You can use these commands to check your Linux server for root logins. You cannot trust these commands to definitively show that your server has not been cracked as careful crackers may manipulate the output shown.
Check a Linux Server for Root Logins
The 'last' command uses the utmp and wtmp files to display login history.
last
The 'lastb' command shows failed login attempts.
lastb
This will show successful logins. There are always lots of unsuccessful ones.
cat /var/log/messages.*|grep Accepted
or
cat /var/log/secure.*|grep Accepted
This will do a reverse-lookup on an IP address to check an unknown login:
dig -x xxx.xxx.xxx.xxx
This will lookup a domain that you might be curious about.
whois domain.com
| < Prev | Next > |
|---|
