User Tools
Table of Contents
Root Login Detection
Linux
You can use these commands to check your Linux server for root logins. You cannot trust these commands to definitively show that your server has not been hacked or cracked as careful crackers may manipulate the output shown.
Check a Linux Server for Root Logins
The last command uses the utmp and wtmp files to display login history.
last
The lastb command shows failed login attempts.
lastb
This will show successful logins. There are always lots of unsuccessful ones.
cat /var/log/messages.*|grep Accepted
or
cat /var/log/secure.*|grep Accepted
This will do a reverse-lookup on an IP address to check an unknown login:
dig -x xxx.xxx.xxx.xxx
This will lookup a domain that you might be curious about.
whois domain.com
Linux Malware Detect
http://www.limecanvas.com/installing-linux-malware-detect-centos-6-vps/
http://www.tecmint.com/install-linux-malware-detect-lmd-in-rhel-centos-and-fedora/
Root Kit Hunter
http://daniel-farm.com/install-linux-rkhunter-rootkit-hunter-rhel-centos-fedora/
http://www.tecmint.com/install-linux-rkhunter-rootkit-hunter-in-rhel-centos-and-fedora/
http://hackingbuzz.com/hunt-rootkits-with-rootkit-hunter-tool/
yum install rkhunter rkhunter --update rkhunter --propupd rkhunter --help rkhunter --check
