Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Olivier Sessink
March 18, 2006, 10:41 pm
rate this thread
does anyone know software that can do host-based intrusion detection
looking at which processes are running? I would like to detect for example
when user httpd has processes running except from cgi-bin, or when a
process is listening on a (previously closed) port, or when a certain user
owns a large number of processes...
I know that the first thing a hacked does is disabling this check, but
inbetween the hacker starting to hack, and getting root access, is usually
some time, and I hope to get a report in that time.
- Ertugrul Soeylemez
March 22, 2006, 10:32 am
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security