September 22, 2021

Linux Server-side security software

Can someone recommend software that would work like CarbonBlack / CrowdStrike / Cisco AMP for Endpoints – but deployable on Linux servers?

I’m imagining a scenario where you discover a server behaving in a way you find suspicious – opening connections, port scanning, etc. You want to :

* Identify the process and the binary responsible for it
* Identify the existence of that binary on the other servers
* Identify the vector – how that binary came to the server

Some of this could be done manually – but the amount of data can be staggering. If a server has an exploit that allowed the upload of the binary trough a breached webserver, well… you could imagine.

If there a software for handling this, the way it’s handled on desktops, that supports Linux? At least Red Hat and derivates (CentOS / Oracle Unbreakable / Rocky), and, maybe, Ubuntu?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.