06-19-2022, 06:39 AM
(This post was last modified: 06-19-2022, 06:39 AM by Zebulon Walton.)
I set mine up so only key-based login is accepted, and (via the firewall) only from RFC1918 addresses. (I have IPV6 completely firewalled off since I currently have no need to use it.)
If someone breaks in and just pokes around that can be difficult to detect. You can check your logs for suspicious entries. The default setup in Mobian is for systemd logs rather than traditional text logs, so they need to be viewed with journalctl. (Also once someone gets in and they gain root access they can purge the log.)
https://betterstack.com/community/guides...ournalctl/
There is also software available to detect root kits if someone breaks in and installs malware.
https://vitux.com/how-to-scan-a-debian-s...-rkhunter/
https://www.tecmint.com/scan-linux-for-m...-rootkits/
If someone breaks in and just pokes around that can be difficult to detect. You can check your logs for suspicious entries. The default setup in Mobian is for systemd logs rather than traditional text logs, so they need to be viewed with journalctl. (Also once someone gets in and they gain root access they can purge the log.)
https://betterstack.com/community/guides...ournalctl/
There is also software available to detect root kits if someone breaks in and installs malware.
https://vitux.com/how-to-scan-a-debian-s...-rkhunter/
https://www.tecmint.com/scan-linux-for-m...-rootkits/