<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div style="font-size: 20px; font-weight: bold; margin: 0 0 15px 0;
font-family: 'Trebuchet MS', 'Lucida Sans Unicode', 'Lucida
Grande', 'Lucida Sans', sans-serif;">Linux malware is on the rise.
What should you do?</div>
<img alt="Sandra Henry-Stocker"
src="https://www.askwoody.com/wp-content/uploads/2021/02/nl-henry-stocker-so.png"
style="margin: 5px 5px 0px 0px;width: 135px;float: left;border:
0;height: auto;outline: none;text-decoration:
none;-ms-interpolation-mode: bicubic;" align="left">
<p style="margin: 10px 0 15px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;"><em>By Sandra Henry-Stocker</em></p>
<p style="margin: 10px 0 10px 0;font-size: 15px;padding:
0;font-weight: bold;font-family: 'Trebuchet MS', 'Lucida Sans
Unicode', 'Lucida Grande', 'Lucida Sans',
sans-serif;mso-line-height-rule: exactly;-ms-text-size-adjust:
100%;-webkit-text-size-adjust: 100%;">Threats to Linux systems
used to be relatively mild because Windows was such a larger
target, outnumbering Linux systems by a huge percentage.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Not any longer. Linux has become a much bigger target due
to its increasingly significant role on Internet of Things (IoT)
devices, virtual machines, containers, cloud services, and
supercomputers.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">To put this into perspective, Linux now runs on more than
70% of IoT devices. It also accounts for something like 90% of
cloud infrastructure and runs on every one of the top 500
supercomputers. Given Linux's prominence in these areas, it has
become a lucrative target for many types of cybercrime.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Some recent cybercriminal activity has shown that IoT
devices can be recruited to participate in attacks, even if the
commands they can run are severely limited. Just a handful of
essential functions can be enough to turn IoT devices into a
powerful force for conducting distributed denial of service (DDoS)
attacks.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">In addition, cybercriminals are going after both Linux
servers and cloud infrastructure to launch ransomware,
cryptojacking (unauthorized use of devices such as computers,
tablets, and smartphones to mine for cryptocurrency), and other
types of attacks.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">We can't say that attackers are shifting from Windows to
Linux in droves, but we <em>are</em> seeing a significant
increase in attacks on Linux. In 2021 alone, Linux malware events
rose by 35%.</p>
<div style="margin: 20px 0 0; font-size: 18px; font-weight: bold;
font-family: 'Trebuchet MS', 'Lucida Sans Unicode', 'Lucida
Grande', 'Lucida Sans', sans-serif;">How does this impact Linux
PCs?</div>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">The Linux PC in your home or on your desk at work won't fit
into many of the categories mentioned above — IoT, virtual system,
cloud, etc. But it could still be more at risk than it was in the
past because a good portion of the focus of cybercriminals drifts
over to Linux in its many forms. With the rising threats, the
focus of Linux developers is already a much more serious look into
all aspects of security.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">There are many free and open-source tools you can use to
address a variety of threats on your Linux system, and many things
you can do to help keep your system safe from attack.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">One of the places to start is by following a set of good
security practices. Some rules of thumb for guarding the security
of your Linux system include:</p>
<div style="line-height: 1.3;">
<ol style="margin: 0 0 10px 30px; padding: 0; list-style-type:
decimal;">
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Install only the tools that you need. Unneeded software
is just another potential risk.</li>
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Disable <strong>login as root</strong> and use <strong>sudo</strong>
instead when you need to use root privileges. On top of that,
use root authority only when you really need it. Mistyping a
command as root will have far greater consequences than
mistyping a command as a normal user.</li>
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Require good passwords of yourself and other users.
Standard guidance applies — longer passwords, upper- and
lowercase letters, digits, special characters.</li>
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Protect your passwords and make sure they are only
stored in encrypted form.</li>
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Use a firewall (e.g., firewalld or UFW) to reduce your
system's external profile. Only those ports that require
access from outside the system should be accessible from
outside the system.</li>
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Configure user accounts with good security settings
(permissions, etc.). Use groups only if users need to share
files.</li>
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Review account security and privileges from time to
time. Close accounts that are no longer active or needed.</li>
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Do regular backups so that you can always recover
important files that might be deleted or corrupted.</li>
<li style="margin: 5px 0 5px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Install updates on a regular basis. You can't take
advantage of frequent security fixes if you don't apply the
updates.</li>
</ol>
</div>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">You should also choose your browser wisely and be smart
about the sites that you visit.</p>
<div style="margin: 20px 0 0; font-size: 18px; font-weight: bold;
font-family: 'Trebuchet MS', 'Lucida Sans Unicode', 'Lucida
Grande', 'Lucida Sans', sans-serif;">Tools to install and use</div>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">You can equip your Linux system with some excellent tools
for detecting viruses, rootkits, and other malware. There are many
such high-quality tools available for Linux. Here are some of the
tools — open-source and free — that you should consider.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;"><strong>ClamAV</strong> is an antivirus tool that runs
through whatever portion of the file system you select, examining
files for potential viruses. Depending on the size of your file
system, it can take hours to run but is easy to install and use.
The database it uses to recognize viruses needs to be periodically
updated so that it recognizes newer viruses. The tool's <strong>freshclam</strong>
command will do this for you.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">The <strong>chkrootkit</strong> tool detects rootkits. It
uses C and shell scripts to run a detailed process check. It also
scans a system's binaries to detect rootkit signatures. This tool
will be updated during regular system updates.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">The <strong>rkhunter</strong> tool is another rootkit
hunter. It scans for rootkits, backdoors, and sometimes local
exploits as well. By comparing the hashes of important files with
the legitimate hashes available in an online database, it can
recognize problems. It can also note when files have incorrect
permissions or are "hidden," and it may find suspicious strings in
kernel modules. It is sometimes included by default when a Linux
system is installed.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;"><strong>Wireshark</strong> looks at traffic on your local
network. It provides network monitoring, packet sniffing, and
protocol analysis. In fact, it is probably the most widely used
packet sniffer available. This tool captures packets, analyzes
them by using filters, and helps you visualize what is happening
on your network. It is available not only on Linux but also on
Windows, Unix, MacOS, etc.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;"><strong>Nmap</strong> is a tool for network exploration and
security auditing. It can run on large networks or on single
systems. It can tell you what hosts are on the local network,
which services they are offering, which OS they use, and which
firewall they are using. Though intended for security audits, Nmap
is also useful for getting a view of the local network and
planning upgrades or future projects.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;"><strong>Snort,</strong> an intrusion prevention system,
installs with rules allowing it to detect malicious activities on
a network. It requires the network interface to be put into
promiscuous mode, allowing it to see all traffic on the network
rather than only packets that it would normally see. It uses
traffic analysis and packet logging to recognize network
intrusions.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;"><strong>Lynis</strong> is a security tool for systems
running Linux, macOS, or Unix. It performs extensive health scans
to support system hardening and compliance testing.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Some additional tools to consider include:</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;"><strong>Firejail</strong> reduces the risk of security
breaches by restricting the running environment of untrusted
applications. Thouigh it's not open-source, it is free and easy to
use.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;"><strong>Tripwire</strong> is an intrusion-detection program
that is very popular on Linux systems. It detects unauthorized
filesystem changes that occur over time.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Note: There are also a number of commercial products that
can be used to help ensure security on Linux. The focus of this
article is on free tools for use on individual Linux systems.</p>
<div style="margin: 20px 0 0; font-size: 18px; font-weight: bold;
font-family: 'Trebuchet MS', 'Lucida Sans Unicode', 'Lucida
Grande', 'Lucida Sans', sans-serif;">Wrap-up</div>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Protecting yourself from cyberthreats is more critical than
ever, but the best protection is a mix of being careful, managing
your system well, and using tools that can alert you to problems
or help you avoid them.</p>
<p style="margin: 10px 0 10px 0;padding: 0;mso-line-height-rule:
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:
100%;">Remember that it's not your computer that you're protecting
— it's yourself.</p>
</body>
</html>