
Ask HN: What do you use to protect your Linux box from malware? - rapnie
After seeing the (Dutch) documentary &#x27;Rats &amp; Slaves&#x27; [0] about Remote Access Trojans, and finding that they also exist for Linux [1] I am going to do some scanning today on my systems.<p>Question is: What tools are best to use here to ensure I can sleep safely knowing no viruses, trojans, rootkits and other filth have nestled in my systems?<p>Also curious what are best, reliable websites to keep up-to-date on security best-practices related to this.<p>PS. I intend to start my scan with ClamAV, followed by chkrootkit and rkhunter as outlined here [2].<p>[0] https:&#x2F;&#x2F;youtube.com&#x2F;watch?v=BGsw_l0tT10<p>[1] https:&#x2F;&#x2F;www.bleepingcomputer.com&#x2F;news&#x2F;security&#x2F;lazarus-hackers-target-linux-windows-with-new-dacls-malware&#x2F;<p>[2] https:&#x2F;&#x2F;www.linux.com&#x2F;tutorials&#x2F;security-tools-check-viruses-and-malware-linux&#x2F;
======
harikb
First, you have to understand that once infected, a system can never be fully
cleaned. So you if you are not sure how your past usage has been and might
have installed random software, you need to reinstall your system after
backing up your non-system files. This is the only sure way. AV software claim
to solve what-they-can in the best possible way for a person who doesn't have
any other option. The very fact that you are using Linux, I assume you are
step above the average AV customer base.

Once you have clean system, you have to follow a discipline - do not work as
root, restrict ssh access to specific users, don't run unnecessary services.
Far too many to list here. Unfortunately, that is how the world is. Be
paranoid. May be even use a VM to run software you don't trust. Always install
software using package managers or at least do basic sanity checks like
checksums on anything you download.

There is no software that will run a scan and give you a green check. If there
is one like that, I wouldn't trust it either.

~~~
rapnie
Thank you for the info. I generally work according to the best-practices you
outline.

> There is no software that will run a scan and give you a green check. If
> there is one like that, I wouldn't trust it either.

Are you advising against running ClamAV, chkrootkit and rkhunter? I know they
won't give 100% guarantee, but something better than nothing, I thought.

I am most worried about my developer machine, as I have testdrived numerous
OSS projects, with different stacks, package managers, etc. Fetched billions
of npm packages, and browsed gazillion sites for tech advice (using FF,
Privacy Badger, uBlock, but still).

A clean reinstall may be in order, but it'll cost so much time getting all
config I now have in place again.

~~~
A_Parr
ClamAV on Linux is mostly for checking for Windows malware in files that might
end up on Windows.

