Nowadays, everything that is connected to the Internet is exposed to all kinds of computer attacks. From our computer, when we connect to the Internet, to a NAS, and, above all, a server. Even if we use Linux (which, in general, is more secure than a Windows system), no matter how up-to-date we have it, and well configured, nothing is invulnerable and, sooner or later, everything can fall. Therefore, if we really want to be protected and avoid falling into the clutches of pirates, it is necessary to have a good collection of software that helps us protect our infrastructure.
Setting up and managing a Linux server is not complicated at all, neither at home (for home use) nor in a company for professional purposes. In addition, they can have many uses. We can use them both to centralize all our storage at home (for example, as a NAS usually works) to provide certain services to the network, such as setting up our own website, a file or FTP server, a private cloud, etc.
Therefore, in order to avoid greater evils, and to be able to feel as safe as possible, we are going to see what are the essential programs that must be present on any Linux server so that we can be protected from all kinds of threats.
Antivirus and Firewall
The first thing we are going to see is the basic and security software to protect us both from computer attacks and other types of threats, such as malware.
Microsoft Defender, the best of Windows on Linux
The first of the antiviruses that we are going to recommend is none other than Microsoft Defender. If we have used Windows, surely we know it. This is the security program that comes installed as standard in Windows 10 and Windows 11, and in a short time it has become the best free antivirus that we can find. This security software also has a specific version to work on Linux called “Microsoft Defender for Endpoint”.
Although it can be somewhat complicated to use and configure, this solution is the one that will offer us the best protection for our system, shielding it against all kinds of threats.
ClamAV, the best second opinion
The first of the programs that we are going to see is ClamAV. This is one of the best known free and open source antivirus that we can find within Linux. It is generally designed to help us detect possible threats to other systems (such as Windows) hidden on hard drives, but malware for Linux is also registered in its database, so this is an excellent option to be able to launch on-demand scans when we want
This antivirus does not run in the background, so to scan the system, we must manually launch it when we want to use it. Therefore, it is ideal to get a second opinion and make sure that our main antivirus has not missed any threats.
Rkhunter, the solution against rootkits
A step beyond conventional antivirus we come to Rkhunter. This program is specially designed to detect and eliminate all those threats that hide in the bowels of our operating system (such as rootkits, backdoors, and other vulnerabilities) and that are used by hackers to attack computers.
Thanks to this program we will not only detect these threats, but we will also be able to find other configuration errors (such as misconfigured permissions, hidden files, etc.) that could pose a security risk.
ufw, easy linux firewall configuration
Linux has its own internal firewall, IPTABLES. However, its configuration is the most chaotic and complicated that we can find. Therefore, Canonical decided to create a very simple tool that allows users to configure this firewall quickly and easily with understandable commands: UFW.
Thanks to Uncomplicated Firewall we will be able to have total control over the firewall so that we can turn this firewall on and off to create new rules quickly and easily. Certainly a must-have for configuring and protecting any Linux server.
Threat detection and analysis
We can also make use of other much more specialized programs to be able to detect possible hidden threats in the system and analyze them to get an idea of ​​how far they have managed to penetrate our barriers.
Wireshark, that not a single network packet escapes
This is one of the best known programs within the field of networks. With it we will be able to analyze all the packets that enter and leave our server (and any other point on the network) so that we can detect suspicious or unauthorized connections, or possible bottlenecks in the network caused by a bad configuration. or by malware.
Nmap, all open ports under control
Nmap, or Network Mapper, is another of the essential programs both to check the security of our server and to detect possible hidden threats on it. This free and OpenSource program allows us to examine all active devices, discover possible hidden hosts on a network, identify open ports and detect other security problems that may be causing our PC to malfunction.
A tool that, although it is designed for advanced users and administrators, it never hurts to have on hand to help us secure all types of servers.
Snort, Primary Threat Analysis
Another program that can be very useful to protect our server is Snort. This software has an advanced IPS (Intrusion Prevention System) system that, thanks to a series of rules, allows us to detect any suspicious activity that may be generated by malware.
This program has a packet analyzer, an advanced logging system and a complete IPS analysis module.
Nikto, not a single security breach
This program, for its part, allows us to analyze our system in search of any sign of bad configuration or possible security threat. Thanks to it we will be able to detect more than 6,700 hidden malicious codes on the server, 1,250 obsolete server versions that could pose a danger to our security, and up to 270 specific server problems.
It has very frequent updates and, thanks to this program, we will be able to avoid exposing all our security due to an oversight.
Other basic tips to protect Linux
In addition to all the programs that we have just seen right now, we can also protect our Linux server, and avoid possible threats, by following a series of basic tips and recommendations:
- Always use safe and restrictive settings. If everything is blocked by default (such as ports, services, or permissions) and we only enable what we need, we will avoid taking unnecessary risks.
- Strong and complex passwords are essential to prevent brute force attacks. And if we can install and configure double authentication systems, even better.
- Update the distro, the Linux Kernel, the services and all the programs that are installed often. The latest versions prevent a vulnerability from putting us in check.
- On the server, always use reliable and well-known software, as OpenSource as possible, and always installed from reliable sources.
