When a production server shows unexpected high CPU usage and unknown login activity, this guide walks Linux ops engineers through confirming intrusion, stopping the attacker, tracing the attack path, removing backdoors, restoring system integrity, and applying hardening measures to prevent future breaches.
The article examines why traditional Linux commands like ps, netstat, and ss cannot be trusted on a potentially root‑kit‑infected system, introduces the LinIR tool that collects forensic data without relying on the host's user‑space toolchain, and compares it against manual scripts, other automation tools, and commercial EDR solutions.
This comprehensive guide walks you through Linux server hardening—covering account and login security, remote access safeguards, file system protection, rootkit detection tools, and step‑by‑step incident response—to help you prevent breaches and recover swiftly if an attack occurs.
A dramatized Linux security incident shows how administrators use commands like top, ps, netstat, and the unhide tool to discover hidden mining processes, isolate suspicious network connections, and finally terminate the malicious hidden PID, illustrating practical techniques for rootkit detection and response.
This comprehensive guide walks operations engineers through Linux security hardening—covering account and login protection, service minimization, password and key authentication, proper use of su/sudo, banner trimming, remote access safeguards, file system security, rootkit detection tools, and step‑by‑step post‑attack response—to build resilient servers against modern threats.
This guide outlines comprehensive Linux security practices for administrators, covering account and login protection, service minimization, password and key authentication, sudo usage, system welcome message hardening, remote access safeguards, filesystem permissions, rootkit detection tools, and step‑by‑step response procedures after a server compromise.
Learn how to systematically examine a Linux host for compromise by checking logs, user accounts, processes, file integrity, network activity, scheduled tasks, services, and rootkits, using built‑in commands and RPM verification to uncover hidden threats.
This guide introduces RKHunter, an open‑source Linux intrusion detection tool, detailing its key features, core functions such as MD5 checks and rootkit detection, step‑by‑step usage commands, database updates, and a quick installation process for version 1.4.2.
