This is the 19th day of my participation in the Genwen Challenge
Check the account
Check whether a new user exists
Check whether there is an account whose UID and GID are 0. If the UID is 0, the user has the root permission
View the user with root permission
View the modification date of the user file
The user who checks to see if the password is empty.
Check the log
Logs are very important for security. They record all kinds of things that happen to the system every day. You can use them to check the cause of errors or the traces left by attackers when they are attacked. Logs provide the following functions: Audit and monitoring. It can also monitor system status in real time, monitor and track intruders and so on.
Look at the last 10 entries in the log
Current Events Update log
View all open ports
View the login time of the latest user
View login failure records
View the last login of the user
Check the process
View all processes, especially those whose UID is 0
View the open file of the process (-p followed by PID)
View the daemon file
Check the startup process
Check the system
Check the file
When a website is invaded, it is usually certain that some files have been changed. You can check whether the files have been changed by comparing the creation time, integrity, and file path.
Find the root user’s file
View files larger than 10 MB
Check scheduled Tasks
View the scheduled tasks for root
View the configuration file of a scheduled task
Check the history command tasks
Look at the **. Bash_history file in the user’s home directory or use the history** command
