Getty Images/iStockphoto

Tip

How to avoid malware on Linux systems

Malware attacks are devastating to companies, and there is no exception for Linux systems. Consider updating systems and assigning correct permissions.

A malware attack can cause security breaches, shut down company operations for extended periods, destroy hardware and cost the company money to fix infected equipment and to remove the virus. Even popular servers like Linux, which does not have virus protection software through Red Hat, are prone to attacks.

Malware often enters a system undetected. Security breaches could cause problems for the company, clients and customers. Untreated malware could be the reason why a company's client base data is sold to a third party. Antivirus protection is one way to limit malware invasions to your computer's systems.

To that end, this piece focuses on malware in Linux systems. There are specific precautions a company can take to avoid malware attacks.

Examples of malware that has affected Linux systems

Any system is prone to a malware attack. Popular systems, like Linux, are not immune. Here are recent malware attacks on Linux systems:

  • SprySOCKS. A Linux backdoor malware that uses a networking framework, called HP-Socket, to collect system information, open an interactive shell, list network connections, manage SOCKS proxy configurations and perform basic file operations.
  • BiBi-Linux wiper. A wiper malware that destroys data on Linux systems.
  • PingPull. A remote access Trojan (RAT) that targets government and financial institutions.
  • Krasue. A Linux RAT that targets telecom firms in Thailand.

Antivirus software, updates and backups

Red Hat does not provide virus protection software for RHEL.

A Linux server doesn't need antivirus software, but it doesn't hurt to have it. If the Linux server is in use as an email server, an antivirus software, like ClamAV, can scan files for malware in email attachments. An antivirus software can prevent server users from forwarding malicious attachments to Windows or macOS users.

There are two necessary actions that maximize information security: regularly updating Linux machines and backing up import data. Updates apply security patches that fix vulnerabilities. If you have a system with a vulnerable kernel or installed software, the likelihood of a breach rises significantly. Perform regular updates at least weekly.

At the same time, automated backups should run daily. Most Linux systems have commands, such as tar, rsync and cron, to create easy backup scripts that run regularly and automatically. This enables an up-to-date, daily backup option if the system is compromised by a malware attack.

Permissions are more important than you think

Admins must monitor servers to ensure users have proper permissions. One way to manage permissions with multiple users on a system is to use groups. Create groups that have specific access and permissions to files and folders, and then add users to the groups. Then, remove a user from the group when they no longer need access to specific files and folders. This approach reduces the need to have to individually keep track of permissions.

Grant permission to users, but separate standard users from administrative users who have sudo privileges. Do not place standard users in an administrative group if they do not need admin permissions. If a user with sudo privileges has a breach of their account, the person who now has access to the user also has admin privileges.

Other considerations

Below is a list of other ideas and policies to consider to prevent malware attacks on Linux machines:

  • Leave Security-Enhanced Linux enabled and in enforcing mode.
  • Create and use a strong user password policy.
  • Enable the system firewall, and learn how to use it.
  • Disable root SSH login.
  • Use SSH key authentication.
  • Install and use fail2ban to block unwanted SSH access.
  • Disable the root user account. Never log in as root.
  • Never run untrusted code or install unvetted software on your server.

Linux distributions eventually reach their end of life (EOL). There are companies that run outdated versions of Linux distributions. For example, some still use Ubuntu Server 14.04 on production systems. The EOL date for Ubuntu Server 14.04 was April 30, 2019. This software has not had security patches in half a decade, which means it is vulnerable to malware attacks.

Know when all Linux distributions in use will reach their EOL. Most distributions allow one long-term support (LTS) release to migrate to another. LTS releases tend to have a life span of three to five years. The addition of an Expanded Security Maintenance plan provides another five years of support.

With just a bit of care and planning, companies can avoid Linux malware attacks. However, no OS is perfectly immune to malware. The proper precautionary steps can reduce the risk of malware attacks, but a machine is vulnerable once it connects to a network.

Jack Wallen is an award-winning writer and avid promoter and user of the Linux OS.

Dig Deeper on Data center ops, monitoring and management