Member-only story
7 Things I Check Immediately After Logging Into a Linux Server I Didn’t Set Up
--
1
Share
Intro:
Ever been handed the keys to a Linux server that someone else set up — with zero documentation and unknown history? That situation is more common (and more dangerous) than you’d think. Whether you just inherited a server from another admin or are auditing a client system, these are the first 7 things I check to quickly assess its security posture and stability.
1. Who Has Access (And How)?
cat /etc/passwd | grep '/bin/bash'
🔍 Look for unexpected users with login shells. Then check for SSH keys:
ls -la /home/*/.ssh/authorized_keys
Red Flag: Unknown users, password login enabled, or keys that don’t belong.
2. What’s Running on This Server?
ps aux --sort=-%mem | head -n 10
Check for odd background processes. Look especially at:
- crypto miners
- suspicious binaries in /tmp or /dev/shm
- long-running Python scripts
3. Are Updates Being Applied?
# Ubuntusudo apt update && sudo apt list --upgradable
Top comments (0)