Home » Linux » Install and Configure Security Software on Ubuntu

Install and Configure Security Software on Ubuntu

By in Linux, Tutorial on .
security as text and a mouse cursor

Introduction

The topic of the blog post is applied IT Security on Linux Ubuntu Desktops. IT security is a hot topic since all the aspects of our live is based on IT in one form or another. Many companies around the world are affected by attacks against their IT systems and these attacks do a huge harm and cost a lot of money.

On one side systems and data security is a challenge for companies but on the other side also private individuals are seeking for security and want to have safe IT systems.

Ubuntu Desktop and Linux Desktop users are less exposed to cyber threads than Windows users but Microsoft also geared up its recent Windows versions regarding to IT security.

From my experience I can say that mostly an odd behavior of a Linux desktop system is caused by a software bug rather than a hacker, a virus, a rootkit or another malware. That applies to Windows too.

But to be sure it’s always good to know how to check your Ubuntu PC or Linux Desktop for malware and keep it safe. That’s why I want to introduce 4 Linux IT security tools to you. They are:

  • Rookit Hunter which is a malware scanner
  • ClamAV, an anti virus software
  • Chkrootkit, another malware scanner
  • UFW, stands for uncomplicated firewall

Let’s start with Rootkit Hunter:


Rootkit Hunter

A rootkit is a malicious software which grants a hacker full access to an IT System. There are a lot of different rootkits around for Linux systems.

There is a software for detecting rootkits on Linux systems which is called Rootkit Hunter.

First of all, if we want to use Rootkit Hunter, we need to install it by opening a terminal and and we need to execute:

sudo apt-get install rkhunter

As a next step we need to update Rootkit Hunter:

sudo rkhunter --update

Then we have to do a check of our Linux (Ubuntu) system with:

sudo rkhunter -c

Several checks are done then on the Linux system.

Often Rootkit Hunter doesn’t run immediately after the installation and gives us some errors.

Learn here how to fix WEB_CMD, Update failed, SCRIPTWHITELIST errors.

We learn about a Linux anti virus software next.


ClamAV

ClamAV is the Linux anti virus software which is available since more than two decades. There are every now and then proprietary anti virus solutions for Linux popping up for a short period of time. I have seen Linux versions from the anti virus software vendors Sophos, AVG, Avira and so on. But after so short time these products were vanishing.

So ClamAV is the most reliable anti virus software for Linux. Let’s learn how to install it on Ubuntu:

sudo apt-get install clamav

Next we need to update the virus definitions:

sudo freshclam

Then we are able to scan a directory with the following command and its options:

clamscan /home –recursive=yes –infected

The parameter “–recursive” means that also sub directories of /home are scanned. The option ” –infected” means that there is only output in the terminal if a virus was found. /home is our directory which we want to be scanned.

So far, so good. Now we are learning about another rootkit scanner – Chkrootkit.


Chkrootkit

Chkrootkit is like Rootkit Hunter a detection software for rootkits on Linux systems.

Since rootkits are often hiding themselves on infected system it could be a good approach to scan the system (the file system) with a Linux live system. Find the instruction here!

The first step is to install Chkrootkit on Ubuntu:

sudo apt-get install chkrootkit

Then do the check with:

sudo chkrootkit

Here you are seeing if there are finds or suspicious files on the computer. As next we learn about a firewall.


UFW – Uncomplicated Firewall

Not only scanning a system and detecting malicious software is important for systems and data security. Also protecting our services on our Linux system with a firewall is an important prevention and security measure.

Depending on our systems setup probably several services (servers, also called daemons ) are active on our Linux. It could be the SSH server (Secure Shell Server) or any other service. We want to protect these services with a firewall.

The most firewall products need a deeper understanding of networking and networking technologies. But there is a simple solution available for Linux called “UFW – Uncomplicated Firewall”. If installed and activated it blocks incoming network traffic by default and allows all the outgoing network traffic.

Let’s install UFW with “apt-get”:

sudo apt-get install ufw

Then we need to enable the UFW with:

sudo ufw enable

To get more detailed information type:

ufw status verbose

You will see these lines in the output:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

Conclusion

I introduced 4 important tools to you and I showed you how to install and configure these tools. The rootkit scanners are a good starting point if a systems show an odd or suspicious behavior. And ClamAV is a stable project since many years. It’s always good to have a firewall enabled and UFW is really easy to enable and to handle.

Feel free to comment this post!

consulting picture

WordPress Cookie Notice by Real Cookie Banner