Assuredly, the operating systems based on Linux, are much more robust and safe compared to proprietary systems. However, it does not mean that you do not have to worry about viruses or malware on Linux. Regardless of the flavor and size of the Linux installation that is running, be it a single desktop or a farm, it is critical to pay attention to security.
Malware in Linux
Probably, some beginners users will be asked but, what is a malware?.
Malware is any program or file that is harmful to a computer. The malware includes computer viruses, worms, Trojan horses, and spyware.
These malicious programs can perform a variety of functions, including stealing, encrypting or deleting confidential data, altering or hijacking central computer functions and monitoring the users' computing activity without their permission.
Therefore, we must be prepared to protect ourselves from malware in Linux and know how to eliminate them when the problem arises. For them, I have made a summary of some tools (considered the best) for protection against malware in Linux and thus keep our OS in 100% secure zone.
ClamAV is a malware protection tool in Linux, quite favorite for use in servers. It is also available for Windows and Mac systems. ClamAV is extremely powerful and is actively developing, which makes it a strong competitor of commercial antivirus solutions.
Few experts qualify ClamAV as the best available solution, but it's not bad for a primary Linux server. Its most significant advantage is that it is open source.
Sophos Antivirus for Linux
Sophos is a commercial antivirus company that offers a free scan utility. This tool uses a scan engine with which it identifies, isolates and eliminates Trojans, viruses and a variety of malware types in Linux.
More importantly, the program also detects, blocks and removes malware from Windows, Mac, and Android, which makes it an excellent choice for file servers. It even works with web servers, NFS servers or old FTP file servers. If you have a Linux system that serves files, it is critical that you scan them to make sure it has not become a malware distribution point.
For Linux, it is precompiled and ready for a wide variety of Linux distributions, whether they are 32 or 64-bit configurations. The supported platforms include Amazon Linux, CentOS, Debian, Mint, Oracle, Red Hat, SuSE, Turbolinux, and Ubuntu.
The most potent paid version of the Sophos system adds anti-ransomware, a timely consideration if you are running a server that is even slightly critical or has customer, development or product data.
Ckrootkit / rkhunter
Rootkits are a set of programs, scripts, and utilities that access their root account and then maintain that access. A classic rootkit infection gets access through a Trojan horse version of the “sudo” command. They are waiting, watching, for an administrator to type the root password. Then it comes alive, takes the access it needs and wreaks havoc.
Ckrootkit and rkhunter are open source programs, specially designed to scan and verify the presence of rootkits, whether they have already been activated or are prepared and waiting for that fateful command or sequence of instructions.
The main difference between the two is the operating system in which they are executed. Linux users based on Debian have chkrootkit, which is easy to install using:
sudo apt install chkrootkit
While in CentOS:
sudo yum install rkhunter
Any decent security software for malware in Linux will look for a rootkit or a compromised Linux program. We can also do it manually. We compare the checksum of the programs that have been installed with their equivalent in a clean installation system. They should always be identical bit by bit.
But, keeping a system clean is much more than viruses and rootkits. Lynis offers a complete set of security audit tools. Among its main advantages are: being open source and its compatibility with almost all distributions in Linux and Unix, including FreeBSD, Linux, NetBSD, and Solaris. It even works with MacOS.
Another feature that I liked about Lynis is the possibility of linking to anti-malware software such as rkhunter or CalmAV. With this integration, we can also scan and monitor them to verify possible configuration errors, all at the same time. Lynis is exceptionally portable, it can be run directly, or we can install it from a pen drive, CD or DVD, which makes it quite portable.
ISPProtect is the perfect solution for those who are Internet service providers (ISP). The challenge they have is unique, as they must keep their system clean of malware. But they must also control files and in turn what they load or install each of their clients.
This tool relies on its signature-based scan engine to detect viruses in conjunction with a heuristic scanning engine that detects malware in Linux and many environments. It allows us to manage multiple scenarios. These scenarios can be:
- spam sent from the server
- an unknown software package
- an unusually high server load
- or even customers who complain about their servers.
This will make it easier to identify and quickly isolate problems.
Kaspersky Anti-Virus for Linux / Endpoint Security for Linux
Kaspersky has always been known as a power in the world of antivirus. The company divides its product according to the type of system it has: Kaspersky Anti-Virus for Linux Workstations is designed for an interactive system, while Kaspersky Anti-Virus for Linux file servers is designed for file servers. The company also has a product only for email servers.
With many of these solutions, the question is, always, how open the company will be to new attacks and exploits. Well, Kaspersky releases updates to the database every hour, as needed.
Avast Security Suite for Linux
Avast has been a reference in the community as one of the pillars regarding antivirus and antimalware. AVG presents an antivirus solution for Linux servers that are based on the same malware database present in your Windows applications.
Something to highlight is the ability to identify malware in Linux, particularly in dual-boot systems (for those who like Windows to play, for example).
Avast divides its software into three categories according to functionality: First this central security, then file server security and finally network security. All of them are unified in Avast Security Suite for Linux.
Do you have an old 64-bit x86 system? Avast can keep your old hardware safe and updated at the same time. It works perfectly with CentOS, Ubuntu, Debian and Red Hat (including derivatives). It is mainly intended to be executed by administrators from the use of the terminal.
It is presented as one of the best solutions in the market. It is a complete suite. It gives us active support and updates in real time; this gives us an immediate response to the worst malware attacks, including intelligent tools for monitoring usage and traffic. Do not want to pay for a solution to keep a secure domestic file server? Avast gives us a free home edition that is well worth looking at.
ESET File Security for Linux / FreeBSD
ESET provides a broad set of security software tools for archives. It is designed to be able to keep Linux servers clean, safe and running, all at once.
As with many of the other solutions, it also offers remote administration. This is essential if you have more than just a couple of servers in your installation. Especially if you have servers located in offices in the United States or around the world.
ESET File Security works for a variety of Linux distributions. Including Fedora, Suse, Mandriva, Ubuntu, Debian, Red Hat and FreeBSD, among others.
Tell us, how do you protect against malware attacks in Linux?