Looking for intruders with lsof

QUICK CHECK

Article from Issue 77/2007
Author(s):

Track down and expose intruders with the versatile admin tool lsof.

Has your server been cracked? Are your processes running wild? If you suspect an intrusion, you’ll need accurate information on what’s happening with the system. Open file handles are a useful source for this information. lsof scans the depths of the filesystem for these files and then returns comprehensive and detailed output.

To be fully prepared for an attack, you’ll need an Intrusion Detection System (IDS) like Snort, Tripwire or Aide to check the filesystem and data streams for suspicious patterns. However, if you don’t have the time or resources for a full-blown intrusion response, Linux has a number of standard command line programs capable of discovering tell-tale traces on a system. The usual suspects for server diagnosis are ps, netstat, top, fuser, and other friendly helpers.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Charly's Column: lsof

    The shorter a command, the longer the list of support parameters. This rule applies to lsof, one of Charly’s favorite commands.

  • Glsof-Queries Check Open Files

    Glsof-Queries is a GUI for the lsof (list open files) UNIX command with many query options. After a complete rework the open source tool is now available in version 1.0.0.

  • lsof

    In Linux, everything is a file – directories, devices, pipes – so lsof (list open files) reveals what's happening on your system.

  • Command Line: Processes

    Innumerable processes may be running on your Linux system. We’ll show you how to halt, continue, or kill tasks, and we’ll examine how to send the remnants of crashed programs to the happy hunting grounds.

  • Charly's Column: QPS

    The graphical tool QPS frees admins from Kafkaesque ambiguities about the cause, history, and side effects of running processes. Depending on the view, either clarity or detailed information dominate the scene.

comments powered by Disqus