How do I know whether my Debian is being hacked/infected?

Inspect your auth.log:

sudo less /var/log/auth.log

You can run w and who commands on the command line to see what is being run and who is connected to your machine. Additionally, you can use netstat -a to see active internet connections.

If you find users you don't recognized connecting to/from unknown addresses/sites then you may want to investigate further.


well, it seems that I was a bit paranoid :)

I also found chkrootkit and its howto at: http://www.howtoforge.com/scan_linux_for_rootkits

anyway, thanks for all these answers!