Do you run rkhunter? On 11/14/19 9:40 AM, Christopher Wensink wrote: > How do you know when a Linux system has been compromised? > > Every day I watch our systems with all the typical tools, ps, top, who, > I watch firewall / IPS logs, I have logwatch setup and mailing daily > summaries to me and I dive deeper into logs if something looks suspicious. > > What am I missing or not looking at that you security gurus are looking at? > > I subscribe to the centos and SANS newsletters, and I try to keep > current on all technology with credible sources of articles online and > with the Lynda library. > > What other sources of information do you use to stay current about the > latest threats and technology updates? > > I appreciate the feedback. > > Chris