Best tools for check and protect linux from compromised.

Support for security such as Firewalls and securing linux
Post Reply
hack3rcon
Posts: 460
Joined: 2014/11/24 11:04:37

Best tools for check and protect linux from compromised.

Post by hack3rcon » 2016/03/08 19:44:04

Hello.
What is the best tools or Antivirus for check my Linux server for compromised and...?

Tnx.

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: GMT

Re: Best tools for check and protect linux from compromised.

Post by giulix63 » 2016/03/09 08:56:07

No way to be sure... except by analyzing IP traffic, maybe. Try rkhunter and unhide (in EPEL). As for antiviruses, they make sense if you're running a mail or file server, otherwise they're pretty futile, IMO. That is for checking. For protecting, unless there are special needs, just follow basic rules:
1) Regularly update and back up your system
2) Don't activate services you don't need
3) Use a firewall tool (I suggest shorewall, but any will do, even firewalld) to configure iptables and use it to confine services to the network they're intended for
4) Disable root access for SSH, use key authentication only
5) Use SELinux (that is, never turn it off unless briefly for testing, and turn it on again right away when you're done)
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

hack3rcon
Posts: 460
Joined: 2014/11/24 11:04:37

Re: Best tools for check and protect linux from compromised.

Post by hack3rcon » 2016/03/09 14:31:40

How about Clamav?

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: GMT

Re: Best tools for check and protect linux from compromised.

Post by giulix63 » 2016/03/09 15:03:17

See above. Given the still low relevance of Linux viruses, most companies (for example the company I work for) don't require an antivirus on Linux systems, unless they can be used as attack vectors for windows machines. But if you run a mail server, or it just makes you feel better, you can obviously install it.
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

mghe
Posts: 749
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: Best tools for check and protect linux from compromised.

Post by mghe » 2016/03/11 15:31:25

Hi,

What server do You have? Production server inside internal network, VPS, proxy server, etc? Give more details.

In all scenario You should make different best practices in security.

hack3rcon
Posts: 460
Joined: 2014/11/24 11:04:37

Re: Best tools for check and protect linux from compromised.

Post by hack3rcon » 2016/03/11 17:34:20

mghe wrote:Hi,

What server do You have? Production server inside internal network, VPS, proxy server, etc? Give more details.

In all scenario You should make different best practices in security.
I have a Virtual Server that I use it as Web Server.

mghe
Posts: 749
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: Best tools for check and protect linux from compromised.

Post by mghe » 2016/03/18 08:04:01

Hi,

On VPS I like recommend You:

1. Enable cert logon on server,
2. Disable root logon via SSH,
3. If You have private IP, choose it for logon on server only,
4. Change port 22 to other,
5. Use psacct for monitor activities,
6. Fail2ban or/and DenyHost to block brute force attack to Your server
7. Use LMD to check website space, as monitor or cycle,
8. Cycle make audit by Lynis
9. Cycle read logs. Logs compress and send beyond server via mail.
10. Make warring banner on SSH, ftp,
11. Make backup server, data, db, etc.
12. Make cycle update system and software,
14. Use firewall and open only port which You need,
15. Don't disable SELinux
16. Never share root password, add access via sudo
17. Immediate disable access to server for external engineer after finish his work on server,

For apache, nginx, php:

1. Update to newest version,
2. Disable recognize type and version software,
3. For apache config: Mod_Security, Mod_evasive
4. For nginx: go to website nginx.com and read about good practices : https://www.nginx.com/resources/wiki/st ... _pitfalls/
5. For php: use only modules which You need,

For DB:

1. Use security config as well


If You have mail server on VPS:
1. Use spamassasin,
2. Antyvirus for check mails,

In my opinion best practices is a divide website server and mail server.

Good luck!

Post Reply

Return to “CentOS 7 - Security Support”