Security Strategies in Linux Platforms and Applications, 3rd Edition by Ric Messier, Michael Jang

Performing Regular Performance Audits

To determine whether there is a problem, you must have a baseline for a system—not only in terms of files but also in terms of behavior while the system is running. You should implement tools like Tripwire and the Advanced Intrusion Detection Environment (AIDE), but the abilities of those tools are by and large limited to the static characteristics of a system. You also need to know what happens dynamically. To that end, Linux provides some basic tools, such as the ps and top commands. Linux also allows the tracking of system status with the sysstat package. If you suspect or detect a problem, additional commands are available, such as strace, ldd, and lsof.