Find the answer to your Linux question:
Results 1 to 2 of 2
The Setup: I have a CentOS server I just inherited and we don't have adequate documentation for how it was configured. The problem: My security officer is detecting irregular outbound ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2005
    Posts
    1

    Port monitoring or real time netstat


    The Setup:
    I have a CentOS server I just inherited and we don't have adequate documentation for how it was configured.

    The problem:
    My security officer is detecting irregular outbound connections over SSH from the server to the previous vendor, but we don't know where to start to find out what application on the server is configured for this.

    The idea:
    Is there some way to monitor for outbound connections, and when an outbound SSH connection opens, trigger a "netstat -p | grep ssh" command to find out what process is doing it? That way we could go to the config files for that application and change the config?

    Or, is there a realtime command to monitor outbound connections and their process, sort of like a combination of wireshark and netstat that I can use to dump a log to go over later?

    The server is just a web server serving OpenCMS content. It has a few other things to support this. It has Nagios installed but we don't know who to configure it to monitor what we are looking for (not much of a linux shop here_.

    Any suggestions would be appreciated.

  2. #2
    Linux Newbie hans51's Avatar
    Join Date
    May 2011
    Posts
    136
    my security advice
    clean up entire drive
    make a clean fresh install you know
    that is the only way to guarantee security
    else you may watch any number of time until all time sensitive earlier actions become active - what you have is some kind of potential time bomb.

    Linux fresh install is easy and would be my own choice of action in case of a preinstalled server with unknown configuration and may be limited trust for the vendor(previous user).

    if you really want just to monitor
    may be ntop is a traffic monitoring tool with a wide range of graphical output easy to read
    if properly setup, the output then is in a browser at
    Open Source and Linux Forums
    on the install server

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •