How to check if centos is invaded

How to check whether centos is invaded: 1. Use the last command to view the system login log; 2. Use the lastb command to view the system login failure log; 3. Use the "last -f /var/log/wtmp" command to view You can log in.

The operating environment of this article: centos 6.4 system, Dell G3 computer.

How to check whether centos has been invaded

The last command is used to display recent user or terminal login status. By viewing the log of the program through the last command, the administrator can learn who has or attempted to connect to the login server.

Log in to the system and enter last. Let’s check if anyone has logged in to the system.

As shown below

The function of the lastb command is to display recent login failures. Log records, if the server is scanned and blasted, there will be many logs of failed logins

Log in to the system and enter lastb to see if anyone tries to log in to the system

As shown below

Check the /var/log/wtmp file to check the suspicious IP login

Log in to the system and enter

last -f /var/log/wtmp

View suspicious logins

As shown below

With three simple commands, you can see whether the server has been invaded and logged in.

1: last (view the system login log);

2: lastb (view the system login failure log);

3: last -f /var/log/wtmp (See suspicious logins).

Recommended tutorial: "centos tutorial"

The above is the detailed content of How to check if centos is invaded. For more information, please follow other related articles on the PHP Chinese website!