[CentOS] how to know when a system is compromised

Christopher Wensink

cwensink at five-star-plastics.com
Thu Nov 14 15:40:32 UTC 2019

How do you know when a Linux system has been compromised? 

Every day I watch our systems with all the typical tools, ps, top, who,
I watch firewall / IPS logs, I have logwatch setup and mailing daily
summaries to me and I dive deeper into logs if something looks suspicious.

What am I missing or not looking at that you security gurus are looking at?

I subscribe to the centos and SANS newsletters, and I try to keep
current on all technology with credible sources of articles online and
with the Lynda library.

What other sources of information do you use to stay current about the
latest threats and technology updates?

I appreciate the feedback.


More information about the CentOS mailing list