Posted on 02/07/2023 9:50:22 AM PST by ShadowAce
Linux is undoubtedly the best open-source operating system, and is arguably the most secure OS by design. Most computers these days are Linux-based. Android OS, which is the most commonly used mobile operating system, is also Linux-based. The same goes for Chromebooks and a variety of tablets.
As amazing as Linux is, the chances of it getting compromised are also increasing due to its growing popularity. Although many tech enthusiasts believe that Linux is immune to viruses and malware, and doesn't require any anti-malware or anti-virus solutions, this isn't entirely true. What you need to understand is that no operating system in the world is 100% immune to such things.
Though Linux is safer than the rest, it can still fall victim to attack. Thus, taking precautions is necessary when it comes to robust cybersecurity. However, before choosing an antivirus or anti-malware solution, the first thing that you need to do is check if your Linux system is compromised or how vulnerable it is. In this article, we're going to cover it all in detail so that you're prepared to deal with the worst-case scenario beforehand.
The growing threat of Linux malware and ransomware has put businesses on a red alert. Many of them have implanted new strategies and tools to protect themselves. The digital market is dominated by Windows, but Linux is the most used operating system. In other words, it's everyone's favorite.
The global Linux market was worth 5.33 billion USD in 2021 and it's expected to grow to 22.15 billion USD by 2029. A record increase in malware attacks on Linux devices has been recorded in the second half of 2021 and the first half of 2022.
Moreover, cross-platform ransomware has become common between Android, Linux, and iOS. As a result, individuals and companies are now investing in keeping their Linux devices secure. However, before making this investment it is important to know about the threats you face. This will help you identify security measures to combat them, and determine those that are not for you.
Malware, a blanket term for viruses, is any software that's designed to disrupt a smartphone, personal computer, laptop, server, etc. Malware interferes with your computer network's regular functioning, causing data leaks and breaches. There are different kinds of attacks that Linux users are coming across these days, including:
State-sponsored attacks are becoming increasingly common in the Linux environment. These attacks can usually be attributed to organizations and individuals monitoring countries or nations. Many security researchers have shed light on state-sponsored malware post-Russia-Ukraine dispute. Wiper malware has been deployed to monitor different nation-state groups and their activities concerning the war.
A family of viruses, including Mozi, Mirai, and XorDDos, have been reported to target Linux devices via IoT. These viruses infect your Linux device and use it to launch DDoS attacks after taking control of the server. The number of cases of malware attacks on Linux devices increased by 35% in 2021 due to Mozi, Mirai, and XorDDos. A large number of Mirai malware attacks were reported in the first quarter of 2022 as well.
Cryptojacking is extremely prevalent among Linux devices. It is becoming increasingly common as malicious hackers worldwide are making money using cryptojacking. Cryptojacking uses software that's specifically designed to generate cryptocurrencies for attackers using computational resources. The first case of cryptojacking was reported in 2018 when Tesla's Kubernetes console was infiltrated by a threat actor. Since then, it has become quite common with Sysrv and XMRig being two of the most significant crypto-miner families.
Ransomware is malicious software that blocks access to your device and encrypts all your data. Ransomware gangs are also becoming increasingly known in the Linux community. Hive, REvil, DarkSide, and Conti are some of the most notable ransomware gangs. Although they have different malware samples, they're all carefully planned and quite harmful. At the moment, Conti and Defray777/RansomExx are targeting Linux host images to catch users' valuable digital assets.
A rootkit is a malicious software program that provides a malicious hacker with administrative-level, privileged access to a computer system. It can interfere with your computer's functioning and put your data at risk.
Once activated, a rootkit can cause further damage with additional malware, including Trojans, keyloggers, bots, and ransomware. The infamous lightning framework, a Linux malware, is used as a backdoor to install rootkits. The lightning framework, also known as 'Swiss Army Knife,' uses Secure Shell (SSH) to infect devices with rootkits.
Attackers use a variety of malware, backdoor shells, rootkits, and sniffers. To protect your device from all these threats, there are certain open-source scanners and tools that you can use. Here are a few great options:
Lynis is an incredible open-source security audit scanner for your Linux device. It assists both security professionals and system administrators by scanning their devices and security systems. Its function is to harden your device against security breaches and data leaks. Apart from Linux systems, Lynis also works well with BSD and macOS devices.
Chkrootkit, also known as Check Rootkit, is another open-source scanner that helps protect your device from malware, botnets, and rootkits. Over the years, Chkrootkit has been tested again and again on different Linux devices and the results have been quite fruitful. It's simple to install and use; hence, great for beginners.
Linux Malware Detect, commonly referred to as LMD, is one of the best open-source malware scanners available. It works by using signatures for detecting malware, creating them according to network intrusion detection systems. It can scan specific files as well as the entire system based on your individual needs.
ClamAV is another great open-source malware scanner. It works well for all devices, including macOS, BSD, and Windows. It brings along a GUI version that is specifically designed to catch malware, viruses, and trojans. Not to mention, it's one of the most frequently used Linux anti-viruses. ClamAV is readily available to install here.
As previously mentioned, Linux devices are more secure than most others; however, malware can still sometimes take the wheel regardless. To get the target off the back of your Linux device, there are a few effective security measures that you can take:
The simpler the password, the easier it is for the hacker to guess it. It's as simple as that. Thus, you must adopt the policy of using strong passwords. Use a combination of letters, numbers, and special characters when setting up the password for your Linux device and the applications in use. Also, don't forget to turn on multi-factor authentication (MFA).
Many people call their servers their homes. The reason is that their servers have all their data and, in case it gets hacked, they become both financially and emotionally vulnerable. One way to keep your Linux device safe is by restricting user access. Allow key access to certain users and provide them with minimal access only.
Most of the time, your Linux device catches a virus when you browse different websites. Needless to say, not every website is safe and many of them carry viruses and malware. To avoid infecting your Linux device with malware, you should use a VPN. There are different VPNs available for different devices. When using Chrome, you can use a VPN for Chrome. Similarly, when using any other web browser, you can install a suitable VPN and browse safely.
Linux devices offer several logs with tons of information that you can scan. Having log files on your system is useless if you don't pay attention to them. Therefore, make a habit of reading the logs. For anyone who doesn't have time to manually vet the logs, please know that numerous tools are available these days that can comb through the logs for you, saving you both time and energy.
Many people have complained about their Linux systems being hacked or infected with viruses. It turned out that they weren't updating their devices. Old and un-updated devices are 10x more vulnerable to security issues compared to ones that are updated and new. Thus, to keep malware attacks at bay, it's mandatory to update your Linux device.
The growing threat of Linux malware and ransomware has put many on a red alert, and sadly, the number of infected devices and cyberattacks is constantly on the rise. However, not everyone is suffering, as many people keep their Linux devices well-protected. Knowing the details on the topic and taking the measures discussed in this article are key to keeping your Linux device safe. By implementing the best practices mentioned above, you’re on the right track to protect your Linux devices and systems against attacks leading to compromise.
Plugin directory
The directory in which plugins can be stored is determined by Lynis. By default it tries a few paths (/usr/local/lynis/plugins /usr/local/share/lynis/plugins /usr/share/lynis/plugins and /etc/lynis/plugins). If these directories are not found, then the local work directory is being used. To use a different directory, use the —plugin-dir parameter, followed by the directory name.
Thank you for looking that up. Gives me a starting point to check. I went through a couple of,folders last night to no avail, but likely missed the local directory. I’m just not up on Linux znd where they store stuff unless it’s in the home directory in a folder with the name on it. I wish I had gotten into computers earlier in life, now when I learn somehting new, if I don’t write it down, i forget it and have to start al. Over again the next time an issue comes up. .
When in doubt use the search at the top of the directory. It works, It will pull you up more files related to an app than you want. lol
Know what bob? I have been in there with you and your Linux experience from the beginning. And I have to say you have done absolutely fantastic figuring it out on your own. You have taught me some stuff I didn’t know with what you share on here. So don’t cut yourself short, when it comes to Linux you are way ahead of most in understanding. :)
thanks- i didnt know what to look for in the search as far as whaty file it might ber stored in=- .log probably woudl have got me there though- gonna try it now-
after all the trouble yesterday with it- i uninstalled it from the software manager in linux- then installed from command line in terminal instead using sudo apt-get install lynis, then ran from command line- and it worked- I shoudla just installed from terminal at first- lol
Lol, someone here once told me not to discount the power of the command line and to learn how to use it. They were right. I am finding that some of these app packages are not boxed up correctly so they don’t install correctly. But that is not the fault of Linux, it is the fault of the app developer and or download source.
And the CLI is not that hard to use for these things. The commands are actually extremely simple. And when a source supplies the install instructions it is a simple matter of copying and pasting a line for download and a line for install and hit enter. Done...
And honestly, using the CLI always grabs you the very latest newest version of that app. The packages are usually older versions and need to be updated after they are installed anyhow.
yeah i don’t like the software manager for gettign apps- as many are old- i gotta learn how to update them w/ command line if they are old- I should have a paper with common command line instructions taped to my tower side-
Let me share a tip though that has helped me. After you uninstall an app, also go to the terminal and run $ sudo apt purge appname. Or just use the CLI and that same command to uninstall it instead.
It will make sure and remove all traces of the app and configurations before you reinstall that app again. Using the other methods doesn’t always do a complete clean sweep uninstall. Because if there are any configurations left in there it could mess with the new reinstall and prevent it from working when it would have otherwise worked fine if those had not still been there.
I use the default “Notes” app that comes with Mint Cinnamon. If you don’t have it they have it in the software manager repository. I pin it to my panel so it is always right there on the bottom handy. :)
But you have to make sure it is the old Notes version, the newer one that comes with Mint 20.2 and up sucks big time. They took a good thing and ruined it. Can’t even minimize it and drop it out of the way like the old one.
thanks- good tip- wish i had done that before removing it in the software app-
$ sudo apt update appname
:)
thnaks- written down- will try tonight-
had to run sudo apt-get to get it to work- but it said i have the latest version, but in the report lynis generates, it has a warning that i should get ‘the latest lynis update’ lol- oh well- only had 3 warnings- and like 41 suggestions (in yellow)- the one warning was the ‘outdated’ lynis, another about single user issue, and another that didn’t look too important- something about dual servers or something not being set up-
What i like though abo0tu the program is that it has links to all the suggested fixes it comes up with- a number were not valid, but many were- and it explains how to fix the issue-
Cool! I might try it on one of my installs! Thank you!
Incorrect. It depends on which VPN provider chosen. Most filter malicious content now including ad blockers, malware, etc.
Incorrect. It depends on which VPN provider chosen. Most filter malicious content now including ad blockers, malware, etc.
Case in point:
Some premium VPNs like NordVPN do offer additional features that can prevent you from downloading malware. The Threat Protection feature, for example, helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.
I have both Nord and PIA. Neither comes with extras that are nothing to do with the core service I paid for.
Simply put, no VPN comes with antivirus, unless you want to pay extra for it, period.
Windows 11 works just fine on my many desktops and laptops. If you want to blow your excess cash on Apple. Such as $2500 on a 16” laptop. Then be my guest.
My most recent purchase/ 6 months ago/ was a 17.3” i5 FHD and IPS laptop for $325. I just put in a 500GB NVMe drive. I will sell. FReepmail me.
That's incorrect. Your refusal to pay for the extra's to get some of that protection is your own choice. Fact is, additional protection is available, you simply don't wish to pay for it.
If you don't wish to correct your error, that's fine. No skin off my nose. You're just doing a disservice to those who may want to investigate those options for themselves.
Technically, you are claiming that the other products offered by a VPN company is the same as the VPN.
A VPN--by itself--does no more than mask the IP through a private jump.
It's the other products offered by the company that assist the customer is being more safe.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.