Monitoring Linux File access, Changes and Data Modifications

Monitoring File access, Changes and Data Modifications   Linux has several solutions to monitor what happens with your data. From changing contents to who accessed particular information, and at what time. For our auditing toolkit Lynis, we researched and tested several solutions over the last few years. In this article we have a look at these solutions to monitor file access, changes and modifications to the data and beyond. What is Data? Data is a collection of bits, ordered in […]

Read more

Detecting Linux rootkits

What is a rootkit? A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools. Hiding by manipulation The tools in the rootkit are typically altered binaries that provide an alternative truth. They will display everything a typical command would do, except those parts that […]

Read more

Linux Audit Framework: using aureport

Linux Audit Framework: using aureport The Linux audit framework logs events, as specified by the configured watches. To extract particular events we can use the ausearch or aureport tools. The latter is the one we will focus on in this article, to get the most out of the tool. Aureport The aureport utility can be executed without any parameters. It will then extract all audit events available from the log. Since the audit log can be very big, it might […]

Read more

Antivirus for Linux: is it really needed?

The question regarding the need for antivirus for Linux is after years still relevant. It is asked at forums and shows up regularly at Quora. As the original author of rkhunter, a malware scanner for Linux and Unix systems, I analyzed many malicious software components. You might be wondering that if there is malware, there is also a need for a scanner, right? It is actually not that easy to answer. It depends… So is antivirus on Linux really needed […]

Read more