User Tools

Site Tools


hacking:determine_if_your_computer_is_hacked

Hacking - Determine if your computer is hacked

Show a listing of users currently logged in

w

returns:

 22:14:53 up 9 days,  5:40,  1 user,  load average: 1.45, 1.52, 1.45
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
peter    :1       :1               17Nov20 ?xdm?  42:26m  0.00s /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu

who

returns:

peter    :1           2020-11-17 16:34 (:1)

Show a listing of last logged in users

last

returns:

...
peter    :0           :0               Sun Aug  9 10:56 - crash  (00:28)
reboot   system boot  5.4.0-42-generic Sun Aug  9 10:56 - 16:48  (05:52)
peter    :0           :0               Sun Aug  9 01:44 - down   (09:11)
reboot   system boot  5.4.0-42-generic Sun Aug  9 01:44 - 10:55  (09:11)
peter    :0           :0               Sat Aug  8 23:48 - down   (01:55)
reboot   system boot  5.4.0-42-generic Sat Aug  8 23:47 - 01:43  (01:55)
peter    :0           :0               Sat Aug  8 23:12 - crash  (00:35)
reboot   system boot  5.4.0-42-generic Sat Aug  8 23:12 - 01:43  (02:31)
peter    :0           :0               Sat Aug  8 22:06 - crash  (01:06)
reboot   system boot  5.4.0-42-generic Sat Aug  8 22:05 - 01:43  (03:37)
peter    :0           :0               Sat Aug  8 18:54 - down   (03:11)
reboot   system boot  5.4.0-42-generic Sat Aug  8 18:53 - 22:05  (03:11)
...

Show last command by a user

tail -n 100 ~/.bash_history 

returns:

...
df
htop
ip addr
sudo apt update
sudo apt upgrade 
systemd-resolve --status
sudo systemctl restart systemd-resolved
exit
...

Find System Files that have recently changed

sudo find /etc /var -mtime -2

returns:

...
/etc
/etc/apport
/etc/apport/blacklist.d
/etc/cron.daily
/etc/bash_completion.d
/etc/pm/sleep.d
/etc/grub.d
/etc/default
/etc/default/grub
/etc/default/grub.d
/etc/systemd/system
...
hacking/determine_if_your_computer_is_hacked.txt · Last modified: 2020/11/26 22:28 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki