# 1. Check for suspicious processes
ps aux | grep -v ']$' | less
# 2. Check listening ports
sudo netstat -tunlp
# 3. Check for unauthorized SSH keys
cat ~/.ssh/authorized_keys
# 4. Check system logs
sudo journalctl -xe | grep -i "failed\|error\|backdoor"
# 5. Check for rootkits
sudo apt install rkhunter chkrootkit
sudo rkhunter --check
sudo chkrootkit
3 SIMPLE WAYS TO PREVENT
CHECK ON CRONTAB