Abdelkader Belahcene wrote:
Thanks,I am simpler user on laptop, with ssh server running. Ther is no important data on my laptop!!!Suddenly my Desktop froze,I changed the screen (CTRL+ALT+F1), I noticed that I was logout, so something jected me!!!I restart the gdm, after that I continued normally.I never had this kind of problem, before I was not connected directly to Internet, now I am. For this reason I doubt, moreover my password is not strong enough.Ok, Now I want to know where to find, any indication, if any, for intrusion.
grep sshd /var/log/auth.logThat should tell you if somebody logged in to your system remotely. Note that unless the attacker was not able to gain root access, it is likely that the log file might have been wiped clean of traces.
thanks again best regards bela2008/12/30 abdelkader belahcene <abelahcene@gmail.com>:Hi, I fear that an attack or an entry in my PC has occured, how to find the trace of the attacks. thanks a lotIt really depends upon what you suspect occurred,and how, and what the machine is responsible for. Be more specific. 1) Why do you suspect that your machine was compromised? 2) What does the machine do? Desktop machine? Sensitive nuclear secrets database? 3) Does the computer contain information that, if leaked, could compromise your organization? 4) Does the computer contain information that, if erased, could be a liability to your organization? 5) How recent is your last backup that is known to be from before the breach? 6) Is identifying the attacker a priority? You should probably consult a forensics expert if this is anything other than a home desktop.
--
If you can't explain it simply, you don't understand it well enough.
-- Albert Einstein