hacking:determine_if_your_computer_is_hacked
Table of Contents
Hacking - Determine if your computer is hacked
Show a listing of users currently logged in
w
returns:
22:14:53 up 9 days, 5:40, 1 user, load average: 1.45, 1.52, 1.45 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT peter :1 :1 17Nov20 ?xdm? 42:26m 0.00s /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu /usr/bin/gnome-session --systemd --session=ubuntu
who
returns:
peter :1 2020-11-17 16:34 (:1)
Show a listing of last logged in users
last
returns:
... peter :0 :0 Sun Aug 9 10:56 - crash (00:28) reboot system boot 5.4.0-42-generic Sun Aug 9 10:56 - 16:48 (05:52) peter :0 :0 Sun Aug 9 01:44 - down (09:11) reboot system boot 5.4.0-42-generic Sun Aug 9 01:44 - 10:55 (09:11) peter :0 :0 Sat Aug 8 23:48 - down (01:55) reboot system boot 5.4.0-42-generic Sat Aug 8 23:47 - 01:43 (01:55) peter :0 :0 Sat Aug 8 23:12 - crash (00:35) reboot system boot 5.4.0-42-generic Sat Aug 8 23:12 - 01:43 (02:31) peter :0 :0 Sat Aug 8 22:06 - crash (01:06) reboot system boot 5.4.0-42-generic Sat Aug 8 22:05 - 01:43 (03:37) peter :0 :0 Sat Aug 8 18:54 - down (03:11) reboot system boot 5.4.0-42-generic Sat Aug 8 18:53 - 22:05 (03:11) ...
Show last command by a user
tail -n 100 ~/.bash_history
returns:
... df htop ip addr sudo apt update sudo apt upgrade systemd-resolve --status sudo systemctl restart systemd-resolved exit ...
Find System Files that have recently changed
sudo find /etc /var -mtime -2
returns:
... /etc /etc/apport /etc/apport/blacklist.d /etc/cron.daily /etc/bash_completion.d /etc/pm/sleep.d /etc/grub.d /etc/default /etc/default/grub /etc/default/grub.d /etc/systemd/system ...
hacking/determine_if_your_computer_is_hacked.txt · Last modified: 2020/11/26 22:28 by peter