How do I know whether my Debian is being hacked/infected?
Inspect your auth.log
:
sudo less /var/log/auth.log
You can run w
and who
commands on the command line to see what is being run and who is connected to your machine. Additionally, you can use netstat -a
to see active internet connections.
If you find users you don't recognized connecting to/from unknown addresses/sites then you may want to investigate further.
well, it seems that I was a bit paranoid :)
I also found chkrootkit and its howto at: http://www.howtoforge.com/scan_linux_for_rootkits
anyway, thanks for all these answers!