HACKER Q&A
📣 rapnie

What do you use to protect your Linux box from malware?


After seeing the (Dutch) documentary 'Rats & Slaves' [0] about Remote Access Trojans, and finding that they also exist for Linux [1] I am going to do some scanning today on my systems.

Question is: What tools are best to use here to ensure I can sleep safely knowing no viruses, trojans, rootkits and other filth have nestled in my systems?

Also curious what are best, reliable websites to keep up-to-date on security best-practices related to this.

PS. I intend to start my scan with ClamAV, followed by chkrootkit and rkhunter as outlined here [2].

[0] https://youtube.com/watch?v=BGsw_l0tT10

[1] https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-linux-windows-with-new-dacls-malware/

[2] https://www.linux.com/tutorials/security-tools-check-viruses-and-malware-linux/

  👤 harikb Accepted Answer ✓
First, you have to understand that once infected, a system can never be fully cleaned. So you if you are not sure how your past usage has been and might have installed random software, you need to reinstall your system after backing up your non-system files. This is the only sure way. AV software claim to solve what-they-can in the best possible way for a person who doesn't have any other option. The very fact that you are using Linux, I assume you are step above the average AV customer base.

Once you have clean system, you have to follow a discipline - do not work as root, restrict ssh access to specific users, don't run unnecessary services. Far too many to list here. Unfortunately, that is how the world is. Be paranoid. May be even use a VM to run software you don't trust. Always install software using package managers or at least do basic sanity checks like checksums on anything you download.

There is no software that will run a scan and give you a green check. If there is one like that, I wouldn't trust it either.