[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Linux - Indicators of compromise

To: "full-disclosure@xxxxxxxxxxxxxxxxx " <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Linux - Indicators of compromise
From: "Ali Varshovi " <ali.varshovi@xxxxxxxxxxx>
Date: Sat, 14 Jul 2012 12:46:50 +0000

Greetings FD,

Does anyone have any guidelines/useful material on analysis logs of a Linux 
machine to detect signs of compromise? The data collection piece is not a 
challenge as a lot of useful information can be captured using commands and 
some scripts. I'm wondering if there is any systematic approach to analyze the 
collected logs? Most of the materials I've seen are more aligned to malware and 
rootkit detection which is not the only concern apparently.

Thanks,
Ali
.
---------------------------------------------
Sent from my BlackBerry device

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Linux - Indicators of compromise
  - From: Michael Stummvoll
- Re: [Full-disclosure] Linux - Indicators of compromise
  - From: valdis . kletnieks
- Re: [Full-disclosure] Linux - Indicators of compromise
  - From: Bzzz
- Re: [Full-disclosure] Linux - Indicators of compromise
  - From: Григорий Братислава
- Re: [Full-disclosure] Linux - Indicators of compromise
  - From: Jerry Bell
- Re: [Full-disclosure] Linux - Indicators of compromise
  - From: Scott Solmonson

Prev by Date: Re: [Full-disclosure] Predefined Post Authentication Session ID Vulnerability
Next by Date: Re: [Full-disclosure] Predefined Post Authentication Session ID Vulnerability
Previous by thread: [Full-disclosure] SMF Board v2.0.2 - Multiple Web Vulnerabilities
Next by thread: Re: [Full-disclosure] Linux - Indicators of compromise
Index(es):
- Date
- Thread