[CentOS] how to know when a system is compromised

Thu Nov 14 15:48:11 UTC 2019
SternData <subscribed-lists at sterndata.com>

Do you run rkhunter?

On 11/14/19 9:40 AM, Christopher Wensink wrote:
> How do you know when a Linux system has been compromised? 
> 
> Every day I watch our systems with all the typical tools, ps, top, who,
> I watch firewall / IPS logs, I have logwatch setup and mailing daily
> summaries to me and I dive deeper into logs if something looks suspicious.
> 
> What am I missing or not looking at that you security gurus are looking at?
> 
> I subscribe to the centos and SANS newsletters, and I try to keep
> current on all technology with credible sources of articles online and
> with the Lynda library.
> 
> What other sources of information do you use to stay current about the
> latest threats and technology updates?
> 
> I appreciate the feedback.
> 
> Chris