SECRET OF CSS

3 Tools to Detect Linux Vulnerabilities


Tips on how to protect your Linux system from hacker attacks

A colorful umbrella
Photo by Stephane YAICH on Unsplash

Although Linux is known for its stable security, it’s still exposed to cyber-attacks. Hackers try to steal valuable information or just destroy the system. That’s why it’s essential to have extra protection to prevent eventual issues.

In this article, I will present 3 useful, free tools to keep your server protected. You will learn how to scan your server for security weaknesses and malware.

The examples have been tested on a Ubuntu distribution.

Let’s get started!

Lynis is an open-source security tool for Unix-based operating systems to detect vulnerabilities. It’s primarily used for audit and compliance testing. For example, file permissions, firewall settings, installed software, user accounts, kernel, networking, USB devices, and many more.

Installation

To install Lynis on Ubuntu, execute the following command:

$ sudo apt-get install lynis

Demo

It’s straightforward to run a security check:

$ sudo lynis audit system

It will take a couple of minutes. You should see a report with status keywords such as Found, Not Found, Disabled, Suggestion, Warning, etc.

User accounts checkup by Lynis

Additionally, the tool created reports and log files containing more precise information about the scan.

  • /var/log/lynis.log — this log file is valuable to understand what the program did in the background. You can find recommendations for problems. For instance:
Suggestion: Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [test:BOOT-5122] [details:-] [solution:-]
  • /var/log/lynis-report.dat — this is a report from the audit process in a more user-friendly format.

Tip: To make your system more secure, you can schedule a cron job to run Lynis periodically and send you reports.

Maltrail is another useful open-source security tool. It’s mainly used for detecting suspicious traffic. It works with a database of publicly available lists of malicious and/or suspicious trails. For example, a fishy trail can be an IP address, a domain name, etc.

Installation

To install this tool on Ubuntu, run these commands to install the necessary libraries:

$ sudo apt-get install git python3 python3-dev python3-pip python-is-python3 libpcap-dev build-essential procps schedtool$ sudo pip3 install pcapy-ng$ git clone --depth 1 https://github.com/stamparm/maltrail.git

Demo

$ cd maltrail$ sudo python3 sensor.py

To access the reporting Dashboard, open http://127.0.0.1:8338 (login with default credentials admin:changeme!).

Maltrail Dashboard
Threat information

The Maltrail project offers a demo with real-life threats available here.

ClamAV is a free tool for detecting viruses, malware, trojans and similar threats. It’s specially designed for e-mail scanning on mail gateways.

Installation

To install this tool on Ubuntu, run:

$ sudo apt-get install clamav

Demo

Once installed, you can run the freshclam service to update the list of known virus signatures:

$ sudo freshclam

To scan a directory, run this command:

$ sudo clamscan -r -i /home/user/projects/mydir

In this example, I want to scan a folder named mydir. The argument -r stands for recursive, and the -i tells ClamAV to show infected files only.

The output looks like this:

ClamAV report results



News Credit

%d bloggers like this: