How do I know whether my Debian is being hacked/infected?

security debian debian-squeeze

Inspect your auth.log:

sudo less /var/log/auth.log

You can run w and who commands on the command line to see what is being run and who is connected to your machine. Additionally, you can use netstat -a to see active internet connections.

If you find users you don't recognized connecting to/from unknown addresses/sites then you may want to investigate further.


well, it seems that I was a bit paranoid :)

I also found chkrootkit and its howto at: http://www.howtoforge.com/scan_linux_for_rootkits

anyway, thanks for all these answers!

Related

How to use wireless router (tp-link archer c7) as Wi-Fi to ethernet adapter?
Why do I feel a strain on my eyes when I look at the 19" matte display?
Install Windows on Mac Natively
C# - How to customize OpenFileDialog to select multiple folders and files?
Windows 8 and ubuntu 12.04 dual boot
Is there really no hope to upgrade the graphic card of a laptop?
renaming a fat16 volume
Does BufferedReader.ready() method ensure that readLine() method does not return NULL?
Cell value string to Int in OpenOffice Calc?
Bind multimedia keys
Why does my computer crash when I use 2 memory sticks? [duplicate]
Multi domain mail server