AdSense

Friday, September 1, 2017

12 - Linux Security: ClamAV antivirus


CLAMAV ANTIVIRUS

 - Layout for this exercise:



- ClamAntiVirus (ClamAV) is a free, cross-platform and open-source antivirus software toolkit able to detect many types of malicious software, including viruses, trojans, worms, etc ... 

 https://www.clamav.net/
https://en.wikipedia.org/wiki/Clam_AntiVirus


- Installing clamav and clamav-daemon:




- Searching information for clamav packages:



- freshclam is the tool for clamav virus database update. However, when trying to use freshclam it might be possible to get this error message:


- Detecting any running process related to freshclam:


- Stopping clamav-freshclam service:


- Running again, now the database update is successful:


- Reading freshclam.conf:




- It is interesting to notice that the configuration indicates to check for new databases every 1 hour, what could be considered too much for the CPU performance. It may be changed to just 1 by day, or similar:


- Options for clamscan, the scanning tool of ClamAV:




- Let's scan the home directory of user johndoe. In this case the number of found virus is null:






- Another interesting option would be to move the potential found viruses to a folder created for that purpose (/virus in this case):


- Also, directly removing malware could be an option:


- Searching for malware in the whole system would take a lot of time:


- Sending bell alerts whenever a virus is found:








Posted by at
Labels:

11 - Linux Security: system auditing with LYNIS open source tool


SYSTEM AUDITING WITH LYNIS OPEN SOURCE TOOL

 - Layout for this exercise:


Lynis is a open source security auditing tool for UNIX derivatives like Linux, macOS, BSD, Solaris, AIX, and others, performing an in-depth security scan.

https://cisofy.com/
- Creating a directory for lynis:




- Downloading lynis:


- Extracting:




- Contents of folder lynis:



- Running lynis without commands/parameters/options gives us information about the possibilities of this application:


- Commands to be used:


- Options: 


- Now let's run lynis audit system. As its name indicates linys performs auditing for the system in a really deep way so the displayed output is huge. 

 - Let's see some of the information generated by linys:


































......... etc .............

 - Also some suggestions are provided:



......... etc .............
- A final summary:



- The whole report can be found at files lynis.log and lynis-report.dat inside the folder /var/log:


- Opening lynis-report.dat:





- At the suggestions section there is a lot of interesting information:



- For instance, the consideration of setting to no the directive PermitRootLogin with the purpose of disabling SSH root connection, like we saw in a previous exercise:








Posted by at
Labels:
Subscribe to: Posts (Atom)