Hi Jerry, I want to do the analysis on servers/systems that are suspected to be infected.
Thanks, Ali . --------------------------------------------- Sent from my BlackBerry device -----Original Message----- From: Jerry Bell <je...@riskologist.com> Date: Tue, 17 Jul 2012 00:02:29 To: <ali.varsh...@hotmail.com> Cc: <full-disclosure@lists.grok.org.uk> Subject: Re: [Full-disclosure] Linux - Indicators of compromise Hello Ali. Is your question about investigating a set of servers you suspect may be infected, or setting up a steady state monitoring strategy to alert when/if a host is compromised? Regards, Jerry On Jul 14, 2012, at 8:46 AM, "Ali Varshovi " <ali.varsh...@hotmail.com> wrote: > Greetings FD, > > Does anyone have any guidelines/useful material on analysis logs of a Linux > machine to detect signs of compromise? The data collection piece is not a > challenge as a lot of useful information can be captured using commands and > some scripts. I'm wondering if there is any systematic approach to analyze > the collected logs? Most of the materials I've seen are more aligned to > malware and rootkit detection which is not the only concern apparently. > > Thanks, > Ali > . > --------------------------------------------- > Sent from my BlackBerry device > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
