Linux Intrusion Detection and Incident Response: A Practical Guide to Security Event Investigation
This guide walks through building a layered intrusion detection system on Linux, comparing HIDS tools such as AIDE, rkhunter, and auditd, detailing installation, configuration, baseline management, automated response scripts, forensic data collection, monitoring, and best‑practice hardening for effective security event investigation and remediation.
