Check to look for evidences

**admlewis** · 04-19-2012

Hi,
if I haven't any evidences this not means that my box was not been hacked..so if I have the doubt of simply I want check the integrity of my pc what should I do ?
Where should I try to search to find something ?
Thanks for any help.
admlewis

**rokytnji** · 04-19-2012

One way is open a terminal and type in

Code:

whoami

***atreyu*** · 04-19-2012

Originally Posted by admlewis

Hi,
if I haven't any evidences this not means that my box was not been hacked..so if I have the doubt of simply I want check the integrity of my pc what should I do ?
Where should I try to search to find something ?
Thanks for any help.
admlewis

You can start by looking in the system logs. The main one for Linux is typically

Code:

/var/log/messages

You can also check

Code:

/var/log/secure

You should find login attempts in these log files. If the audit package is installed and running, that is a good source of activity tracking, too.

you can also download and run a root kit detection program. I know that rkhunter is in the Fedora repos and is fairly popular.

**rokytnji** · 04-19-2012

This thread may help also

http://www.linuxforums.org/forum/new...-computer.html

***atreyu*** · 04-20-2012

that's a good thread. it reminds me, you can do a quick scan of your own machine to see which ports are currently open. good ol' nmap:

Code:

nmap -n localhost

here is example output:

Code:

Starting Nmap 5.51 ( http://nmap.org ) at 2012-04-19 20:47 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0021s latency).
Not shown: 985 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
111/tcp   open  rpcbind
389/tcp   open  ldap
443/tcp   open  https
3306/tcp  open  mysql
5802/tcp  open  vnc-http-2
5902/tcp  open  vnc-2

Thread Tools

Display

Check to look for evidences

Posting Permissions