Data output object. For use with the Watchlog modules.
Make a tree out of ps output...also used to check for unauthorized root shells
Make a process tree using the Proc::ProcessTable module. Only tested on Solaris, although Linux may work. Check out the current state of the Proc::ProcessTable module.
Watches your logs ala tail -f and reports nasty things.
0.1->0.2 Fixed bug that could hang the program after a log rotation
Log ports scans to syslog
Checks filesystems for suspicious directory names
Checks for promisc mode on Solaris
Stats on your logs, fast.
Turn off all unwanted suid programs -- run in a cron job before your most recent patches are disted out
attempt to execute code on stackshows up in the logs...be sure to put
set noexec_user_stack = 1 set noexec_user_stack_log = 1in /etc/system and reboot. (Although this can get tripped by non-malicious programs as well)