Ten Security Apps for Linux Dedicated Servers. Do you have them?

Linux Dedicated Server

Security is vitally important going forward in 2016 as cybercriminals have demonstrated over and over again their relentless pursuit to disrupt the hosting industry and all things Internet related. There are certainly many more apps we could list here, but these ten are at the top of the iceberg in popularity and functionality. Let’s start with:

ClamAV® 

As an anti-virus app, ClamAV detects viruses, Trojans, malware and all sorts of malicious threats and it’s the open source standard for scanning software for mail gateways. It’s a highly versatile app, supporting multiple file formats and signature languages, plus file and archive unpacking.

Some features of ClamAV

  • It has a command-line scanner featuring on-access scanning
  • Its database for identifying viruses is updated daily
  • Support for multiple archive formats like RAR, Gzip, ZIP and others is built in
  • Support for Microsoft Office and Mac Office files, plus HTML, PDF and RTF built in.
  • It includes a Milter interface for sendmail
  • And it features built-in support for many mail file formats.

Chkrootkit

Rootkits are a malicious set of software tools that enable cybercriminals to gain control of a computer system without being detected. This app is a tool that enables you to check for signs of a rootkit. How does it do that? By testing applications like:

  • Sniffer
  • Pop3
  • Telnetd
  • Traceroute
  • Write
  • Grep
  • Bindshell
  • Cron
  • Echo

And many more.

It checks for signs of LKM Trojans, utmp deletions and lastlog deletions (plus others).

GnuPG

This is a privacy guard app facilitating secure data storage and communication. It essentially does this by encrypting, then signing data so others can determine its authenticity. As a command line tool, it easily integrates with other applications. It supports DSA, Elgamal and RSA public key algorithms, plus symmetric algorithms like 3DES, Twofish and AES. Add compression algorithms like ZLIB, BZIP2 and ZIP, plus digest algorithms like MD5, SHA-1 and others. It features:

  • An online help system
  • Integrated support for HKP keyservers
  • Full replacement of PGP
  • Full OpenPGP implementation

And much more.

IPCop

As a Linux firewall distribution, this app is designed for home and SOHO users. As such, it has a task based user friendly interface. It offers:

  • Port forwarding
  • DMZ support
  • An IPChains based firewall with DHCP server
  • Caching DNS
  • IPSec based VPN support using FreeS/WAN
  • And the Squid web proxy

It also offers IPSec VPN support.

Open Source Tripwire

Tripwire assists businesses to successfully automate the hardening of security on their servers, network devices and databases, continuously monitoring the integrity of those systems.

It’s a free data integrity and software security tool that is useful for monitoring and alerting administrators to specific file changes, functioning as a host-based IDS.

It’s best utilized for monitoring a relatively small number of server where centralized control isn’t deemed necessary.

Its features include:

  • Command Line User Interface
  • Change Detection
  • Textual reports with one to five levels of detail
  • Send SNMP traps & emails
  • Single host based management

Denyhosts

This app analyzes the sshd server log messages, then determines what hosts are attempting to hack into your system. If you want to know what user accounts are being targeted, it does that as well. Its goal is to stop brute force attacks on SSH servers. It does this by monitoring invalid logins, then blocking the originating IP’s.

Some of its features include:

  • Keeps track of each offending host
  • Keeps track of suspicious logins
  • Optionally sends an email of newly banned hosts and suspicious logins
  • Resolves IP addresses to hostnames, if available
  • Maintains failed valid and invalid user login attempts in separate files
  • Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed

It also keeps a history of all host, user and suspicious logins encountered

Iptables

iptables is a user space command line program used to configure the Linux 2.4.x and later packet filtering ruleset, which was primarily designed for system administrators. Network Address Translation (NAT) is configured from the same ruleset, so iptables is used for this as well.

Some of its main features are:

  • Handles filtering and management of incoming and outgoing IP packets
  • Part of the Netfilter framework
  • Performs Network Address Translation (NAT)

Nessus

This app is a security auditing tool, making it possible to test security modules so that vulnerable spots can be identified and fixed.

It’s set up as a server and a client in two separate parts. The server/daemon, nessusd, is in charge of the attacks, and the client, nessus, provides the user with an X11/GTK+ interface.

Its features include:

  • Network Assessment and Discovery
    • Performs sophisticated remote scans and audits of UNIX, Windows, and network infrastructures
    • Discovers network devices and identifies the operating systems, applications, databases, and services running on those assets
  • Agentless Patch, Configuration, Content Auditing
    • Allows you to rapidly deploy the scanners
    • Eliminates the need for agent patching
    • Creates a flexible environment that is not dependent on target-specific agents
  • High speed vulnerability identification
    • Can continuously scan your network devices to drastically save time identifying vulnerabilities
    • Can be configured to test a range of IP addresses or for DNS or MAC addresses if IPs are dynamic

Vuurmuur

This app is a firewall manager built on top of iptables. Its configuration is easy to comprehend, which allows it to work well in simple and complex configurations. Fully configurable through an Ncurses GUI, it facilitates secure remote admin via SSH or on the console.

Vuurmuur allows admins to look at logs, connections and bandwidth usage in real-time.

Some of its features include:

Monitoring

  • Basic traffic volume accounting
  • Searching through old logfiles
  • Realtime log viewing
  • Realtime connection viewing
  • Filtering in log viewing and connection viewing

Administration

  • Secure default policy
  • Entirely manageable through SSH and from the console
  • Scriptable for integration with other tools
  • Can produce a bash firewall script
  • No iptables knowledge required
  • Humanly readable rules syntax
  • Ncurses GUI, no X required
  • Port forwarding is made very simple
  • Easy to setup in with NAT
  • Anti-spoofing features
  • Killing of unwanted connections
  • Supports working with Snort inline using QUEUE or NFQUEUE

Accounting

  • Audit logging: all changes are logged
  • Logging of new connections and bad packets
  • Traffic volume accounting

Rootkit Hunter

This app is a Unix-based tool that scans for backdoors, rootkits and possible local exploits.

It carries out a myriad of checks on the local system in an effort to detect known malware and rootkits. In addition to verifying if commands have been altered and if the system startup files have been altered, it performs various checks on the network interfaces, including checks for listening applications.

It was written to be as generic as possible, so that it could run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are Perl scripts.

Some features include:

  • Compares MD5 hashes of important files with known good ones in online database
  • Searches for:
    • Wrong permissions
    • Hidden files
    • Default directories of rootkits
    • Suspicious strings in kernel modules, and
    • Special tests

Brought to you by ProlimeHost

We’ve been in the web hosting industry for ten years, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in dedicated servers, with data centers in Los Angeles, Phoenix, Denver and Singapore.

The E3 1275 v5 processor is now available at great pricing, giving you the ability to add up to 64GB of DDR4 ECC RAM. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.

Steve

Leave a Reply

15 + three =