一樣參考
https://github.com/certsocietegenerale/IRM/blob/master/EN/IRM-3-UnixLinuxIntrusionDetection.pdf

CPU
Memory
DiskI/O
Network
netstat -tulnp
netstat -anp
GPU
參考這，非常詳細 http://www.brendangregg.com/linuxperf.html

Account
awk -F : '$3 > 499' /etc/passwd
檢查以下三的檔案，用md5sum每日比對
/etc/passwd
/etc/group
/etc/shadow
Firewall
iptables -L -n --line-number

Event (鳥哥 http://linux.vbird.org/linux_basic/0570syslog.php#logwatch

DNS (鳥哥 http://linux.vbird.org/linux_server/0350dns.php#DNS_resolver_file
/etc/hosts
/etc/resolv.conf
/etc/nsswitch.conf

Process
ps -aux
ps auxef
top -n 1

Port
netstat -ano

NTP (鳥哥 http://linux.vbird.org/linux_server/0440ntp.php
vi /etc/ntp.conf

Event查看是否有異常檔案名稱
find / -name "*"
find / -name ".*"
find / -name "..*"

crontab查看是否有異常的排程
crontab -u root -l
ls –la /etc/cron.*
cat /etc/anacrontab

檢查orphaned files
sudo find / -xdev -type d \( \( -user nobody -o -group nogroup \) -o -perm -777 \)

找SUID及GUID的檔案
find / -uid 0 -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \;

init
ls -alt /etc/init*
chkconfig --list

SSH
cat /root/.ssh/*

其他工具:
http://www.chkrootkit.org/

Linux Hardening Guide

推薦書籍
鳥哥一系列

Linux資訊安全聖經