Here are some commands you can use to keep an eye on security.
To check if anyone has attempted to log in, use this to check for failed attempts:
cat /var/log/auth.log | grep Failed
To check if your firewall is correctly configured, or to check which ports and addresses are currently connected, use:
netstat -vautn
If you see any ports listed that you don't know or find suspicious, these might be some explanations:
123- This is the ntp deamon, it checks online to keep your system clock on time.3838- When running Bittorrent Sync, this is the default port used for LAN search.8080and8081- There are usually used by web servers. If you're not running a server but are running motion, this might be used for its web-access.
iftop, it's like ifconfig and top had a baby:
sudo apt-get install iftop
iftop