A server has been compromised by a virus, which causes increased CPU utilization.
We can find these processes using CPU.
How can we find these processes and where the virus is located?
Asked
Active
Viewed 41 times
1 Answers
0
Sysmon for Linux is a tool that monitors and logs system activity including process lifetime, network connections, file system writes, and more. Sysmon works across reboots and uses advanced filtering to help identify malicious activity as well as how intruders and malware operate on your network. Sysmon for Linux is part of Sysinternals.
https://github.com/microsoft/SysmonForLinux
Process Monitor (Procmon) is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
https://github.com/microsoft/ProcMon-for-Linux
These may not products that you would run on a normal basis, but can be useful for forensic analysis.
Greg Askew
- 39,132