System administrators need to protect their systems from viruses and malware. There are always threats of brute force attacks, DDOS and port scans. Although well configured firewall rules protect your system, it is important to scan them regularly to see if anything got in. This will help you identify and delete any unexpected programs that might be harming your system. In this article, we will learn about 4 tools to scan Linux for viruses & malware.
Tools to Scan Linux for Viruses & Malware
Here are four tools to scan Linux for viruses & malware.
Chkrootkit is an open source rootkit scanner for Linux systems. Rootkits are hard to detect software & programs that allow access to a computer where access it not allowed. They are used by hackers to access remote servers and steal data. Chkrootkit consists of shell scripts that checks system binaries for rootkit modifications. Here is the command to install chkrootkit in Ubuntu/Debian systems.
$ sudo apt install chkrootkit
In RHEL/Fedora/CentOS systems, you need to install Chkrootkit.
# yum update # yum install wget gcc-c++ glibc-static # wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz # tar –xzf chkrootkit.tar.gz # mkdir /usr/local/chkrootkit # mv chkrootkit-0.52/* /usr/local/chkrootkit # cd /usr/local/chkrootkit # make sense
To check chkrootkit, run the following command.
$ sudo chkrootkit OR # /usr/local/chkrootkit/chkrootkit
If you want to automatically run chkrootkit every night at 3.a.m open crontab.
$ crontab -e
Add the following line to it. Replace email@example.com with your administrator email address to receive rootkit scan report
0 3 * * * /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit Reports of My Server" firstname.lastname@example.org
Lynis is a free open-source, powerful security auditing & scanning tool for Linux. It scans system for viruses, malware and security vulnerabilities. It also checks for file integrity, configuration errors, performs firewall auditing, checks installed software, file/directory permissions and so much more. It also offers suggestions to harden your server. Here are the commands to install Lynis from source.
# cd /opt/ # wget https://downloads.cisofy.com/lynis/lynis-2.6.6.tar.gz # tar xvzf lynis-2.6.6.tar.gz # mv lynis /usr/local/ # ln -s /usr/local/lynis/lynis /usr/local/bin/lynis
Once you have installed Lynis, you can scan the system using the following command.
# lynis audit system
If you want to run Lynis every night at 3.a.m, open crontab file.
$ crontab -e
Add the following line to it. Replace email@example.com with your administrator email to receive scan reports.
0 3 * * * /usr/local/bin/lynis --quick 2>&1 | mail -s "Lynis Reports of My Server" firstname.lastname@example.org
RkHunter (RootKit Hunter) is another open source, free tool for scanning backdoors, rootkits, and security vulnerabilities. It thoroughly inspects a system for security vulnerabilities.
It can be installed using the following commands.
$ sudo apt install rkhunter # yum install epel-release # yum install rkhunter
Once you have installed it, you can check your system using the following command.
# rkhunter -c
You can also run rkhunter every night at 3.a.m by opening crontab.
# crontab -e
Add the following lines to it. Replace email@example.com with your administrator email.
0 3 * * * /usr/sbin/rkhunter -c 2>&1 | mail -s "rkhunter Reports of My Server" firstname.lastname@example.org
ClamAV is an open source, versatile, and cross platform antivirus engine to detect viruses, trojans & malware. It also offers a mail gateway scanning software to scan all kinds of mail files.
It supports virus database updates and on-access scanning on Linux only. It can scan within archives, compressed files & formats. You can also use it to scan just one or more directories instead of the entire disk. Here is the command to install clamav.
$ sudo apt-get install clamav
Here is the command to install clamav in RHEL/Fedora/CentOS systems.
# yum -y update # yum -y install clamav
Once installed, you can use clamav to scan directories using the following command.
# freshclam # clamscan -r -i DIRECTORY
In this article, we have learnt about tools to scan Linux for viruses and malware.