{"id":4888,"date":"2025-11-07T10:35:48","date_gmt":"2025-11-07T09:35:48","guid":{"rendered":"https:\/\/infosec.andreas-klingler.de\/?p=4888"},"modified":"2025-11-07T11:55:03","modified_gmt":"2025-11-07T10:55:03","slug":"threat-hunting-on-linux","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=4888","title":{"rendered":"Threat Hunting on&nbsp;Linux"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Show sys\u00adtem files which were changed after installation.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">dpkg --verify<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Check var\u00adi\u00adous secu\u00adri\u00adty relat\u00aded issues:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">checksecurity<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Tools<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The sys\u00adtem <a href=\"https:\/\/github.com\/aide\/aide\">aide<\/a> can be used to detect file changes. Has to be installed before.<\/li>\n\n\n\n<li>Trip\u00adwire may be bet\u00adter, a more com\u00adpre\u00adhen\u00adsive tool with actu\u00adal documentation.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Show sys\u00adtem files which were changed after instal\u00adla\u00adtion. dpkg \u2013ver\u00adi\u00adfy Check var\u00adi\u00adous secu\u00adri\u00adty relat\u00aded issues: check\u00adse\u00adcu\u00adri\u00adty&nbsp;Tools<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[523,512],"tags":[61,527],"class_list":["post-4888","post","type-post","status-publish","format-standard","hentry","category-forensic","category-incident-response","tag-forensic","tag-threat-hunting"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/4888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4888"}],"version-history":[{"count":3,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/4888\/revisions"}],"predecessor-version":[{"id":4893,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/4888\/revisions\/4893"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}