Practical audit advice you can use today.
# 30 : Baselining Services
It's pretty important that any system baseline include a list of all network services that are running on the system. Additionally, the baseline should include information on which binary, possibly even which process, is using each port. This information allows system administrators to automatically detect possible compromises in addition to being a very simple system for detecting undocumented changes to systems by the auditors.
In this webcast we'll take a fast look at Netstat, the /etc/services file and lsof to see how we can quickly and easily extract the network service information that is particularly relevant for a baseline.
© 2011, David Hoelzer & EnclaveForensics