[CentOS] how to know when a system is compromised

Thu Nov 14 16:01:40 UTC 2019
Christopher Wensink <cwensink at five-star-plastics.com>

I have not, I'll look into that one, thanks!

On 11/14/2019 9:48 AM, SternData wrote:
> Do you run rkhunter?
>
> On 11/14/19 9:40 AM, Christopher Wensink wrote:
>> How do you know when a Linux system has been compromised? 
>>
>> Every day I watch our systems with all the typical tools, ps, top, who,
>> I watch firewall / IPS logs, I have logwatch setup and mailing daily
>> summaries to me and I dive deeper into logs if something looks suspicious.
>>
>> What am I missing or not looking at that you security gurus are looking at?
>>
>> I subscribe to the centos and SANS newsletters, and I try to keep
>> current on all technology with credible sources of articles online and
>> with the Lynda library.
>>
>> What other sources of information do you use to stay current about the
>> latest threats and technology updates?
>>
>> I appreciate the feedback.
>>
>> Chris
>