Q

Don't let Linux malware problems trouble your servers

Malware on a Linux server? It can happen, but with a few tools you can monitor for, prevent and fix rootkit attacks.

Linux doesn't have the same malware problems as you might be used to on other platforms, but issues exist, much to Linux admins' chagrin.

What is the best open source software for detecting malware problems on Linux servers?

Most Linux malware problems are related to rootkits. A rootkit changes binaries on your server and replaces them with versions that have backdoors.

Identify the possible damage done by these rootkits with a system file checker.

Also consider Advanced Intrusion Detection Environment, which has you create a database that stores checksums of all files. It allows you to perform automated scans periodically to find and report on any changes. Once you define a list of files that need monitoring, most of the work is done -- it simply alerts you if something goes wrong.

You can also do checksum verification on binaries that are installed from the package manager. The rpm –Va command provides an overview of which files have changed and what changed about them.

If you're looking for a virus scanner like the one on Windows, you won't find it on Linux; they aren't necessary.  

About the author: Sander van Vugt is an independent trainer and consultant based in the Netherlands. He is an expert in Linux high availability, virtualization and performance. He has authored many books on Linux topics, including Beginning the Linux Command LineBeginning Ubuntu LTS Server Administration and Pro Ubuntu Server Administration.

This was first published in August 2014

Dig deeper on Linux servers

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseLinux

SearchServerVirtualization

SearchCloudComputing

Close