[Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

Help me catch a computer thief!!

I provide some remote backup services for a few clients.  Nightly, their computers rsync data to my server.

Ok, one of my clients got broken into a few days ago and their computers were stolen.  No problem, we have backups.  Here's the interesting thing... they are TOO current!!  The thieves were stupid enough to plug the thing in and connect it to the Internet without clearing anything, so the backups are continuing.

I'm not savvy enough with general Linux to know for certain... but could I find somewhere on my server a log showing the IP that they are connecting from?  With that... and a cop that gives a crap... maybe its possible to locate them?

We'll leave the legal aspect to the appropriate folks, but can someone tell me what commands and/or locations to look at to see the IP address?  

The server is a RedHat 9 machine stripped down to just the basics.  No x-windows or anything like that.  The incoming connections are done through rsync via OpenSSH.

1 Solution
The IP address of the ssh connection should be in /var/log/secure.
s_mackAuthor Commented:
Thanks!  Found it.  Sure enough, one IP for several months and then a different IP from last night.  I'll be in the hands of the police tomorrow... hopefully they can do something with it.  When I tracert the IP it appears to be still in the local area and on the same ISP as I'm on!

Thanks again.
Hedley PhillipsCommented:
Good luck mate.

As you say, lets hope you find police who a) care and b) understand.


Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now