How to identify if the server was hacked or not?

O

Olfaer2020-01-26 18:37:24

linux

Olfaer, 2020-01-26 18:37:24

Hello. Recently, I noticed excessive activity on the network on my server, although I have many services installed, but there should not have been any activity, since ip, like the domain, I almost didn’t shine anywhere,
tell me how to fully monitor the network in linux debian 10?
And how can you detect a hack if there is one?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

C

CityCat4, 2020-01-27
@CityCat4

Here, in theory, there should be a Barmin patch :) But it won’t, because it will actually use it :)

X

xmoonlight, 2020-01-26
@xmoonlight

although I have many services installed .... tell me how to fully monitor the network in linux debian 10

We got into the car, pressed the gas, but you don’t know how to steer and slow down?)))
Geolocation of IP addresses
Show the network traffic and IPv4/IPv6 hosts
Analyze the traffic and sort it according to the source/destination
Store traffic statistics in RRD format
Report and sort IP protocol usage by protocol type

A

AUser0, 2020-01-27
@AUser0

Traffic? Look at least at /var/log/auth.log, some services add authorization events there, including attempts to crack / guess a password. Maybe just network scanners are hammering you, trying to break through, that's the traffic ...
Find out if they've been hacked? You can check the binaries of installed programs with the debsums utility in case they are modified. Antivirus programs for UNIX-like also exist, you can use it.