Introduction
Installation and setup
Reliability
Hackers
Backups
Encryption
Viruses and trojans
Intrusion prevention
Intrusion detection
Resources
top and ps
Secure SHell (ssh)
rsync
lsof
tcpdump
netstat

Intrusion detection

  1. Run ps or top regularly and become familiar with what processes normally run on your computer.

  2. Check your /var/adm/messages or /var/log/messages files regularly for suspicious activity (eg. unexpected logins from other cities or countries.)

  3. Install and run tripwire regularly. You can find tripwire many places like ftp.adelaide.edu.au in the /pub/security/cert/tools/tripwire directory. Unfortunately tripwire is a pain to setup and maintain.

  4. Watch for unexpected activity on your modem LEDs (assuming that you have an external modem.)

  5. Run last to see who has been logging in to your computer. Hackers are likely to try to erase traces of their presence so make sure that nothing seems to be missing either.

  6. Check your /etc/passwd file for unexpected new accounts.

  7. If your machine seems slow or sluggish investigate.
If it's a pain in the neck to remember to do these checks manually use cron to automate as much as possible.