Ten Security Apps for Linux Dedicated Servers.

Security is vitally important going forward in 2023 as cybercriminals have demonstrated over and over again their relentless pursuit to disrupt the hosting industry and all things Internet related. There are certainly many more apps we could list here, but these ten security apps for Linux dedicated servers are at the top of the iceberg in popularity and functionality. Let’s start with:

ClamAV^® 

As an anti-virus app, ClamAV detects viruses, Trojans, malware and all sorts of malicious threats and it’s the open source standard for scanning software for mail gateways. It’s a highly versatile app, supporting multiple file formats and signature languages, plus file and archive unpacking.

Some features of ClamAV

• It has a command-line scanner featuring on-access scanning
• Its database for identifying viruses is updated daily
• Support for multiple archive formats like RAR, Gzip, ZIP and others is built in
• Support for Microsoft Office and Mac Office files, plus HTML, PDF and RTF built in.
• It includes a Milter interface for sendmail
• And it features built-in support for many mail file formats.

Chkrootkit

Rootkits are a malicious set of software tools that enable cybercriminals to gain control of a computer system without being detected. Chkrootkit is a tool that enables you to check for signs of a rootkit. How does it do that? By testing applications like:

• Sniffer
• Pop3
• Telnetd
• Traceroute
• Write
• Grep
• Bindshell
• Cron
• Echo

And many more.

It checks for signs of LKM Trojans, utmp deletions and lastlog deletions (plus others).

GnuPG

GnuPG is a privacy guard app facilitating secure data storage and communication. It essentially does this by encrypting, then signing data so others can determine its authenticity. As a command line tool, it easily integrates with other applications. It supports DSA, Elgamal and RSA public key algorithms, plus symmetric algorithms like 3DES, Twofish and AES. Add compression algorithms like ZLIB, BZIP2 and ZIP, plus digest algorithms like MD5, SHA-1 and others. It features:

• An online help system
• Integrated support for HKP keyservers
• Full replacement of PGP
• Full OpenPGP implementation

And much more.

IPCop

IPCop is a Linux firewall distribution designed for home and SOHO users. As such, it has a task based user friendly interface. It offers:

• Port forwarding
• DMZ support
• An IPChains based firewall with DHCP server
• Caching DNS
• IPSec based VPN support using FreeS/WAN
• And the Squid web proxy

It also offers IPSec VPN support.

Open Source Tripwire

Tripwire assists businesses to successfully automate the hardening of security on their servers, network devices and databases, continuously monitoring the integrity of those systems.

It’s a free data integrity and software security tool that is useful for monitoring and alerting administrators to specific file changes, functioning as a host-based IDS.

It’s best utilized for monitoring a relatively small number of server where centralized control isn’t deemed necessary.

Its features include:

• Command Line User Interface
• Change Detection
• Textual reports with one to five levels of detail
• Send SNMP traps & emails
• Single host based management

Denyhosts

Denyhosts analyzes the sshd server log messages, then determines what hosts are attempting to hack into your system. If you want to know what user accounts are being targeted, it does that as well. Its goal is to stop brute force attacks on SSH servers. It does this by monitoring invalid logins, then blocking the originating IP’s.

Some of its features include:

• Keeps track of each offending host
• Keeps track of suspicious logins
• Optionally sends an email of newly banned hosts and suspicious logins
• Resolves IP addresses to hostnames, if available
• Maintains failed valid and invalid user login attempts in separate files
• Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed

It also keeps a history of all host, user and suspicious logins encountered

Iptables

iptables is a user space command line program used to configure the Linux 2.4.x and later packet filtering ruleset, which was primarily designed for system administrators. Network Address Translation (NAT) is configured from the same ruleset, so iptables is used for this as well.

Some of its main features are:

• Handles filtering and management of incoming and outgoing IP packets
• Part of the Netfilter framework
• Performs Network Address Translation (NAT)

Nessus

Nessus is a security auditing tool, making it possible to test security modules so that vulnerable spots can be identified and fixed.

It’s set up as a server and a client in two separate parts. The server/daemon, nessusd, is in charge of the attacks, and the client, nessus, provides the user with an X11/GTK+ interface.

Its features include:

• Network Assessment and Discovery
  • Performs sophisticated remote scans and audits of UNIX, Windows, and network infrastructures
  • Discovers network devices and identifies the operating systems, applications, databases, and services running on those assets
• Agentless Patch, Configuration, Content Auditing
  • Allows you to rapidly deploy the scanners
  • Eliminates the need for agent patching
  • Creates a flexible environment that is not dependent on target-specific agents
• High speed vulnerability identification
  • Can continuously scan your network devices to drastically save time identifying vulnerabilities
  • Can be configured to test a range of IP addresses or for DNS or MAC addresses if IPs are dynamic

Vuurmuur

Vuurmuur is a firewall manager built on top of iptables. Its configuration is easy to comprehend, which allows it to work well in simple and complex configurations. Fully configurable through an Ncurses GUI, it facilitates secure remote admin via SSH or on the console.

Vuurmuur allows admins to look at logs, connections and bandwidth usage in real-time.

Some of its features include:

Monitoring

• Basic traffic volume accounting
• Searching through old logfiles
• Realtime log viewing
• Realtime connection viewing
• Filtering in log viewing and connection viewing

Administration

• Secure default policy
• Entirely manageable through SSH and from the console
• Scriptable for integration with other tools
• Can produce a bash firewall script
• No iptables knowledge required
• Humanly readable rules syntax
• Ncurses GUI, no X required
• Port forwarding is made very simple
• Easy to setup in with NAT
• Anti-spoofing features
• Killing of unwanted connections
• Supports working with Snort inline using QUEUE or NFQUEUE

Accounting

• Audit logging: all changes are logged
• Logging of new connections and bad packets
• Traffic volume accounting

Rootkit Hunter

Rootkit Hunter is a Unix-based tool that scans for backdoors, rootkits and possible local exploits.

It carries out a myriad of checks on the local system in an effort to detect known malware and rootkits. In addition to verifying if commands have been altered and if the system startup files have been altered, it performs various checks on the network interfaces, including checks for listening applications.

It was written to be as generic as possible, so that it could run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are Perl scripts.

Some features include:

• Compares MD5 hashes of important files with known good ones in online database
• Searches for:
  • Wrong permissions
  • Hidden files
  • Default directories of rootkits
  • Suspicious strings in kernel modules, and
  • Special tests

BROUGHT TO YOU BY PROLIMEHOST

We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.

VPS SERVICES: LIGHTNING FAST SSD VIRTUAL SERVERS

Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.

That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.

Now is the time to join the ProlimeHost virtual private server revolution.

DEDICATED SERVERS: BACKED BY A 99.9% SLA NETWORK UPTIME GUARANTEE

We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call 1-877-477-9454 or contact us. For everything from gaming servers to cheap dedicated servers, we’re here to help.

ASIA OPTIMIZED SERVERS: IMPROVING CONNECTION SPEED AND QUALITY

Procuring an Asia optimized server improves the connection speed and quality between the server and the users in Asia or China. This can reduce latency, packet loss, jitter, and bandwidth issues that can affect the performance and reliability of the server and the applications hosted on it. For more information, please call 1-877-477-9454 or contact us.

• Author
• Recent Posts

Steve

Director of Sales and Operations at ProlimeHost

Steve's been in the web hosting industry since 1997, helping clients optimize their online solutions from shared hosting and colocation to VPS and dedicated servers.

ProlimeHost specializes in dedicated servers, with data centers in Los Angeles, Utah and Denver. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.

Latest posts by Steve (see all)

• Resource limitations on shared hosting? - April 18, 2024
• Addressing TOS Policies for Web Hosting Providers - April 17, 2024
• Dedicated servers versus cloud computing - April 16, 2024