2.4 Security tools
Here are some commands you can use to keep an eye on security.
Failed login attempts
To check if anyone has attempted to log in, use this to check for failed attempts:
cat /var/log/auth.log | grep Failed
To check if your firewall is correctly configured, or to check which ports and addresses are currently connected, use:
If you see any ports listed that you don't know or find suspicious, these might be some explanations:
123- This is the ntp deamon, it checks online to keep your system clock on time.
3838- When running Bittorrent Sync, this is the default port used for LAN search.
8081- There are usually used by web servers. If you're not running a server but are running motion, this might be used for its web-access.
iftop, it's like
top had a baby:
sudo apt-get install iftop iftop