1. check and apply software updates
    1. cf man:cron-apt
    2. in particular server with unfiltered open ports
      1. cf man:lsof (with grep LISTEN) and man:nmap (with -sV target)
    3. follow the related mailing lists
  2. failed access auth.log
    1. cf man:iptables (with ) and man:fail2ban
  3. check against passwords stored in plain text
    1. using man:find / -..., grep /dev/mem even search engines
      1. in particular in specific locations (users storage, logs, backups, ...)
    2. periodically generate new passwords
      1. maintaining independence between accounts (locally and remotely too)
  4. save logs remotely and check for integrity

See also

Motivated by