Wiki

User Tools

Site Tools

Trace: display_list_of_available_packages
hacking:determine_if_your_computer_is_hacked

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
hacking:determine_if_your_computer_is_hacked [2020/11/26 22:15] – created peterhacking:determine_if_your_computer_is_hacked [2020/11/26 22:28] (current) peter
Line 2: Line 2:
  
  
-===== Show a listing of last logged in users =====+===== Show a listing of users currently logged in =====
  
 <code bash> <code bash>
Line 28: Line 28:
 </code> </code>
  
 +----
 +
 +===== Show a listing of last logged in users =====
 +
 +<code bash>
 +last
 +</code>
 +
 +returns:
 +
 +<code bash>
 +...
 +peter    :0           :              Sun Aug  9 10:56 - crash  (00:28)
 +reboot   system boot  5.4.0-42-generic Sun Aug  9 10:56 - 16:48  (05:52)
 +peter    :0           :              Sun Aug  9 01:44 - down   (09:11)
 +reboot   system boot  5.4.0-42-generic Sun Aug  9 01:44 - 10:55  (09:11)
 +peter    :0           :              Sat Aug  8 23:48 - down   (01:55)
 +reboot   system boot  5.4.0-42-generic Sat Aug  8 23:47 - 01:43  (01:55)
 +peter    :0           :              Sat Aug  8 23:12 - crash  (00:35)
 +reboot   system boot  5.4.0-42-generic Sat Aug  8 23:12 - 01:43  (02:31)
 +peter    :0           :              Sat Aug  8 22:06 - crash  (01:06)
 +reboot   system boot  5.4.0-42-generic Sat Aug  8 22:05 - 01:43  (03:37)
 +peter    :0           :              Sat Aug  8 18:54 - down   (03:11)
 +reboot   system boot  5.4.0-42-generic Sat Aug  8 18:53 - 22:05  (03:11)
 +...
 +</code>
 +
 +
 +----
 +
 +===== Show last command by a user =====
 +
 +<code bash>
 +tail -n 100 ~/.bash_history 
 +</code>
 +
 +returns:
 +
 +<code bash>
 +...
 +df
 +htop
 +ip addr
 +sudo apt update
 +sudo apt upgrade 
 +systemd-resolve --status
 +sudo systemctl restart systemd-resolved
 +exit
 +...
 +</code>
 +
 +----
 +
 +===== Find System Files that have recently changed =====
 +
 +<code bash>
 +sudo find /etc /var -mtime -2
 +</code>
 +
 +returns:
 +
 +<code bash>
 +...
 +/etc
 +/etc/apport
 +/etc/apport/blacklist.d
 +/etc/cron.daily
 +/etc/bash_completion.d
 +/etc/pm/sleep.d
 +/etc/grub.d
 +/etc/default
 +/etc/default/grub
 +/etc/default/grub.d
 +/etc/systemd/system
 +...
 +</code>
  
hacking/determine_if_your_computer_is_hacked.1606428956.txt.gz · Last modified: 2020/11/26 22:15 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki