Find the answer to your Linux question:
Results 1 to 5 of 5
Hi, if I haven't any evidences this not means that my box was not been hacked..so if I have the doubt of simply I want check the integrity of my ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    2

    Check to look for evidences


    Hi,
    if I haven't any evidences this not means that my box was not been hacked..so if I have the doubt of simply I want check the integrity of my pc what should I do ?
    Where should I try to search to find something ?
    Thanks for any help.
    admlewis

  2. #2
    Linux Guru rokytnji's Avatar
    Join Date
    Jul 2008
    Location
    Desert
    Posts
    4,087
    One way is open a terminal and type in

    Code:
    whoami
    Linux Registered User # 475019
    Lead,Follow, or get the heck out of the way. I Have a Masters in Raising Hell
    Tech Books
    Free Linux Books
    Newbie Guide
    Courses at Home

  3. #3
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by admlewis View Post
    Hi,
    if I haven't any evidences this not means that my box was not been hacked..so if I have the doubt of simply I want check the integrity of my pc what should I do ?
    Where should I try to search to find something ?
    Thanks for any help.
    admlewis
    You can start by looking in the system logs. The main one for Linux is typically
    Code:
    /var/log/messages
    You can also check
    Code:
    /var/log/secure
    You should find login attempts in these log files. If the audit package is installed and running, that is a good source of activity tracking, too.

    you can also download and run a root kit detection program. I know that rkhunter is in the Fedora repos and is fairly popular.

  4. #4
    Linux Guru rokytnji's Avatar
    Join Date
    Jul 2008
    Location
    Desert
    Posts
    4,087
    Linux Registered User # 475019
    Lead,Follow, or get the heck out of the way. I Have a Masters in Raising Hell
    Tech Books
    Free Linux Books
    Newbie Guide
    Courses at Home

  5. #5
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    that's a good thread. it reminds me, you can do a quick scan of your own machine to see which ports are currently open. good ol' nmap:

    Code:
    nmap -n localhost
    here is example output:
    Code:
    Starting Nmap 5.51 ( http://nmap.org ) at 2012-04-19 20:47 EDT
    Nmap scan report for localhost (127.0.0.1)
    Host is up (0.0021s latency).
    Not shown: 985 closed ports
    PORT      STATE SERVICE
    22/tcp    open  ssh
    80/tcp    open  http
    111/tcp   open  rpcbind
    389/tcp   open  ldap
    443/tcp   open  https
    3306/tcp  open  mysql
    5802/tcp  open  vnc-http-2
    5902/tcp  open  vnc-2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •