Linux Security is dependant on the administrator
One of the advantages of using Linux is that its security tends to be so much better than that of the competing alternatives. The fact remains, however, that no operating system is perfectly secure. A lazy administrator can destroy all the good work put into Linux as far as inherent security is concerned. This is true for all operating systems, but Linux in particular as well. Let’s have a look at a few tools designed to keep the nasties at bay.
In general, Linux does not really need an anti-virus program, at least in the modern definition of the term. My favourite antivirus / anti-malware software for Linux is Sourcefire’s ClamAV. This is a free, open source package designed to detect Trojans, viruses, malware and other malicious threats. Included in the software are a multithreaded scanning daemon, command line utilities for on-demand file scanning, and an intelligent tool for automatic signature updates.
IDS (Intrusion Detection Software) for Security
Among Linux-based tools for security, Snort is a very powerful free, open-source tool that helps in the detection of intruders and also highlights malicious attacks against the system. In effect, Snort is merely a packet filter. But the true value of this tool lies in its signature-based detection of attacks by analyzing packets that Wireshark or tcpdump are incapable of analyzing.
NIKTO is another open source Web server scanner that tests Web servers for potentially dangerous CGI files. It also performs version-specific analysis, such as identifying outdated frameworks. NIKTO can also be used to test IDS systems. One must note that every test or check report doesn’t necessarily point to a security problem, hence the person analyzing NIKTO reports needs to be careful in this regard.
Filesystem integrity and security
Chkrootkit is a free tool designed to check locally for signs of a rootkit infection on your Linux machine. The free software is a very popular choice, but Rootkit Hunter (rkhunter) is another, like-minded alternative. These programs run a check on your disk for any known malware and insecure setups. They can also optionally run on a schedule to warn you about any changes to directories or files that you want them to check. Another good program to watch your files for changes is Tripwire.
Last but not least, a good firewall can do a lot. If you do not want to learn iptables, the de-facto standard Linux firewall, you can manipulate it through various simplified frontends. These include firewalld (CentOs 7 and later), CSF and UFW (more common on Debian variants such as Ubuntu). These utilities allow you to set up your firewall in terms that come closer to plain English that iptables rules usually do. If you add some dynamic firewall updater such as fail2ban or lfd then your system is much more protected from different forms of attack. Add a few lines limiting access via ssh to your /etc/hosts.allow file (only if you access from a fixed IP) and your system is doubly secure.
It is an unfortunate fact that any device that starts up with a public IP on the internet is scanned for weaknesses with 30 to 60 SECONDS of it going live. Yes, that was not a typo, it is a scary fact. We at HostAfrica often see in excess of 10,000 failed log-in attempts PER DAY on some of our client machines before they get locked down. This is a sad fact of the modern internet. Stay informed on the latest security, sign up to some Tech and Security newsletters and keep your systems SAFE.