How to check is a linux server is compromised or rooted?

This page summarizes the projects mentioned and recommended in the original post on /r/debian
Bpf Ebpf Tracing kprobes uprobes

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • bpftrace

    Discontinued High-level tracing language for Linux eBPF [Moved to: https://github.com/bpftrace/bpftrace]

    • bpftrace and/or bpfcc-tools can also be useful (dpkg -L bpftrace to see available tools). You can monitor files being opened/written at kernel level (opensnoop*, filelife*, filetop*), connections being established (tcp*bpfcc), etc.

  • bcc

    BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more

    • bpftrace and/or bpfcc-tools can also be useful (dpkg -L bpftrace to see available tools). You can monitor files being opened/written at kernel level (opensnoop*, filelife*, filetop*), connections being established (tcp*bpfcc), etc.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • rules

    Repository of yara rules

    • On the other hand, you could also use a Yara scanner (apt install yara) to scan for IOCs. Here's a good list of rules https://github.com/Yara-Rules/rules

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts