I added a new script to the repo “ala-scripts” called checkPTS. This script is to check if any logged in user tried to hide his status by removing his entry from utmp, so if you are online, and you type “w” to check for logged in users, you wouldn’t see him.
This method is used by a lot of hackers (I mean the ones that try to gain illegal access to your box) to hide there presence.
When this happens, the script issues a bunch of commands, adds some log files and send that to me by email (using mutt).
Please if anybody finds an issue in that file, please send me, either here or on github.
Hi Ala’a,
How often do you run this script? every minute (??)
TIA
Yes, currently I run it every minute.