Port monitoring or real time netstat
I have a CentOS server I just inherited and we don't have adequate documentation for how it was configured.
My security officer is detecting irregular outbound connections over SSH from the server to the previous vendor, but we don't know where to start to find out what application on the server is configured for this.
Is there some way to monitor for outbound connections, and when an outbound SSH connection opens, trigger a "netstat -p | grep ssh" command to find out what process is doing it? That way we could go to the config files for that application and change the config?
Or, is there a realtime command to monitor outbound connections and their process, sort of like a combination of wireshark and netstat that I can use to dump a log to go over later?
The server is just a web server serving OpenCMS content. It has a few other things to support this. It has Nagios installed but we don't know who to configure it to monitor what we are looking for (not much of a linux shop here_.
Any suggestions would be appreciated.