6 indispensable tools to secure your Linux server

Published by TheJoe on

Estimated reading time: 4 minutes

Your internet, in blogs, in mail groups, in the forums and on social networks we often read that Linux is absolutely safe and impenetrable to attacks. Leaving aside the fanboy talk, although it is true that Linux is thought very differently than its competitors, security can be activated. To “security” I mean a whole series of measures that we will have to take to reduce the risk of attacks, of fail and more. Eliminating the risk is impossible, in fact – as someone said – to secure a computer, it must be disconnected from the network… and it's not necessarily safe yet.

In this article we talk about Linux servers and security, basically a computer designed to be connected and communicate with clients, which is unlikely to be disconnected from the network.

So the following is a non-exhaustive list of all the tools that should be installed on a Linux server to increase its security. (many should also be enabled on PCs). Let's see them together.

ClamAV – antivirus / antimalware

ClamAV is an antivirus / Linux-specific Cisco proprietary antimalware, but can also be installed on Winows and Mac. Although Linux is immune to ClamAV viruses it is particularly suitable for example for mail servers paired with SpamAssassin, to ensure that even different clients do not receive viruses or other malicious code.

ClamAV normally requires to be interfaced with the text terminal, which could be an obstacle for the user who is approaching this software for the first time. There are graphical interfaces for both Windows (ClamWin) than for Linux (Clam TK) for home use.

ClamAV can be installed on a PC via a repository, while on the official website they are available (in addition to the source versions) packages already compiled for RPM and DEB.

Nobody – vulnerability scanner for remote servers

Nikto is a simple perl program that scans a Linux server on the LAN or the internet. Test for outdated software versions, problems related to specific versions of installed programs and more. Include 6700 definitions of potentially malicious programs, more 1250 version issues on 270 server.

For a complete list of the possibilities offered by Nikto, refer to official website.

Instructions for compiling are on the GitHub of the project. Updates to scripts are also released as updates to the GIT project. The project is not aimed at the occasional user, in fact it's all on the command line.

Nmap – network scanner

Like Nikto, Nmap is also a scanner… but network. Nmap scans the entire network it is connected to for vulnerabilities. With this tool, the network administrator can examine the active devices in detail, discover new hosts, find network security risks and identify open ports.

Look here:  The digital steganography to hide the information

Nmap is one of the most important and comprehensive software of its kind. In addition to being an ordinary academic tool, it has become the subject of the research itself. Given its ability to analyze network packets in detail and return technical information about hosts, you can be sure that Nmap is the number one tool of all network engineers.

Zenmap is a graphical interface for Nmap, while WebMap is a web interface for managing Nmap.

A more complete web tool (which includes Nmap) and instead DRUNK (it interfaces to Nmap, Masscan, ZGrab2, ZDNS and Zeek).

Rkhunter – scanner rootkit

The other is a Linux-based rootkit scanner. The software runs in the background and informs the user of any attacks when they are launched on the machine.

It is used to protect the computer from rootkits, local exploits on both servers and desktops.

Snort – intrusion prevention system

Snort is an intrusion prevention system. It is released by Cisco and available in three different versions:

  • Community (intrusion rules written by the community – GPL/open source),
  • Registered (community rules supplemented by “Proprietary Snort Rules” – proprietary license for non-commercial use),
  • Subscriber (same contents of “Registered”, but commercial use permitted – proprietary license).

Its large community and large user and developer base make Snort the world's most popular intrusion prevention software.

Wireshark – packet analyzer

With Wireshark it is possible to analyze incoming packets / real-time output.

Wireshark is supported by a large community of networking experts, engineers and developers, it is updated regularly and supports a variety of encryption methods.

Wireshark is such a complete program adopted by security companies in the professional field that it is probably the only traffic monitor you can use if you know how to use it well.

And here we are at the end of the line. These are the six most important tools you will ever need to test your server's security / of your computer. By installing them the server will not magically become more secure, but getting to know these tools is the first step in understanding how to increase security.

Did I forgot something? Let me know in the comments below.


I keep this blog as a hobby by 2009. I am passionate about graphic, technology, software Open Source. Among my articles will be easy to find music, and some personal thoughts, but I prefer the direct line of the blog mainly to technology. For more information contact me.


Leave a Reply

Avatar placeholder

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.