Linux is one of the most popular and most secure operating systems for large servers. Despite its widespread use, it remains vulnerable to cyberattacks. Hackers target servers either to shut them down or to steal valuable information.

There is an urgent need to develop counter-hacking methods to ward off security breaches and malware attacks. This is possible by hiring cybersecurity experts. Unfortunately, this can prove to be an expensive proposition. The next best solution is to install scan tools that fit your Linux systems like a glove.

Here is a list of the top ten Linux scanning tools to check your server for security holes and malware.

lynis on kali linux

Lynis is an open source security tool for Linux that is a preferred choice for Unix-based auditing operating systems such as macOS, Linux, and BSD. This tool is the brainchild of Michael Boelen, who previously worked on rkhunter.

As a security tool, Lynis performs elaborate scans by going through the details of your operating system, kernel parameters, installed packages and services, network configurations, cryptography and other malware scans. It is widely used for compliance and audit testing purposes.

To install on Debian-based distributions, enter the following command in the terminal:

sudo apt-get install -y lynis

Chkrootkit scan on Kali Linuxlin

Chkrootkit or Check Rootkit is common software for Unix-based systems. As the name aptly suggests, it is ideal software for scanning for rootkits and other viruses that may have entered the system.

A rootkit is malware that tries to access your server's root files. Nevertheless, these rootkits still represent a colossal security compromise.

Chkrootkit scans the core system programs and looks for signatures as it compares the file system traversal to the output received. If the tool finds discrepancies, it combats them efficiently without a virus damaging your server.

To install on Debian, enter the following command in the terminal:

sudo apt update
sudo apt install chkrootkit

rkhunter on Kali Linux

Rkhunter or Rootkit Hunter shares some similarities with chkrootkit. It scans rootkits and other backdoors / viruses on Unix systems, Linux being a typical example. On the contrary, Rootkit Hunter works a little differently than its counterpart.

First, it checks SHA-1 hashes of core and critical system files. In addition, it compares the results with verified hashes available in its online database. This tool is well equipped to find rootkit directories, suspicious kernel modules, hidden files, and incorrect permissions.

Enter the following command into the terminal to install:

sudo apt-get install rkhunter -y

Related: Troubleshoot Linux Server Problems Using These 5 Troubleshooting Steps

Scanning system with Clamav

ClamAV, or Clam Anti-Virus, is free, cross-platform antivirus software. It can detect a wide variety of malware and viruses. Although it was originally developed for Unix, it has open source code that allows many third parties to develop different versions for other operating systems such as Solaris, macOS, Windows, Linux and AIX.

ClamAV offers a number of features including a command line scanner, a database updater, and a scalable multithreaded daemon. This is based on an anti-virus engine that runs on a shared library of viruses and malware. Although it is free downloadable software, the laudable fact is that the malware libraries are constantly updated.

Enter the following command into the terminal to install:

sudo apt-get install clamav clamav-daemon -y

Linux Malware Detect (LMD) or Linux MD is a software package that searches for malware on Unix-based server systems and reports any security breaches to the user.

LMD protects the system from malware by scanning system files and comparing them to the signatures of thousands of known Linux malware. Although it maintains its independent database of malware signatures, LMD draws information from the ClamAV and Malware Hash Registry databases.

To install, enter the following commands one after the other in the terminal:

sudo apt-get -y git install
git clone https://github.com/rfxn/linux-malware-detect.git
cd linux-malware-detect /
sudo ./install.sh

Radare2 help page

Radare2 is a reverse engineering software for static and dynamic analysis. As open source software, it offers functions such as digital forensics, software exploitation, binary formats and architectures.

The power of reverse engineering makes it easier to debug problems under Linux, especially when working with programs within the terminal. The main purpose of Radare2 is to extract or repair damaged files or programs that have been reverse engineered as a victim of malware attacks.

Enter the following command into the terminal to install:

sudo apt-get install git
Git clone https://github.com/radareorg/radare2
CD-Radar2; sys / install.sh

Related: Best Linux Server Distributions

Open Vulnerability Assessment System (OpenVAS) is a vulnerability scanner that comes with Greenbone Vulnerability Manager (GVM), a software framework that includes a number of security tools.

OpenVAS performs security checks on the system to look for exploits or vulnerabilities on the server. It compares the identified files with signatures of exploits or malware that are present in its database.

The purpose of the tool differs from finding actual malware. Instead, it is an indispensable tool for testing your system's vulnerabilities against various exploits. Once you are aware of your system's weaknesses, it will be easier to allay the concerns.

REMnux is a collection of various curated free tools. The main Linux toolkit used is reverse engineering and malware analysis. Some features include static and binary file analysis, wireshark, network analysis, and JavaScript cleanup.

All of these functions together form a system that is extremely powerful for deconstructing various malware applications that are found during the scanning process. Because of its open source nature, anyone can simply download it and install it on their Linux system (s).

Kali Linux Tiger scan

Tiger is open source software that contains various shell scripts to perform security checks and intrusion detection.

Tiger scans the entire system's configuration files and user files for possible security breaches. These are then reported back to the users for analysis. All of this is made possible by the presence of several POSIX tools that it uses in its backend.

To install Tiger, you can download the source code directly or install it from a standard repository using a package manager.

Enter the following command into the terminal to install:

sudo apt-get update
sudo apt-get install Tiger

Maltrail is a trending Linux security tool because it is used extensively to detect malicious traffic. It performs detailed scans by using a database of publicly available blacklisted items and then comparing the traffic against the highlighted errors.

Maltrail can be accessed via the Linux command line as well as via the web interface.

To install Maltrail, first update your system's repository list and update the installed packages. You'll also need to download some additional dependencies.

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install git python-pcapy python-setuptools

Then clone the official Maltrail Git repository:

git clone https://github.com/stamparm/maltrail.git

Change the directory and run the python script:

cd / mailtrail
Python-Sensor.py

There are several threat detection tools out there. However, because each tool is available for a different purpose, there are many choices available to end users. That way, people can choose the right tool for their current use case and install it from the command line or through the appropriate interfaces.

The best tools for securing Linux servers

6 essential open source tools to protect your Linux server

You don't want to compromise on the security of your Linux server? Install these six tools to create an impenetrable network.

Continue reading

About the author

Wini Bhalla
(17 articles published)

Wini is a Delhi based writer with 2 years of writing experience. While writing, she was associated with digital marketing agencies and technical firms. She has written content on programming languages, cloud technology, AWS, machine learning, and much more. In her free time, she enjoys painting, spending time with her family and traveling to the mountains whenever possible.

More
By Wini Bhalla

Subscribe to our newsletter

Subscribe to our newsletter for tech tips, reviews, free e-books, and exclusive offers!

Click here to subscribe