Write Your Answer
More Questions Like This

Do you need help in adding the right keywords to your CV? Let our CV writing experts help you.

Get Help