Home > Article > Operation and Maintenance > How to check if centos is invaded
How to check whether centos is invaded: 1. Use the last command to view the system login log; 2. Use the lastb command to view the system login failure log; 3. Use the "last -f /var/log/wtmp" command to view You can log in.
The operating environment of this article: centos 6.4 system, Dell G3 computer.
The last command is used to display recent user or terminal login status. By viewing the log of the program through the last command, the administrator can learn who has or attempted to connect to the login server.
Log in to the system and enter last. Let’s check if anyone has logged in to the system.
As shown below
The function of the lastb command is to display recent login failures. Log records, if the server is scanned and blasted, there will be many logs of failed logins
Log in to the system and enter lastb to see if anyone tries to log in to the system
As shown below
Check the /var/log/wtmp file to check the suspicious IP login
Log in to the system and enter
last -f /var/log/wtmp
View suspicious logins
As shown below
With three simple commands, you can see whether the server has been invaded and logged in.
1: last (view the system login log);
2: lastb (view the system login failure log);
3: last -f /var/log/wtmp (See suspicious logins).
Recommended tutorial: "centos tutorial"
The above is the detailed content of How to check if centos is invaded. For more information, please follow other related articles on the PHP Chinese website!