1
1
My laptop seems to be acting rather weird - saying that another person is logged in when I try to shut it down (or maybe it likes being turned on).
So how do I know whether my Debian laptop is being hacked or not?
Are there some kind of general guidelines for checking?
user269334
Posted 2011-08-08T16:55:17.983
Reputation: 411
4
Inspect your auth.log:
sudo less /var/log/auth.log
Michał Šrajer
Posted 2011-08-08T16:55:17.983
Reputation: 2 495
3
You can run w and who commands on the command line to see what is being run and who is connected to your machine. Additionally, you can use netstat -a to see active internet connections.
If you find users you don't recognized connecting to/from unknown addresses/sites then you may want to investigate further.
sbtkd85
Posted 2011-08-08T16:55:17.983
Reputation: 531
1
well, it seems that I was a bit paranoid :)
I also found chkrootkit and its howto at: http://www.howtoforge.com/scan_linux_for_rootkits
anyway, thanks for all these answers!
user269334
Posted 2011-08-08T16:55:17.983
Reputation: 411
2unplug the network cable. if you still get the same message, then it's a problem with the comp, not a hacker – Nate Koppenhaver – 2011-08-08T17:18:59.177
you probably had logged in as a root in the terminal and closed the terminal window without logging out – Baha – 2011-08-08T17:20:36.490
So what does it really do? Can you be a bit more specific (e.g. what does it say exactly)? – slhck – 2011-08-08T19:45:23.833