How to Detect Suspicious Activity on a Linux Server in Under 5 Minutes | by Faruk Ahmed | May, 2025
#activity#linux#server#detect
Faruk

Faruk @cyberwebpen

About: InfoSec Analyst | 10+ yrs in DLP, CrowdStrike, QRadar, Qualys, Linux Admin, WebLogic Admin | Python & Bash Enthusiast | Passionate about cybersecurity, automation, and continuous learning.

Joined:
Apr 27, 2025

How to Detect Suspicious Activity on a Linux Server in Under 5 Minutes | by Faruk Ahmed | May, 2025

Publish Date: May 30
0 0

Member-only story

How to Detect Suspicious Activity on a Linux Server in Under 5 Minutes

--

Share

✍️ Full Blog Content:

Intro:

If something feels “off” on your Linux server — strange lag, fans spinning harder, odd logs — don’t panic. But don’t ignore it either. You can uncover most unauthorized activity with a few quick commands. Here’s the exact checklist I use when I need to find out right now if something’s wrong.

1. Check Who’s Logged In Right Now 

whow
Enter fullscreen mode Exit fullscreen mode

✅ Look for:

  • Unknown usernames
  • Logins from unfamiliar IPs
  • Sessions running at odd hours

2. Review Last Login History 

last -a | head -n 10
Enter fullscreen mode Exit fullscreen mode

✅ Tip: Check for long-unused accounts or accounts logging in from unknown hosts.

3. Look for Recent Root Access or Sudo Escalations 

grep 'sudo:' /var/log/auth.log   # Ubuntu  grep 'sudo:' /var/log/secure     # Red Hat
Enter fullscreen mode Exit fullscreen mode

✅ Red flag: Commands run as root outside your normal usage window.

4. Check for Unusual Running Processe

👉 Read Full Blog on Medium Here

Comments 0 total

    Add comment