This are the scripts that I use for competition purposes when blue teaming. Hi red team.
- Beacon Detection
- Common IPs
- Where users are logging in from
- Port Used? Outgoing traffic?
- Notify of each login clean
- List IP, User, Time
- SSH key or password, and where SSH key located
- Wall notify when user logs in
- Apparmor?
- Look for PHP shells
- Log all Web Requests
- Figure out how to install on all systems if possible
- Snoopy Parser????