How can I find, Which part of my system are infected or injected?


Jason Long

How can I find which part of my system changed by an attacker? For example, An attacker hack my system and inject a code into Kernel or insert a backdoor, How can I understand it?


Thank you.
I know the ClamAV and others but I means is detect it manually. Some tools like DeepFreeze exit for Linux and they Freeze System but Can I protect Kernel and sensitive part of my systems via "fail2ban" , "SElinux" or Others?
I'd use my versioned backups to compare changes over time. Backups have thousands of uses and helping solve security issues is in the top 5.

Members online