- check the security of our system
- whether there was any unauthoried accesss happended recenly
-
last login of user i.e log of recent user logins
-
log of commands ran as sudo
-
any open ports :nmap
-
recently installed sofwares (by dpkg -i or sudo apt install)
-
recently connected wifi details
-
last run 10 commands
-
any changes to /etc/hosts file
-
any changes to env variables(/etc/profile file)
-
any thing in crontab
-
any vpn connections
-
see who have write access to /etc/shadow
-
any usb connections
-
any wget or curl
-
any ssh connections
-
earphones conections