Setting up and managing a Linux server is not complicated at all, not at home (for home use) or in a business for professional purposes. In addition, they can have infinite uses. We can use them both to centralize all our storage at home (for example, how a NAS usually works) to to provide certain services to the network, such as setting up our own website, a file or FTP server, a private cloud, etc.
Therefore, to avoid greater evils, and to be able to feel as safe as possible, we are going to see which are the essential programs that must be present on any Linux server so that we can be protected from all kinds of threats.
Antivirus and Firewall
The first thing we are going to see is the basic and security software to protect ourselves from both computer attacks and other types of threats, such as malware.
Microsoft Defender, the best of Windows on Linux
The first of the antivirus that we are going to recommend is none other than Microsoft Defender. If we have used Windows, surely we know it. This is the security program that is installed as standard in Windows 10 and Windows 11, and in a short time it has become the best free antivirus that we can find. This security software also has a specific version to run on Linux called “Microsoft Defender for Endpoint”.
Although it can be somewhat complicated to use and configure, this solution is the one that will offer us the best protection for our system, shielding it from all kinds of threats.
ClamAV, the best second opinion
The first of the programs that we are going to see is ClamAV. This is one of the best known free and open source antivirus that we can find within Linux. It is generally designed to help us detect possible threats to other systems (such as Windows) hidden on hard drives, but malware for Linux is also registered in its database, so this is an excellent option to launch on-demand scans when we want.
This antivirus does not run in the background, so to analyze the system, we must launch it manually when we want to use it. Therefore, it is ideal to get a second opinion and make sure that our main antivirus has not missed any threats.
Rkhunter, the solution against rootkits
One step beyond conventional antivirus we come to Rkhunter. This program is specially designed to detect and eliminate all those threats that hide in the bowels of our operating system (such as rootkits, back doors and other vulnerabilities) and that are used by hackers to attack computers.
Thanks to this program, we will not only detect these threats, but we will also be able to find other configuration errors (such as misconfigured permissions, hidden files, etc.) that may pose a security hazard.
UFW, easy Linux firewall configuration
Linux has its own internal firewall, IPTABLES. However, its configuration is the most chaotic and complicated that we can find. Therefore, Canonical decided to create a very simple tool that allows users to configure this firewall quickly and easily with understandable commands: UFW.
Thanks to Uncomplicated Firewall we will be able to have total control over the firewall so that we can turn on and off this firewall to create new rules quickly and easily. Of course, a must-have to configure and protect any Linux server.
Threat detection and analysis
We can also use other much more specialized programs to be able to detect possible hidden threats in the system and analyze them to get an idea of how far they have managed to penetrate our barriers.
Wireshark, not even a network packet escapes
This is one of the best known programs in the field of networks. With it we will be able to analyze all the packets that enter and leave our server (and from any other point of the network) so that we can detect suspicious or unauthorized connections, or possible bottlenecks in the network caused by a bad configuration or by malware.
Nmap, all open ports under control
Nmap, or Network Mapper, is another of the essential programs both to check the security of our server and to detect possible hidden threats in it. This program, free and OpenSource, allows us to examine all active devices, discover possible hidden hosts in a network, identify open ports and detect other security problems that may be causing our PC to malfunction.
A tool that, although it is designed for advanced users and administrators, it never hurts to have on hand to help us secure all types of servers.
Snort, primary threat analysis
Another program that can be very useful to protect our server is Snort. This software has an advanced IPS (Intrusion Prevention System) system that, thanks to a series of rules, allows us to detect any suspicious activity that may be being generated by malware.
This program has a packet analyzer, an advanced logging system and a complete IPS analysis module.
Nikto, not a single security breach
This program, for its part, allows us to analyze our system in search of any indication of misconfiguration or possible security threat. Thanks to it, we will be able to detect more than 6700 malicious codes hidden on the server, 1250 outdated versions of servers that may pose a danger to our security, and up to 270 specific server problems.
It has very frequent updates and, thanks to this program, we will be able to avoid exposing all our security due to a mistake.
Other basic tips to protect Linux
In addition to all the programs that we have just seen right now, we can also protect our Linux server, and avoid possible threats, following a series of basic tips and recommendations:
- Always use safe and restrictive settings. If everything is blocked by default (such as ports, services, or permissions) and we only enable what we need, we will avoid taking unnecessary risks.
- Strong and complex passwords are essential to avoid brute force attacks. And if we can install and configure double authentication systems, all the better.
- Update the distro, the Linux kernel, the services and all the programs that you have installed often. The latest versions prevent a vulnerability from putting us in check.
- On the server, always use reliable and known software, as OpenSource as possible, and always installed from reliable sources.