Hi James,
it depends totally on your OS and the applications running. E.g. for Solaris you might want to check files as who, last and other which hackers like to modify using file and md5 to detect any changes. If an apache is running you might like to see at least x httpd with procs ... And so on.
greetings
rolf
Hello All,
I’ve just moved over my Big Brother monitoring to Hobbit
and I’m looking for suggestions for the files, ports, and
procs category. Are there any default recommendations?
Thanks….James
--
Mit freundlichen Gruessen
Rolf Schrittenlocher
HRZ/BDV, Senckenberganlage 31, 60054 Frankfurt Tel: (XX) XX - XXX XXXXX Fax: (XX) XX - XXX XXXXX
LBS: user-1e39a1813094@xymon.invalid
Persoenlich: user-6ea8e907e200@xymon.invalid