Security is vitally important going forward in 2023 as cybercriminals have demonstrated over and over again their relentless pursuit to disrupt the hosting industry and all things Internet related. There are certainly many more apps we could list here, but these ten security apps for Linux dedicated servers are at the top of the iceberg in popularity and functionality. Let’s start with:
As an anti-virus app, ClamAV detects viruses, Trojans, malware and all sorts of malicious threats and it’s the open source standard for scanning software for mail gateways. It’s a highly versatile app, supporting multiple file formats and signature languages, plus file and archive unpacking.
Some features of ClamAV
- It has a command-line scanner featuring on-access scanning
- Its database for identifying viruses is updated daily
- Support for multiple archive formats like RAR, Gzip, ZIP and others is built in
- Support for Microsoft Office and Mac Office files, plus HTML, PDF and RTF built in.
- It includes a Milter interface for sendmail
- And it features built-in support for many mail file formats.
Rootkits are a malicious set of software tools that enable cybercriminals to gain control of a computer system without being detected. Chkrootkit is a tool that enables you to check for signs of a rootkit. How does it do that? By testing applications like:
And many more.
It checks for signs of LKM Trojans, utmp deletions and lastlog deletions (plus others).
GnuPG is a privacy guard app facilitating secure data storage and communication. It essentially does this by encrypting, then signing data so others can determine its authenticity. As a command line tool, it easily integrates with other applications. It supports DSA, Elgamal and RSA public key algorithms, plus symmetric algorithms like 3DES, Twofish and AES. Add compression algorithms like ZLIB, BZIP2 and ZIP, plus digest algorithms like MD5, SHA-1 and others. It features:
- An online help system
- Integrated support for HKP keyservers
- Full replacement of PGP
- Full OpenPGP implementation
And much more.
IPCop is a Linux firewall distribution designed for home and SOHO users. As such, it has a task based user friendly interface. It offers:
- Port forwarding
- DMZ support
- An IPChains based firewall with DHCP server
- Caching DNS
- IPSec based VPN support using FreeS/WAN
- And the Squid web proxy
It also offers IPSec VPN support.
Open Source Tripwire
Tripwire assists businesses to successfully automate the hardening of security on their servers, network devices and databases, continuously monitoring the integrity of those systems.
It’s a free data integrity and software security tool that is useful for monitoring and alerting administrators to specific file changes, functioning as a host-based IDS.
It’s best utilized for monitoring a relatively small number of server where centralized control isn’t deemed necessary.
Its features include:
- Command Line User Interface
- Change Detection
- Textual reports with one to five levels of detail
- Send SNMP traps & emails
- Single host based management
Denyhosts analyzes the sshd server log messages, then determines what hosts are attempting to hack into your system. If you want to know what user accounts are being targeted, it does that as well. Its goal is to stop brute force attacks on SSH servers. It does this by monitoring invalid logins, then blocking the originating IP’s.
Some of its features include:
- Keeps track of each offending host
- Keeps track of suspicious logins
- Optionally sends an email of newly banned hosts and suspicious logins
- Resolves IP addresses to hostnames, if available
- Maintains failed valid and invalid user login attempts in separate files
- Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed
It also keeps a history of all host, user and suspicious logins encountered
iptables is a user space command line program used to configure the Linux 2.4.x and later packet filtering ruleset, which was primarily designed for system administrators. Network Address Translation (NAT) is configured from the same ruleset, so iptables is used for this as well.
Some of its main features are:
- Handles filtering and management of incoming and outgoing IP packets
- Part of the Netfilter framework
- Performs Network Address Translation (NAT)
Nessus is a security auditing tool, making it possible to test security modules so that vulnerable spots can be identified and fixed.
It’s set up as a server and a client in two separate parts. The server/daemon, nessusd, is in charge of the attacks, and the client, nessus, provides the user with an X11/GTK+ interface.
Its features include:
- Network Assessment and Discovery
- Performs sophisticated remote scans and audits of UNIX, Windows, and network infrastructures
- Discovers network devices and identifies the operating systems, applications, databases, and services running on those assets
- Agentless Patch, Configuration, Content Auditing
- Allows you to rapidly deploy the scanners
- Eliminates the need for agent patching
- Creates a flexible environment that is not dependent on target-specific agents
- High speed vulnerability identification
- Can continuously scan your network devices to drastically save time identifying vulnerabilities
- Can be configured to test a range of IP addresses or for DNS or MAC addresses if IPs are dynamic
Vuurmuur is a firewall manager built on top of iptables. Its configuration is easy to comprehend, which allows it to work well in simple and complex configurations. Fully configurable through an Ncurses GUI, it facilitates secure remote admin via SSH or on the console.
Vuurmuur allows admins to look at logs, connections and bandwidth usage in real-time.
Some of its features include:
- Basic traffic volume accounting
- Searching through old logfiles
- Realtime log viewing
- Realtime connection viewing
- Filtering in log viewing and connection viewing
- Secure default policy
- Entirely manageable through SSH and from the console
- Scriptable for integration with other tools
- Can produce a bash firewall script
- No iptables knowledge required
- Humanly readable rules syntax
- Ncurses GUI, no X required
- Port forwarding is made very simple
- Easy to setup in with NAT
- Anti-spoofing features
- Killing of unwanted connections
- Supports working with Snort inline using QUEUE or NFQUEUE
- Audit logging: all changes are logged
- Logging of new connections and bad packets
- Traffic volume accounting
Rootkit Hunter is a Unix-based tool that scans for backdoors, rootkits and possible local exploits.
It carries out a myriad of checks on the local system in an effort to detect known malware and rootkits. In addition to verifying if commands have been altered and if the system startup files have been altered, it performs various checks on the network interfaces, including checks for listening applications.
It was written to be as generic as possible, so that it could run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are Perl scripts.
Some features include:
- Compares MD5 hashes of important files with known good ones in online database
- Searches for:
- Wrong permissions
- Hidden files
- Default directories of rootkits
- Suspicious strings in kernel modules, and
- Special tests
BROUGHT TO YOU BY PROLIMEHOST
We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.
VPS SERVICES: LIGHTNING FAST SSD VIRTUAL SERVERS
Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.
That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.
Now is the time to join the ProlimeHost virtual private server revolution.
DEDICATED SERVERS: BACKED BY A 99.9% SLA NETWORK UPTIME GUARANTEE
We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call 1-877-477-9454 or contact us. We’re here to help.
- Are Ideas Without Execution Good or Bad? - May 26, 2023
- Dedicated Servers Versus Collocation? Must Read - May 25, 2023
- Must Read for Web Hosting Entrepreneurs! - May 24, 2023