>On Sun, 14 Mar 2010 10:18:04 +0530 >Raj Mathur <r...@linux-delhi.org> wrote:
> > 1) How can we detect that someone has intruded / hacked our linux box > > ? 2) Which commands to use for such detection ? > > Apart from the standard places to look (/tmp, /var/tmp, all HTTP domain > directories) > What signs / o/puts to look for in these directories - for example.. to indicate any possible intrusion ? > you can use a tool called rkhunter (RootKit Hunter) to > detect common Linux viruses and trojans. > Thanks a lot ! Will dafinately give it a shot ! > > 3) How to decipher the output of `netstat -a ` ? > > Phew, that's the whole netstat(8) man page! Anyhow, one part lists out > connected sockets, another part lists listening sockets, a third lists > out Unix domain (local) sockets. To take an example, the connected > socket list consists of: > Sorry to be not clear... for example in these netstat o/p columns : Proto RefCnt Flags Type State I-Node Path .... which flags or type or state etc indicate un-authorised connections to our linux box ? Is it possible to know from the indicated flags etc abt these facts ? TIA ! ~ Pats -- ------------------------------------------------------------- Fittest Survive, Other ( OSs ) die a slow death ! ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help