Showing posts from May, 2014

SSH login notification

Use SNORT Use /etc/profile Use pam_notify module Use auditd auditctl -A exit,always -S connect auditctl -A exit,always -S accept Monitor the /var/log/auth.log

Linux monitoring

htop - interactive process viewer atop - interactive load monitor top - interactive task monitor ss -s - connection counts and states

12 million concurrent connections - stock linux