Wondering about scanners for securing Linux Servers? We can help you.
We are wrong to think that our servers are immune to viruses
For instance, recently we couldn’t detect a Trojan because no one took the effort to check for viruses for a whole of 7 months. The relative security of Linux leads to prejudice while a simple virus scan before installing would reveal the Trojan.
As part of our Server Management Services, we assist our clients with several Linux queries.
Most of the time we believe, “Linux is Immune”. Maybe yes, 99% of the time it will not need any protection against attacks. But if a virus scanner or checker saves us time, we think that is a good enough reason to install one.
Scanners For Securing Linux Servers
Moving ahead, let us discuss available scanners for securing Linux Servers to save our day. Each scanner we mention below serves different purposes.
ClamAV is probably the most famous Linux anti-virus. Originally a mail scanner, it has plenty of configuration options and tools to integrate it into our local mail server.
Using ClamAV requires basic command-line knowledge. However, there is a basic GUI to run scans.
While we install the “clamtk” package we will get the GUI with everything we need.
Once ClamAV installation is complete, run “sudo freshclam“ which will update ClamAV’s virus definitions for us.
Then we simply need to run clamtk. We can run the command or find the program called “Virus Scanner” in the “Accessories” section of the menu.
Use the GUI to scan folders or the entire system. Or, if we prefer, use “clamscan” from the command line.
Either way, we will get some quality, free anti-virus protection.
We can scan a directory with the command:
clamscan -r -i DIRECTORY
We can run ClamAV from the command line or with the ClamTK GUI. Both are easy and dependable.
Installing ClamAV is simple.
For Debian-based systems:
sudo apt install clamav
In RHEL/CentOS systems:
sudo yum install epel-release sudo yum install clamav
For Fedora-based systems:
sudo dnf install clamav
Similarly, in SUSE-based systems:
sudo zypper in clamav
If we run a Debian-based desktop, we can install ClamTK with the command:
sudo apt install clamtk
The one caveat to ClamAV is that it does not include real-time scanning. In fact, if we are not using the ClamTK GUI, then to create a scheduled scan, we must use crontab.
On the other hand, AVG for Linux has no GUI.
It is easy to download AVG for Linux. We can find packages for every major distribution, including .deb and .rpm files.
In addition, using the program is simple. We need to start the AVG daemon and run:
sudo avgctl –start
Eventually, we can use “sudo avgupdate” to update the software and “avgscan” to scan a given file.
Avast has a pretty great Linux GUI. Here, it is easy to update definitions and scan the folders of our choice.
Installing Avast is a pretty easy task. We just need to download the package of choice, then register for a free year of usage.
Make note that it is not possible to use the program if we do not register.
Registering will give us one year of free non-commercial usage, so we do not need to do it frequently. We will also have access to a sleek GUI and other offers.
BitDefender is best to find viruses that other scanners miss. Suspicious/infected files can process in a number of ways, and it will remind and warn us about existing threats on our machine if we choose to take no action initially.
To get it we have to register and get a trial key. We can eventually turn it into a proper key file. The real key file will last for about six months, at which point we can simply sign up and get another one.
Rootkit malware is to surreptitiously take over root control of an operating system. Since rootkits operate as root, the malware has complete access to the entire computer system and can design to compromise a variety of components within the system. They are the most dangerous and damaging threats to Linux systems.
However, to check signs of the rootkit we can use Chkrootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.
A decent firewall can stop them, but virus scanners are no protection against rootkits. Our Support Techs strongly recommend to run a rootkit checker regularly.
To install chkrootkit in Debian based systems, run:
sudo apt install chkrootkit
Once done, the usage is very simple. Issue the command:
This command will dive into the system and check for any known rootkits and report back their findings.
RKHunter stands for Rootkit Hunter or RootKit. A rootKit is a feature-rich scanning tool that scans for rootkits, backdoors, and local exploits.
Rootkits cannot be removed easily. However, RKHunter will notify us of any rootkits that may exist in our system so that we can take the necessary steps to reload on any of our hosting servers.
The reason why experts recommend RKHunter is because it ensures that the rootkits are not affecting our server.
We can install it on CentOS like systems with the commands:
sudo yum install epel-release sudo yum install rkhunter
Once done, the usage is very simple. Issue the command:
sudo rkhunter -c
This command will dive into the system and check for any known rootkits and report back their findings. During the rkhunter scan, we have to press Enter, as it runs through the different stages of the check.
Linux Malware Detect (LMD) is designed around the threats faced in shared hosted environments. It uses threat data to extract malware that is actively being used in attacks and generates signatures for detection.
In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources.
In short, it is is a must to use an anti-virus along with Linux and there is no harm in installing free software that can give security to our account.
To conclude, it will be foolish to think that our servers are immune to viruses. Today. our Support Techs introduce to us few good scanners for securing Linux Servers.