** This is the 16th day of my participation in the August Changwen Challenge. For details, see: August Changwen Challenge **

Hi, I’m Lex the Lex who likes to bully Superman

Areas of expertise: Python development, network security penetration, Windows domain control Exchange architecture

Point of the day: How do you know if someone is secretly looking into your computer’s privacy?

How do you know if your computer files have been secretly checked? [Windows COMPUTER +Linux server]

Here’s what happened

Sometimes, I go down for lunch at noon

I came back to find my computer screen still lit

Looking at the dancing wechat icon, thinking of the computer teachers’ works

Do you feel a tightness in your heart

Worried that someone might be looking through the privacy of their computer

But there’s no clue. There’s no way to find out

Today, I would like to share with you a method

Check to see if someone has checked your computer while you’re away?

One, Windows computer

Windows command

First, files on a Windows computer are opened or viewed or modified

The system keeps records, in a folder called recent.

We can open the file directory with this command

1. Windows+R opens the operating interface

2. Enter the recent command

3, press enter to run, will list the opened file record

This is a list of all the files that have been recently viewed, and when they were modified and viewed.

All we have to do is remember if we’re in front of a computer at this time, and we can solve the case.

The results of

If the file is viewed at the time, we are not in front of the computer

Well, congratulations, your files or privacy will be secretly accessed by someone else.

Linux server

If you’re an advanced Linux player

How do you know if someone has hacked into your Linux server?

Here are two simple ways to do this:

1. History command

[root@mail ~]# history # Lists all history execution commands.Copy the code

History lists 1000 records that have been executed historically.

We can tell by the commands that are executed

If some stranger has executed some command on the server.

2. View system login logs

[root@mail ~]# cat /var/log/secure
Copy the code

Using this command, you can obtain the login records of all accounts on the Linux server, including the login failure records

And the address to try to log in to

Aug 15 15:25:10 mail sshd[59652]: Did not receive identification string from 192.168.1.26 Aug 15 15:25:10 mail SSHD [59653]: Accepted password for km-monitor from 192.168.1.26 port 63339 ssh2 Aug 15 15:25:10 mail SSHD [59653]: pam_unix(sshd:session): session opened for user km-monitor by (uid=0) Aug 15 15:25:28 mail sshd[59655]: Received disconnect from 192.168.1.26:11: Terminating connection Aug 15 15:25:28 mail SSHD [59653]: pam_unix(sshd:session): session closed for user test Aug 15 15:29:49 mail sshd[59998]: Did not receive identification string from 192.168.1.26 Aug 15 15:29:49 mail SSHD [59999]: Accepted Password for km-monitor from 192.168.1.26 port 65507 ssh2 Aug 15 15:29:49 mail SSHD [59999]: pam_unix(sshd:session): session opened for user km-monitor by (uid=0) Aug 15 15:29:58 mail sshd[60029]: Accepted password for root from 192.168.1.26 port 58573 ssh2 Aug 15 15:29:58 mail SSHD [60029]: pam_unix(SSHD :session): Session Opened for user root by (uid=0) Aug 15 15:30:04 mail SSHD [60001]: Received disconnect from 10.85.5.26:11: Terminating connection Aug 15 15:30:04 mail sshd[59999]: pam_unix(sshd:session): session closed for user testCopy the code

That’s all for today’s technology sharing

I’m Lex, and I’ll see you next time…