Detecting if application connects remotely in linux
Consider me the average Linux user. I know the basics of shell scripting and intermediate Python. However, I have very limited knowledge of system admin or security related matters.
Background:
Say that I have a Python application just in the form of a cloned github repo. I simply run a .py file to start a python 3 tk-inter application. The application does not require a connection to operate, but does use quite an extensive amount of other libraries.
Further, say that I am paranoid that the application could be sharing files (or other information, but focus on files) from my system remotely. Thus I have done what I can to manually check the source code for suspicious code and scanned the repo with ClamAV.
Questions:
- Would this even be possible for an application to do undetected (assuming that I am not completely oblivious to whats happening on my system)?
- How would I easiest and/or best detect it? e.g. could I perhaps monitor the internet traffic of certain processes to see if it's transferring, or something else?
I am on Ubuntu 22.04 and the application runs in an Python 3.10 venv.
If these questions are better suited for askubuntu, or elsewhere, please let me know and I'll remove it. Also, apologies if it's too vague or if it seems trivial; I'd be happy to edit it; let me know what's missing. Also unsure about the tags.
