how can I check if my computer is compromised (Linux and Windows Server...)

[VinylxScratches]

I'm an idiot and set my Windows 2008 R2 box to an IP I had on the DMZ (used to be my xbox).

Today I logged into my OpenSuse box and I saw VNC was on (it was locked). I killed the remote connection and noticed it was a IPv6 connection. I see it pop up again.

I started changing my passwords on a computer that wasn't on. but how can I check to make sure I'm not compromised?? this sucks, I won't be able to sleep for a while now...

Luckily my firewall was on for the Windows server.. but I'm not sure if that helps at all with vulnerabilities.


My linux box has a password requirment when the screensaver is activated after 5 minutes so today when I moved the mouse, I did see the password prompt... so I'm not sure if the user actually got in...?


I don't see anything in the .bash_history for root or my account...

 

[VinylxScratches]

Here is my PS -EL output..

F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 1 0 0 80 0 - 3115 ? ? 00:00:02 init
1 S 0 2 0 0 80 0 - 0 kthrea ? 00:00:00 kthreadd
1 S 0 3 2 0 80 0 - 0 run_ks ? 00:00:00 ksoftirqd/0
1 S 0 4 2 0 80 0 - 0 worker ? 00:00:00 kworker/0:0
1 S 0 6 2 0 -40 - - 0 cpu_st ? 00:00:00 migration/0
5 S 0 7 2 0 -40 - - 0 watchd ? 00:00:00 watchdog/0
1 S 0 8 2 0 -40 - - 0 cpu_st ? 00:00:00 migration/1
1 S 0 10 2 0 80 0 - 0 run_ks ? 00:00:00 ksoftirqd/1
1 R 0 11 2 0 80 0 - 0 ? ? 00:00:03 kworker/0:1
5 S 0 12 2 0 -40 - - 0 watchd ? 00:00:00 watchdog/1
1 S 0 13 2 0 60 -20 - 0 rescue ? 00:00:00 cpuset
1 S 0 14 2 0 60 -20 - 0 rescue ? 00:00:00 khelper
1 S 0 15 2 0 60 -20 - 0 rescue ? 00:00:00 netns
1 S 0 16 2 0 80 0 - 0 bdi_sy ? 00:00:00 sync_supers
1 S 0 17 2 0 80 0 - 0 ? ? 00:00:00 bdi-default
1 S 0 18 2 0 60 -20 - 0 rescue ? 00:00:00 kintegrityd
1 S 0 19 2 0 60 -20 - 0 rescue ? 00:00:00 kblockd
1 S 0 20 2 0 60 -20 - 0 rescue ? 00:00:00 kacpid
1 S 0 21 2 0 60 -20 - 0 rescue ? 00:00:00 kacpi_notify
1 S 0 22 2 0 60 -20 - 0 rescue ? 00:00:00 kacpi_hotplug
1 S 0 23 2 0 60 -20 - 0 rescue ? 00:00:00 ata_sff
5 S 0 24 2 0 80 0 - 0 hub_th ? 00:00:00 khubd
1 S 0 25 2 0 80 0 - 0 serio_ ? 00:00:00 kseriod
1 S 0 26 2 0 60 -20 - 0 rescue ? 00:00:00 md
1 S 0 27 2 0 80 0 - 0 worker ? 00:00:01 kworker/1:1
1 S 0 28 2 0 60 -20 - 0 rescue ? 00:00:00 kondemand
1 S 0 29 2 0 80 0 - 0 ? ? 00:00:00 khungtaskd
1 S 0 30 2 0 80 0 - 0 kswapd ? 00:00:00 kswapd0
1 S 0 31 2 0 85 5 - 0 ksm_sc ? 00:00:00 ksmd
1 S 0 32 2 0 80 0 - 0 fsnoti ? 00:00:00 fsnotify_mark
1 S 0 33 2 0 60 -20 - 0 rescue ? 00:00:00 aio
1 S 0 34 2 0 60 -20 - 0 rescue ? 00:00:00 crypto
1 S 0 38 2 0 60 -20 - 0 rescue ? 00:00:00 kthrotld
1 S 0 39 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_0
1 S 0 40 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_1
5 S 0 41 2 0 80 0 - 0 worker ? 00:00:00 kworker/u:1
1 S 0 43 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_2
1 S 0 44 2 0 80 0 - 0 scsi_e ? 00:00:00 scsi_eh_3
5 S 0 46 2 0 80 0 - 0 worker ? 00:00:00 kworker/u:4
1 S 0 47 2 0 60 -20 - 0 rescue ? 00:00:00 kpsmoused
1 S 0 48 2 0 60 -20 - 0 rescue ? 00:00:00 usbhid_resumer
1 S 0 49 2 0 60 -20 - 0 rescue ? 00:00:00 ceph-msgr
1 S 0 209 2 0 80 0 - 0 worker ? 00:00:00 kworker/1:2
1 S 0 271 2 0 80 0 - 0 ? ? 00:00:00 md0_raid1
1 S 0 293 2 0 80 0 - 0 kjourn ? 00:00:00 jbd2/md0-8
1 S 0 294 2 0 60 -20 - 0 rescue ? 00:00:00 ext4-dio-unwrit
1 S 0 300 2 0 80 0 - 0 ? ? 00:00:00 flush-9:0
5 S 0 382 1 0 76 -4 - 5372 ? ? 00:00:00 udevd
5 S 0 444 382 0 78 -2 - 5343 ? ? 00:00:00 udevd
1 S 0 593 2 0 60 -20 - 0 rescue ? 00:00:00 hd-audio0
1 S 0 660 2 0 80 0 - 0 kaudit ? 00:00:00 kauditd
1 S 0 685 2 0 60 -20 - 0 rescue ? 00:00:00 kstriped
1 S 0 708 2 0 80 0 - 0 ? ? 00:00:01 md1_raid1
1 S 0 742 2 0 80 0 - 0 kjourn ? 00:00:00 jbd2/md1-8
1 S 0 743 2 0 60 -20 - 0 rescue ? 00:00:00 ext4-dio-unwrit
1 S 0 992 2 0 80 0 - 0 ? ? 00:00:00 flush-9:1
1 S 0 1036 1 0 80 0 - 498 wait ? 00:00:00 twonkymedia
4 S 0 1037 1036 6 80 0 - 7083 pause ? 00:01:04 twonkymediaserv
1 S 0 1096 1 0 80 0 - 19871 ? ? 00:00:00 httpd2-prefork
5 S 30 1099 1096 0 80 0 - 19905 ? ? 00:00:00 httpd2-prefork
5 S 30 1100 1096 0 80 0 - 19905 ? ? 00:00:00 httpd2-prefork
5 S 30 1101 1096 0 80 0 - 19905 ? ? 00:00:00 httpd2-prefork
5 S 30 1102 1096 0 80 0 - 19905 ? ? 00:00:00 httpd2-prefork
5 S 30 1103 1096 0 80 0 - 19905 ? ? 00:00:00 httpd2-prefork
5 S 0 1187 1 0 80 0 - 995 ? ? 00:00:00 acpid
5 S 101 1195 1 0 80 0 - 7168 ? ? 00:00:00 dbus-daemon
5 S 0 1203 382 0 78 -2 - 5371 ? ? 00:00:00 udevd
1 S 0 1208 2 0 60 -20 - 0 rescue ? 00:00:00 kconservative
5 S 0 1318 1 0 80 0 - 3901 ? ? 00:00:00 irqbalance
4 S 0 1346 1 0 80 0 - 11765 ? ? 00:00:00 gdm
4 S 0 1421 1346 0 80 0 - 18384 ? ? 00:00:00 gdm-simple-slav
4 S 0 1439 1421 2 80 0 - 33671 ? tty7 00:00:31 Xorg
0 S 0 1454 1 0 80 0 - 992 ? ? 00:00:00 startpar
4 S 0 1645 1 0 80 0 - 31218 ? ? 00:00:00 console-kit-dae
4 S 0 1734 1 0 80 0 - 39237 ? ? 00:00:00 polkitd
4 S 0 1855 1 0 80 0 - 2464 ? ? 00:00:00 dhclient6
0 S 107 1892 1 0 80 0 - 38907 ? ? 00:00:00 polkit-gnome-au
4 S 103 1923 1 0 81 1 - 9360 ? ? 00:00:00 rtkit-daemon
4 S 0 1928 1 0 80 0 - 19264 ? ? 00:00:00 upowerd
5 S 0 2634 1 0 80 0 - 13540 ? ? 00:00:00 nmbd
1 S 0 2681 1 0 80 0 - 2065 ? ? 00:00:00 dhcpcd
5 S 104 3553 1 0 80 0 - 7475 ? ? 00:00:00 avahi-daemon
5 S 0 3565 1 0 80 0 - 12908 ? ? 00:00:00 sshd
5 S 0 3636 1 0 80 0 - 30476 do_fau ? 00:00:00 rsyslogd
5 S 0 3684 1 0 76 -4 - 6844 ktime_ ? 00:00:00 auditd
1 S 0 3818 1 0 80 0 - 992 ? ? 00:00:00 nscd
5 S 0 3843 1 0 80 0 - 4179 ? ? 00:00:00 rpcbind
4 S 0 3872 1 0 80 0 - 14214 ? ? 00:00:00 cupsd
5 S 0 3913 1 0 80 0 - 18684 ? ? 00:00:00 smbd
1 S 0 3925 3913 0 80 0 - 18684 ? ? 00:00:00 smbd
4 S 0 4047 1 0 80 0 - 5142 ? ? 00:00:00 master
1 S 0 4079 1 0 80 0 - 3346 ? ? 00:00:00 cron
4 S 51 4081 4047 0 80 0 - 5133 ? ? 00:00:00 pickup
4 S 51 4082 4047 0 80 0 - 5226 ? ? 00:00:00 qmgr
1 S 0 4104 1 0 80 0 - 4651 ? ? 00:00:00 smartd
4 S 0 4121 1 0 80 0 - 1060 ? tty1 00:00:00 mingetty
4 S 0 4122 1 0 80 0 - 1060 ? tty2 00:00:00 mingetty
4 S 0 4123 1 0 80 0 - 1060 ? tty3 00:00:00 mingetty
4 S 0 4124 1 0 80 0 - 1060 ? tty4 00:00:00 mingetty
4 S 0 4125 1 0 80 0 - 1060 ? tty5 00:00:00 mingetty
4 S 0 4126 1 0 80 0 - 1060 ? tty6 00:00:00 mingetty
0 Z 0 4183 1037 0 80 0 - 0 exit ? 00:00:00 mediafusion-int <defunct>
4 S 0 6048 1421 0 80 0 - 21496 ? ? 00:00:00 gdm-session-wor
1 S 1000 6054 1 0 80 0 - 42894 - ? 00:00:00 gnome-keyring-d
4 S 1000 6077 6048 0 80 0 - 54618 - ? 00:00:00 gnome-session
1 S 1000 6148 1 0 80 0 - 3941 - ? 00:00:00 dbus-launch
1 S 1000 6149 1 1 80 0 - 5245 - ? 00:00:09 dbus-daemon
0 S 1000 6154 1 0 80 0 - 11950 246839 ? 00:00:00 gconfd-2
1 S 1000 6158 1 0 80 0 - 104840 510327 ? 00:00:00 gnome-settings-
0 S 1000 6168 1 0 80 0 - 10047 - ? 00:00:00 gvfsd
1 S 1000 6175 1 0 80 0 - 23171 futex_ ? 00:00:00 gvfs-fuse-daemo
1 S 1000 6183 1 0 80 0 - 52917 - ? 00:00:00 pulseaudio
0 S 1000 6184 6077 0 80 0 - 54487 - ? 00:00:01 metacity
0 S 1000 6190 6077 0 80 0 - 99255 516192 ? 00:00:00 gnome-panel
0 S 1000 6197 6183 0 80 0 - 26274 - ? 00:00:00 gconf-helper
0 S 1000 6200 1 0 80 0 - 19073 - ? 00:00:00 gvfs-gdu-volume
4 S 0 6202 1 0 80 0 - 31840 ? ? 00:00:00 udisks-daemon
1 S 0 6205 6202 0 80 0 - 11252 ? ? 00:00:00 udisks-daemon
0 S 1000 6211 1 0 80 0 - 17425 - ? 00:00:00 gvfs-afc-volume
0 S 1000 6214 1 0 80 0 - 13942 - ? 00:00:00 gvfs-gphoto2-vo
0 S 1000 6215 6077 0 80 0 - 128747 516259 ? 00:00:01 nautilus
0 S 1000 6217 1 0 80 0 - 36817 - ? 00:00:00 bonobo-activati
0 S 1000 6223 1 0 80 0 - 84390 513870 ? 00:00:00 main-menu
0 S 1000 6231 1 0 80 0 - 16742 - ? 00:00:00 gvfsd-trash
0 S 1000 6237 6077 0 80 0 - 48552 - ? 00:00:00 polkit-gnome-au
0 S 1000 6238 6077 0 80 0 - 43399 - ? 00:00:00 gdu-notificatio
0 S 1000 6239 6077 0 80 0 - 54663 646079 ? 00:00:00 gpk-update-icon
0 S 1000 6241 6077 0 80 0 - 74493 429496 ? 00:00:00 evolution-alarm
0 S 1000 6242 6077 0 80 0 - 73544 858993 ? 00:00:00 nm-applet
0 S 1000 6243 6077 27 80 0 - 69656 429496 ? 00:04:19 tracker-store
0 S 1000 6247 6077 0 80 0 - 36304 429504 ? 00:00:00 gnome-power-man
0 S 1000 6248 6077 0 80 0 - 43115 - ? 00:00:00 vino-server
0 S 1000 6251 6077 0 80 0 - 3208 wait ? 00:00:00 gnome-do
0 S 1000 6255 6077 0 80 0 - 62358 - ? 00:00:00 bluetooth-apple
0 S 1000 6268 6251 0 80 0 - 84846 - ? 00:00:00 gnome-do
0 S 1000 6271 6077 1 80 0 - 87495 - ? 00:00:11 bitcoin
0 S 1000 6278 6077 0 80 0 - 59350 - ? 00:00:08 applet.py
0 S 1000 6280 6077 0 80 0 - 69965 - ? 00:00:00 gnome-volume-co
0 S 1000 6281 6077 34 99 19 - 90731 429496 ? 00:05:17 tracker-miner-f
0 S 1000 6285 1 0 80 0 - 10014 - ? 00:00:00 gvfsd-burn
0 S 1000 6300 1 0 80 0 - 71079 - ? 00:00:00 e-calendar-fact
1 S 1000 6302 1 0 80 0 - 37189 216916 ? 00:00:00 gnome-screensav
0 S 1000 6317 1 0 80 0 - 10600 - ? 00:00:00 gvfsd-metadata
0 S 1000 6319 1 0 80 0 - 12272 - ? 00:00:00 mission-control
5 S 30 7606 1096 0 80 0 - 19905 ? ? 00:00:00 httpd2-prefork
5 S 30 7658 1096 0 80 0 - 19905 ? ? 00:00:00 httpd2-prefork
0 S 1000 8022 1 6 99 19 - 108276 futex_ ? 00:00:17 tracker-extract
0 S 1000 8040 1 2 80 0 - 148458 429496 ? 00:00:06 chrome
1 S 1000 8045 8040 0 80 0 - 57404 - ? 00:00:00 chrome
4 S 1000 8047 1 0 80 0 - 64078 ? ? 00:00:00 chrome
1 S 1000 8097 8047 0 80 0 - 218103 futex_ ? 00:00:00 chrome
1 S 1000 8101 8047 0 80 0 - 215207 futex_ ? 00:00:00 chrome
0 S 1000 8119 1 0 80 0 - 52853 522693 ? 00:00:00 gnome-terminal
0 S 1000 8154 8119 0 80 0 - 1502 ? ? 00:00:00 gnome-pty-helpe
0 S 1000 8155 8119 0 80 0 - 3508 wait pts/1 00:00:00 bash
1 S 1000 8257 8047 2 80 0 - 223424 futex_ ? 00:00:03 chrome
0 S 1000 8290 8040 0 80 0 - 66783 645955 ? 00:00:00 chrome
0 S 1000 8311 8290 3 80 0 - 17246 429706 ? 00:00:05 npviewer.bin
5 S 30 8342 1096 0 80 0 - 19871 ? ? 00:00:00 httpd2-prefork
0 R 1000 8445 8155 0 80 0 - 1171 - pts/1 00:00:00 ps