What should I be checking for unwanted access

R

RobAPI

New member
Hey,
Just wanted to know if someone could tell me what exactly I should be checking to make sure I don't have unwanted access on a dedicated server?
Just checking for attempts to login to SSH to the root user or anything similar that could effect the security of the server.

Thanks
 
Do things like setup logwatch and check the log emails daily..

check the "last" command and see if there is any weird logins you dont remember doing..

Check /var/log/messages to see if anything strange is happening...

Basically just look over the logs and login attemps and see if you notice anything funky.
 
Should I be checking the security output from cPanel?
I mean the output which is emailed, I check it every now and again but don't understand everything on it, still do understand most of it though but not sure how to make proper use of it.

Thanks Rob :)
 
Try installing Brute Force detector and chrootkit.

I usually do "last -10" when I log into Shell to see if anyone gained access to the server.

Hope it helps,
Francisco
 
You must log in or register to reply here.

Supporters

Back
Top