LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   IPtables and process tracking (http://www.linuxquestions.org/questions/linux-security-4/iptables-and-process-tracking-4175427849/)

bweddell 09-18-2012 11:25 AM

IPtables and process tracking
 
I am using CentOS 5.8.

In addition to input filtering rules, I'm using output filtering rules also along with logging activity before a drop.

I see in my logs what appear to be attempts at getting to particular IP addresses. I don't know if this is normal for the web sites I'm hosting, or if this is something more sinister.

Does IPtables provide the ability to show what process, or even better what command (in context of ps ef for example) is being executed before a packet is logged/dropped?

I've looked at --log-uid but I was hoping for more information, not the UID that triggered the log entry. Again, I am looking for the command that is executed.

unSpawn 09-18-2012 12:32 PM

See if this gets your audit trail going?


All times are GMT -5. The time now is 05:44 AM.