You can also assume you are compromised and use a solution like a Faraday cage. If you’re trying to detect advanced spyware, it might be better to check network activity from outside the device like what network activity is the router managing for the computer.
FWIW, if you suspect your machine has been compromised, the binaries for common tools like ps and top shouldn’t be relied upon since those probably were tampered with to hide the malicious program from the output. At that point, you’d probably want to check each running process manually under /proc/.
@RavenofDespair@lemmy.ml to add to this; you can use a firewall that’s aware of what your systems is trying to contact. pfsense does this in their premium products and i’ve heard ubiquiti starting doing this as well.
You can
ps auxfin the terminalYou can also assume you are compromised and use a solution like a Faraday cage. If you’re trying to detect advanced spyware, it might be better to check network activity from outside the device like what network activity is the router managing for the computer.
FWIW, if you suspect your machine has been compromised, the binaries for common tools like
psandtopshouldn’t be relied upon since those probably were tampered with to hide the malicious program from the output. At that point, you’d probably want to check each running process manually under/proc/.As of AV software I would like to point to ClamAV and Rkhunter.
Both should be available in most distro’s package repository.
@RavenofDespair@lemmy.ml to add to this; you can use a firewall that’s aware of what your systems is trying to contact. pfsense does this in their premium products and i’ve heard ubiquiti starting doing this as well.
deleted by creator