Linux.com: CLI Magic: Trojan Scan
Oct 18, 2005, 10:00 (0 Talkback[s])
(Other stories by Joe Barr)
"We're all about security this week. Not the security you get
from being all wrapped up in a baby-blanket, coddling, gratuitous
GUI, but the kind that comes from knowing who is connected to your
machine, and why. Trojan Scan is a simple but effective tool that
monitors connections and alerts you to unauthorized activity of the
sort that a rootkit, trojan, or other bad-to-the-bone-ware might
engage in. Jump down out of that hi-tech hammock you're in and
let's take a look.
"Trojan Scan is crafted in the finest Unix tradition, building
on and combining existing tools to scratch a particular itch. Most
of the work is done by the lsof command, which lists open files.
What good is that, you ask, when checking for connections?
Remember, in Unix, everything is a file, so the answer is that it's