[ Thanks to Benjamin
D. Thomas for this link. ]
“Have you ever suspected or been notified that your Linux
system is under attack? How do you determine whether your system
has been compromised? This document is intended to explain how an
administrator can implement basic security incident investigation
techniques.“
“As mentioned in the Intrusion Detection Primer, the process of
preventing and detecting security breaches by monitoring user and
application activity is known as intrusion detection. It is a
proactive process that requires the constant attention. In this
document I explain step-by-step how to monitor user and application
activity using standard Linux/Unix commands. This document is
intended to be read by novice Linux who are interested in
security.”
“Who are the intruders and where are they from? Intruders may be
curious teenagers, disgruntled employees, or even professional
criminals from rival companies. Attacks can originate from
practically anywhere in the world via the Internet or dialup lines.
This fact makes intrusion investigation a difficult task.”