So what I'm asking is if anyone know of a really good cli log analyzer.
I have one already that I use, but it's not installed on this server, and comes with a complete system that I really don't want right now.
I have done all the usual checkups, basically checked for things I would have done myself when breaking in somewhere xF
This includes, but not limited to;
* Checked all virtual sites for php shells
* Did a quick code review on my own code for vulnerabilities (none found, of course not, what do you take me for?)
* Scanned the whole server with ClamAV CLI for potential known threats
* Checked all running processes, nothing strange found
* Scanned for rootkits, nothing found
* Checked netstat for anything strange, nothing out of the ordinary
* Checked for updates (no problems there, I update the same day as there are any, Debian, stable updates etc)
* Checked installed web applications for known vulnerabilities, some were found actually (forgot to update roundcube and mediawiki for a while)
I guess it comes down to roundcube or mediawiki.
There was a critical vuln in my roundcube install, but it needed an account to exploit.
I did check the roundcube install anyway if the exploit had been used (it alters the config-file), but it had not been used.
I keep no super important stuff on that server, so it's not the whole world.
It's mostly about my pride
If someone did take a peek inside my server, they need to be rolled down a hill in a barrel filled with spikes
Any other advice is welcome, stuff that I have forgotten to check etc.
PS: roundcube and mediawike have been updated to the latest versions.
