[CentOS] log outbound port 80 connections
Ray Van Dolson
rvandolson at esri.com
Tue Feb 5 17:27:48 UTC 2008
>
> To get more specific about what's going on. My network services have
> informed me that the machine is probing other systems at a high rate. An
> infection of some sort. And I'm trying to track down what's going on.
>
The LOG target lets you display the user id of the process I believe,
but not the PID. There might be some iptables extensions out there
that would do what you're looking for. Don't know them off the top of
my head however.
Alternately, perhaps you could use SELinux for this? I know its audit
logs would give you the level of detail you're looking for, but getting
the policy written for it might be challenging.
Ray
More information about the CentOS
mailing list