CLI Magic: Trojan Scan

Filed under
HowTos

We're all about security this week. Not the security you get from being all wrapped up in a baby-blanket, coddling, gratuitous GUI, but the kind that comes from knowing who is connected to your machine, and why. Trojan Scan is a simple but effective tool that monitors connections and alerts you to unauthorized activity of the sort that a rootkit, trojan, or other bad-to-the-bone-ware might engage in. Jump down out of that hi-tech hammock you're in and let's take a look.

Trojan Scan is crafted in the finest Unix tradition, building on and combining existing tools to scratch a particular itch. Most of the work is done by the lsof command, which lists open files. What good is that, you ask, when checking for connections? Remember, in Unix, everything is a file, so the answer is that it's plenty good. Trojan Scan invokes lsof like this:

Full Article.