2.4 Security tools

Here are some commands you can use to keep an eye on security.

Failed login attempts

To check if anyone has attempted to log in, use this to check for failed attempts:

cat /var/log/auth.log | grep Failed


To check if your firewall is correctly configured, or to check which ports and addresses are currently connected, use:

netstat -vautn

If you see any ports listed that you don't know or find suspicious, these might be some explanations:

  • 123 - This is the ntp deamon, it checks online to keep your system clock on time.
  • 3838 - When running Bittorrent Sync, this is the default port used for LAN search.
  • 8080 and 8081 - There are usually used by web servers. If you're not running a server but are running motion, this might be used for its web-access.

Network traffic

iftop, it's like ifconfig and top had a baby:

sudo apt-get install iftop

results matching ""

    No results matching ""