What I Check Every Week to Keep My Linux Servers Safe and Stable | by Faruk Ahmed | Jul, 2025
#check#servers#what#every
Faruk

Faruk @cyberwebpen

About: InfoSec Analyst | 10+ yrs in DLP, CrowdStrike, QRadar, Qualys, Linux Admin, WebLogic Admin | Python & Bash Enthusiast | Passionate about cybersecurity, automation, and continuous learning.

Joined:
Apr 27, 2025

What I Check Every Week to Keep My Linux Servers Safe and Stable | by Faruk Ahmed | Jul, 2025

Publish Date: Jul 8
0 0

Member-only story

What I Check Every Week to Keep My Linux Servers Safe and Stable

--

Share

Intro: You don’t need a full SOC to keep your Linux servers secure — but you do need a routine. Over the years, I’ve developed a weekly checklist that helps me catch small problems before they become big ones. In this post, I’ll share exactly what I look at every week across both Ubuntu and Red Hat servers to stay ahead of attackers and avoid downtime.

1. Check for Unauthorized New Users

Look for accounts you didn’t create:

cut -d: -f1 /etc/passwd | tail
Enter fullscreen mode Exit fullscreen mode

If you find any unknown users, investigate immediately. Pair this with reviewing /var/log/auth.log (Ubuntu) or /var/log/secure (Red Hat).

2. Review Running Processes

Use ps or top to look for weird or resource-heavy processes:

ps aux --sort=-%cpu | head
Enter fullscreen mode Exit fullscreen mode

Unexpected miners or reverse shells often show up here.

3. Check for Suspicious Cron Jobs

Attackers love to hide persistence in cron:

sudo find /etc/cron* -type fcrontab -l
Enter fullscreen mode Exit fullscreen mode

Also check /var/spool/cron/ for user-specific crons.

👉 Read Full Blog on Medium Here

Comments 0 total

    Add comment