LinuxSecurity.com: Simple Commands for Intrusion DetectionJun 30, 2000, 11:01 (1 Talkback[s])
(Other stories by Benjamin D. Thomas)
[ Thanks to Benjamin D. Thomas for this link. ]
"Have you ever suspected or been notified that your Linux system is under attack? How do you determine whether your system has been compromised? This document is intended to explain how an administrator can implement basic security incident investigation techniques."
"As mentioned in the Intrusion Detection Primer, the process of preventing and detecting security breaches by monitoring user and application activity is known as intrusion detection. It is a proactive process that requires the constant attention. In this document I explain step-by-step how to monitor user and application activity using standard Linux/Unix commands. This document is intended to be read by novice Linux who are interested in security."
"Who are the intruders and where are they from? Intruders may be curious teenagers, disgruntled employees, or even professional criminals from rival companies. Attacks can originate from practically anywhere in the world via the Internet or dialup lines. This fact makes intrusion investigation a difficult task."