Huolala Tech

Nov 3, 2020 · Information Security

Real-Time Linux Process Auditing with Netlink Connector and ncp

This article explains how the Linux netlink connector, together with a lightweight user‑space ncp program, can audit all process events in real time, enabling detailed host security monitoring, detection of intrusion behaviors such as reverse shells, and reconstruction of attack chains through captured exec, fork, and exit data.