Why I often watch the I/O and interrupts for unusual activity as well as the logs. If there's disk access or a connection, I want to know the process, content, and why to optimize usage and find waste, especially a misbehaved process, or worse, a compromise of security. It hasn't happened yet that I know.
https://www.go350.com/posts/digital-secrets/
#Linux #unix #security