Best way to check if OS has been hacked

How to check that my OS has been hacked? ... I had some random updates recently - last couple of days. Don't have a lot of third party software loaded - nothing recent anyway. Found my Zorin OS 17.1, randomly putting me to the lock screen when I go to do something trivial - like taking a screenshot.

Anyway - whats the best way to check that OS isn't messed up / hacked etc. ?

I'm not a linux security guy and i don't use root / admin account just a standard account etc. ... Anyway to say verify these updates are all good? or just have faith in the internet gods lol

Thanks in advance?

One item (or two) you should install after installing Zorin are rootkit hunteres:
rkhunter and chkrootkit - install Synaptic Package Manager, then use the search function for these two items. Please be aware that you may get some false positives after an update to the system has been made as rkhunter and chkrootkit looks at what exists at point of install. Install Stacer, launch it and then click on the box above the last icon in the left column - this lists all your repos - check all of them are what you have installed, in particular any third party PPA's - you can turn them off or remove them. Also for third party issuess, do a web search for "any security issues using application [xyz] on ubuntu 22.04?"

1 Like

Well, this isn't a problem, updates might not be always released under a solid schedule. You can change the frequency of check and download on Software & Updates > Updates.

Check if a key is set to do 2 different actions on Settings > Keyboard > View and Customize Shortcuts.


Do you work for the government or other in an industry with sensitive information? Hackers aren't interested in cat pictures, homebrewed poetry and soup recipes.


You could install Clam and scan Your System. It isn't maybe the best Antivirus Program but as an Addition to the One's from @swarfendor437 it is okay.

To install it open the Terminal and type sudo apt install clamav clamtk

The clamav Package is Clam for the Terminal and clamtk delivers a graphical Interface for clamav. So, You don't need to use the Terminal.

Ya unfortunately - I've dealt with that for many, many years. I'm not a hacker either, I find hackers really, really annoying. I write low level code (sometimes more math than code), cryptography happens to be a subset of these things - attracts a lot of losers. A mountain of them to be exact.

I can spend my time trying to isolate issues or hope that someone else comes up with an excellent solution or alternative so I can continue on my merry way :slight_smile: ... I'm not a fan of the cloud, prefer offline stuff.

One reason I think Zorin has a good chance in the market, is with the paid model to pay to tighten up some security measures. I like my 'desktop experience' to date with Zorin. Unfortunately they are bound to ubuntu and I'm not fond of the update process through http and not https - I think they should move away to provide all updates directly through their own secure servers; Follow their own update cycles. The pro service in Ubuntu uses https for security updates for a reason - this would be a no brainer to start.

Preference of trust should begin with Zorin and end with Zorin - as they introduce new updates - the trust relationship should be between myself and the OS provider. Anyone who deals with say network administration knows that the tried and true best solution for a compromised system (virus, malware, hacker, or otherwise - broken config) is to blow it away and reload from scratch. I suspect this is why people do a lot of 'distro' hopping and not even realize it lol, just a guess.

I'm not a 'linux guy' either - yes I know how to use a terminal and zoom my way through running commands ... I find BSD to be much tighter in this department. I'm ok with open source, I'm ok with closed source - at the end of the day I just want smooth sailing to get what I need done, done :slight_smile: ... I was using my mouse the when my screen locked, not my keyboard. This happened after updates, reboot and continue on etc., which is why I mention hack because my actions just didn't match what happened.

I like the suggestions so far - Thanks everyone!

1 Like

Clam AV is best used for scanning email/attachments for viruses. One thing you should disable in ClamAV is the PUA engine. It never worked in the Windows version either.

1 Like


you dont say how long you've been on zorin ,meaning when did you install it ? (your profile is hidden , obviously.)
have you been on zorin for awhile and this behaviour only occurred recently, or are you ,like, fresh ?
what i'm getting at is , when you installed ,did you verify the checksum ?

here's a quick search result you might want to look through .

I purchased a pro license for version 16 way back -- it was pretty decent all around for a while. Thanks for the link that was very, very useful.

This was fresh install - all updates done during install ... Week without any updates --- I ignored the updates let them pile up.

SSL updates, linux header updates etc..

Then decided to go ahead with the updates ... anyway I'm not too worried.

May just reinstall again - use Zorin for surfing the web :slight_smile:

Both my same priorities, I approve :sunglasses::+1::handshake:.

While I agree with @Storm in that your cat pictures are of no use to hackers, a computer with an active internet connection is actually pretty valuable. An attacker can use your IP address to download illegal content, for example.
With enough victims, they can also distribute massive amounts of internet traffic that would otherwise look suspicious, for things like click-farms or fake-review stores. Using your computing power for things like mining crypto-currencies and stuff like that is also not out of the question.
Those things may not be harmful to you, not directly anyway, but are real use-cases that you might not want to be involved with.

This is why I think you are just experiencing some weird bug, with the OS or some other program; specially after an update. Either that, or the attacker is just pranking you, or maybe is just some hacker "wanna be" playing around (top candidates in this case are nearby neighbors).

Aside from the recommendations already given, all I can say is if you are really suspicious then the best thing to do is to re-install from scratch. Annoying and time consuming, yes, but no more than chasing ghosts that may or may not be there. Who knows, you might just get lucky and get rid of an actual hacking attempt... or ongoing.
Make sure you also have file backups even if you don't want to re-install, in case the attacker decides to take it to the next level and delete, corrupt or encrypt your files.

1 Like

If the system failed after updates, it would be easy to assume that the updates caused some inconsistency in the system without any malicious intent. That is much more likely than a hacker taking over your PC.


@Codemonger A simple thing to try. Have you booted an older kernel listed in grub "Additional Options for Zorin", to see if problem was due to kernel update.


If security is a priority, staying on top of updates should be as well.

1 Like

Hackers interesting pictures, encrypted homebrewed poetry and toxic soup.
But they are not sitting one place over some time they travelling more and changing place to another place and using low level programming.
The example if they can connect to some "closed area" - then they can do that something like "stuxnet".

It was an extremely short time frame - 1 week as well - as well the OS was stable ... Where are the list of published rolled out updates (security and or otherwise) from Ubuntu - listed and grouped by date? Wouldn't mind verifying the updates I'm getting. Anyone know where I can verify Ubuntu has published these updates, like a list, not each individual one.

Example - say Friday a list of updates roll out - the list looks very similar to the one I see, except I see it on Ubuntu's website as a list.

These are my current updates I have since the last time I posted:

That's always a possibility ...

I tried this - using one kernel version prior, seems to be ok imo.

Here is the listed group of Changelogs for Ubuntu, by date. You will need to drop through Main, Multiverse, restricted and Universe repositories:

For security specific information on tracked vulnerabilties, you can look here:

You also can follow the Ubuntu Launchpad:

Finally, any user can use the terminal to review their upgrade history in the logs, which is useful if an upgraded package causes an issue that needs to be rolled back:
grep "upgrade " /var/log/dpkg.log

In addition to reviewing logs and sites; a user should review any and all System Upgrader notifications. Click on the Details Of Updates > Technical Desxription for the listed packages that the updater wants to address.
I do this every time.