The topic of the blog post is applied IT Security on Linux Ubuntu Desktops. IT security is a hot topic since all the aspects of our live is based on IT in one form or another. Many companies around the world are affected by attacks against their IT systems and these attacks do a huge harm and cost a lot of money.
On one side systems and data security is a challenge for companies but on the other side also private individuals are seeking for security and want to have safe IT systems.
Ubuntu Desktop and Linux Desktop users are less exposed to cyber threads than Windows users but Microsoft also geared up its recent Windows versions regarding to IT security.
From my experience I can say that mostly an odd behavior of a Linux desktop system is caused by a software bug rather than a hacker, a virus, a rootkit or another malware. That applies to Windows too.
But to be sure it’s always good to know how to check your Ubuntu PC or Linux Desktop for malware and keep it safe. That’s why I want to introduce 4 Linux IT security tools to you. They are:
- Rookit Hunter which is a malware scanner
- ClamAV, an anti virus software
- Chkrootkit, another malware scanner
- UFW, stands for uncomplicated firewall
Let’s start with Rootkit Hunter:
A rootkit is a malicious software which grants a hacker full access to an IT System. There are a lot of different rootkits around for Linux systems.
There is a software for detecting rootkits on Linux systems which is called Rootkit Hunter.
First of all, if we want to use Rootkit Hunter, we need to install it by opening a terminal and and we need to execute:
sudo apt-get install rkhunter
As a next step we need to update Rootkit Hunter:
sudo rkhunter --update
Then we have to do a check of our Linux (Ubuntu) system with:
sudo rkhunter -c
Several checks are done then on the Linux system.
Often Rootkit Hunter doesn’t run immediately after the installation and gives us some errors.
Learn here how to fix WEB_CMD, Update failed, SCRIPTWHITELIST errors.
We learn about a Linux anti virus software next.
ClamAV is the Linux anti virus software which is available since more than two decades. There are every now and then proprietary anti virus solutions for Linux popping up for a short period of time. I have seen Linux versions from the anti virus software vendors Sophos, AVG, Avira and so on. But after so short time these products were vanishing.
So ClamAV is the most reliable anti virus software for Linux. Let’s learn how to install it on Ubuntu:
sudo apt-get install clamav
Next we need to update the virus definitions:
Then we are able to scan a directory with the following command and its options:
clamscan /home –recursive=yes –infected
The parameter “–recursive” means that also sub directories of /home are scanned. The option ” –infected” means that there is only output in the terminal if a virus was found. /home is our directory which we want to be scanned.
So far, so good. Now we are learning about another rootkit scanner – Chkrootkit.
Chkrootkit is like Rootkit Hunter a detection software for rootkits on Linux systems.
The first step is to install Chkrootkit on Ubuntu:
sudo apt-get install chkrootkit
Then do the check with:
Here you are seeing if there are finds or suspicious files on the computer. As next we learn about a firewall.
UFW – Uncomplicated Firewall
Not only scanning a system and detecting malicious software is important for systems and data security. Also protecting our services on our Linux system with a firewall is an important prevention and security measure.
Depending on our systems setup probably several services (servers, also called daemons ) are active on our Linux. It could be the SSH server (Secure Shell Server) or any other service. We want to protect these services with a firewall.
The most firewall products need a deeper understanding of networking and networking technologies. But there is a simple solution available for Linux called “UFW – Uncomplicated Firewall”. If installed and activated it blocks incoming network traffic by default and allows all the outgoing network traffic.
Let’s install UFW with “apt-get”:
sudo apt-get install ufw
Then we need to enable the UFW with:
sudo ufw enable
To get more detailed information type:
ufw status verbose
You will see these lines in the output:
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip
I introduced 4 important tools to you and I showed you how to install and configure these tools. The rootkit scanners are a good starting point if a systems show an odd or suspicious behavior. And ClamAV is a stable project since many years. It’s always good to have a firewall enabled and UFW is really easy to enable and to handle.
Feel free to comment this post!