Joanne Moore Posted April 21, 2023 Share Posted April 21, 2023 Lynis is an open-source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners. ClamAV is an open-source (GPL) anti-virus engine used in a variety of situations including email scanning, web scanning, and endpoint security. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command-line scanner and an advanced tool for automatic database updates. 0. Preliminary requirements: "CentOS 7" template installed on the server; "nano" text editor installed (yum install nano -y). 1. Installation of Lynis mkdir /usr/local/lynis cd /usr/local/lynis wget https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz tar -xvf lynis-2.7.5.tar.gz The newest version can be found at: https://cisofy.com/download/lynis/ 2. Using Lynis To execute Lynis we first have to move to its folder: cd /usr/local/lynis/lynis In order to see Lynis tutorial execute: ./lynis To check entire VPS execute: ./lynis --check-all 1. Installation of ClamAV yum install epel-release yum update yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd 2. Enabling Freshclam Freshclam will keep ClamAV up-to-date. In this tutorial, it is set to check 4 times a day for new files. cp /etc/freshclam.conf /etc/freshclam.conf.bak sed -i '/Example/d' /etc/freshclam.conf Edit "clam-freshclam.service" file: nano /usr/lib/systemd/system/clam-freshclam.service And paste the content: # Run the freshclam as daemon [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d -c 4 Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target Enabling freshclam to start automatically: systemctl enable clam-freshclam.service systemctl start clam-freshclam.service To manually update ClamAV virus database use the following command: freshclam 3. Configuring ClamAV deamon cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf sed -i '/Example/d' /etc/clamd.d/clamd.conf mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service Now we have to change the clamd service file: nano /usr/lib/systemd/system/clamd.service [Unit] Description = clamd scanner daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target Now move to "system" directory: cd /usr/lib/systemd/system And enable clamd to start automatically: systemctl enable clamd.service systemctl start clamd.service 4. Manual scan options To scan all files on the VPS and show name of each file: clamscan -r / To scan all files on the VPS, but only show names of infected files when found: clamscan -r -i / To scan all files on the VPS, but only show names of infected files, while scan running in the background (while in progress, you can check the scan with "jobs" command): clamscan -r -i / & To scan all files in all users home directories: clamscan -r /home To scan all files in the USER directory and move infected files to different Quarantine directory: clamscan -r --move=/home/USER/Quarantine /home/USER To scan all files in the USER directory and delete the infected files: clamscan -r --remove /home/USER Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.