Comment posted rkhunter, chkrootkit and unhide three Linux handy tools to find out if a Linux server is compromised by .
Recent comments by
Tags: administrator, atack, axu, bad stuff, brute force, brute forcer, chkrootkit, configure, Denial, denial of service, e store, forcer, handy tools, hash, kill, lead, linux server, local network, login, mfu, password, password string, postgresql, rkhunter, Romanian, root, script kiddie, script kiddies, security audit, Service, shadow, ssh, system users, test, tgz, tmp, tool, xas
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
It is also useful to use ss – another utility to investigate sockets together with netstat. ss just dumps socket statistics.
Some sample use of ss:
View CommentView Commentss tool is part of iproute package which also contains ip command/
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
To display all listening ports on a machine with ss:
View CommentView CommentMozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
To Auto kill hidden processes with ‘unhide’
View CommentView CommentMozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Here is more ss usage examples:
ss -t -a
Display all TCP sockets.
ss -u -a
Display all UDP sockets.
ss -o state established ‘( dport = :ssh or sport = :ssh )’
Display all established ssh connections.
ss -x src /tmp/.X11-unix/*
Find all local processes connected to X server.
ss -o state fin-wait-1 ‘( sport = :http or sport = :https )’ dst 193.233.7/24
View CommentView CommentList all the tcp sockets in state FIN-WAIT-1 for our apache to network 193.233.7/24 and look at their timers.