Hello.
What is the best tools or Antivirus for check my Linux server for compromised and...?
Tnx.
Best tools for check and protect linux from compromised.
Re: Best tools for check and protect linux from compromised.
No way to be sure... except by analyzing IP traffic, maybe. Try rkhunter and unhide (in EPEL). As for antiviruses, they make sense if you're running a mail or file server, otherwise they're pretty futile, IMO. That is for checking. For protecting, unless there are special needs, just follow basic rules:
1) Regularly update and back up your system
2) Don't activate services you don't need
3) Use a firewall tool (I suggest shorewall, but any will do, even firewalld) to configure iptables and use it to confine services to the network they're intended for
4) Disable root access for SSH, use key authentication only
5) Use SELinux (that is, never turn it off unless briefly for testing, and turn it on again right away when you're done)
1) Regularly update and back up your system
2) Don't activate services you don't need
3) Use a firewall tool (I suggest shorewall, but any will do, even firewalld) to configure iptables and use it to confine services to the network they're intended for
4) Disable root access for SSH, use key authentication only
5) Use SELinux (that is, never turn it off unless briefly for testing, and turn it on again right away when you're done)
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.
Re: Best tools for check and protect linux from compromised.
How about Clamav?
Re: Best tools for check and protect linux from compromised.
See above. Given the still low relevance of Linux viruses, most companies (for example the company I work for) don't require an antivirus on Linux systems, unless they can be used as attack vectors for windows machines. But if you run a mail server, or it just makes you feel better, you can obviously install it.
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.
Re: Best tools for check and protect linux from compromised.
Hi,
What server do You have? Production server inside internal network, VPS, proxy server, etc? Give more details.
In all scenario You should make different best practices in security.
What server do You have? Production server inside internal network, VPS, proxy server, etc? Give more details.
In all scenario You should make different best practices in security.
Re: Best tools for check and protect linux from compromised.
I have a Virtual Server that I use it as Web Server.mghe wrote:Hi,
What server do You have? Production server inside internal network, VPS, proxy server, etc? Give more details.
In all scenario You should make different best practices in security.
Re: Best tools for check and protect linux from compromised.
Hi,
On VPS I like recommend You:
1. Enable cert logon on server,
2. Disable root logon via SSH,
3. If You have private IP, choose it for logon on server only,
4. Change port 22 to other,
5. Use psacct for monitor activities,
6. Fail2ban or/and DenyHost to block brute force attack to Your server
7. Use LMD to check website space, as monitor or cycle,
8. Cycle make audit by Lynis
9. Cycle read logs. Logs compress and send beyond server via mail.
10. Make warring banner on SSH, ftp,
11. Make backup server, data, db, etc.
12. Make cycle update system and software,
14. Use firewall and open only port which You need,
15. Don't disable SELinux
16. Never share root password, add access via sudo
17. Immediate disable access to server for external engineer after finish his work on server,
For apache, nginx, php:
1. Update to newest version,
2. Disable recognize type and version software,
3. For apache config: Mod_Security, Mod_evasive
4. For nginx: go to website nginx.com and read about good practices : https://www.nginx.com/resources/wiki/st ... _pitfalls/
5. For php: use only modules which You need,
For DB:
1. Use security config as well
If You have mail server on VPS:
1. Use spamassasin,
2. Antyvirus for check mails,
In my opinion best practices is a divide website server and mail server.
Good luck!
On VPS I like recommend You:
1. Enable cert logon on server,
2. Disable root logon via SSH,
3. If You have private IP, choose it for logon on server only,
4. Change port 22 to other,
5. Use psacct for monitor activities,
6. Fail2ban or/and DenyHost to block brute force attack to Your server
7. Use LMD to check website space, as monitor or cycle,
8. Cycle make audit by Lynis
9. Cycle read logs. Logs compress and send beyond server via mail.
10. Make warring banner on SSH, ftp,
11. Make backup server, data, db, etc.
12. Make cycle update system and software,
14. Use firewall and open only port which You need,
15. Don't disable SELinux
16. Never share root password, add access via sudo
17. Immediate disable access to server for external engineer after finish his work on server,
For apache, nginx, php:
1. Update to newest version,
2. Disable recognize type and version software,
3. For apache config: Mod_Security, Mod_evasive
4. For nginx: go to website nginx.com and read about good practices : https://www.nginx.com/resources/wiki/st ... _pitfalls/
5. For php: use only modules which You need,
For DB:
1. Use security config as well
If You have mail server on VPS:
1. Use spamassasin,
2. Antyvirus for check mails,
In my opinion best practices is a divide website server and mail server.
Good luck!