A screen with program code warning of a detected malware script.
Image: James-Thew/Adobe Stock

Linux is the most secure operating system on the market; for years, that has been one of the open source platform’s best selling points. However, as with anything regarding technology, it’s only a matter of time before criminals catch up. This has been the case with every operating system, software and service. At this point, to say Linux is immune to malicious software would be a fallacy.

The sad truth is if it’s connected to a network, it’s vulnerable. It doesn’t matter what operating system you use — the longer it’s in play, the more likely it will become a target. And Linux is no exception.

Over the past few years, Linux has had a target drawn on its back. Given how enterprise businesses now live and die by open source technology, including the Linux OS, it should come as no surprise that this has become a reality, and it’s not going to go away. In fact, if I had to guess, I’d say that the rise of malicious software targeting Linux deployments will become staggering over the next decade.

SEE: 40+ open source and Linux terms you need to know (TechRepublic Premium)

Fortunately, open source developers are very quick to respond to such malware attacks – vulnerabilities are discovered and often patched within hours or days. That kind of agility is one of the beauties of open source software.

And yet, users and admins also carry the burden of responsibility. We all like to think Linux is a “set it and forget it” platform, but it’s not. Simply put, it’s software and doesn’t know or care about the dangers that lurk in the darker hearts of hackers. It just works according to its deployment.

With that said, what can admins and users do to stay afloat in this rising tide of malicious software?

How to secure your Linux OS

Update, update, update

I can’t tell you how often I’ve run into Linux systems that were severely out of date. When you let updates lapse, your operating system and the installed software could be riddled with vulnerabilities.

You need to get into the habit of regularly checking for updates. I run update checks daily on my Linux machines and apply updates as soon as they are available. That’s a great strategy for desktops. For servers, check them at least weekly and make sure you apply those updates at a time when a server can be rebooted if necessary.

Choose the right distribution

There are more Linux distributions than you can imagine. And although some of them are very niche, most of them are sort of general purpose. Never use a general-purpose OS as a server.

If you’re looking for a server operating system, stick with the known entities, such as Ubuntu Server, Debian Server, RHEL, SUSE, Fedora Server, AlmaLinux and Rocky Linux. If you’re looking for an OS to be used for containers, consider a container-specific distribution such as Red Hat OpenShift.

As for desktops, I would suggest sticking with a distribution that is well maintained and releases regular, dependable updates, such as Ubuntu, Linux Mint, Pop!_OS and Fedora.

Deploy intelligently and responsibly

When you deploy Linux, make sure you — and your users and admin team — are well-versed with the operating system. Don’t just assume you can deploy any Linux distribution for any purpose without bothering to learn the minutiae of the platform and assume everything will work out just fine. Learn about Linux security, understand what tools are best for the task and never deploy assuming you won’t ever have to touch the operating system.

Once upon a time you could “set and forget” Linux. That time has passed. If you want to ensure your Linux deployments are safe from malicious software, be informed and stay alert for vulnerabilities. The more you know, the better prepared you’ll be.

Read the fine logs

Logs contain a wealth of information, and Linux offers a metaphorical metric ton of logs to scan through. Just take a look at the /var/log directory and you’ll see what I mean. The problem is, it doesn’t matter how many log files are on your system: If you don’t read them, they are of no value.

Get in the habit of reading log files. If you don’t want to manually comb through those logs, employ one of the many tools that can take on the task for you, such as Graylog 2, Logcheck, Logwatch and Logstash.

Employ scanning software

For years I scoffed at the idea of using scanning software on Linux. Now? I’m all for it. I’m not saying you should immediately install an antivirus scanner (although it wouldn’t hurt), but admins should most certainly install a rootkit scanner and use a tool to scan mail servers. End users can also benefit from the likes of ClamAV, but it’s fairly manual, so your end users would have to be trained on how to use it.

Restrict user access

Don’t let just any user SSH into your servers. Only allow those who absolutely need access to use Secure Shell to gain entry into your servers. At the same time, set up a policy that only SSH key access is allowed and the root user is locked out of SSH authentication. Consider this an absolute must.

Adopt a strong password policy

Speaking of users, you must set up a strong password policy for Linux. If you’re uncertain of how this is done, give How to force users to create secure passwords on Linux a read and find out.

Run regular pen testing

You should also get into the habit of running penetration testing on all your Linux systems. Yes, it will take some time to get up to speed using the massive toolkit found in the likes of Kali Linux, but the effort will be rewarded when you discover heretofore unknown vulnerabilities on your systems and patch them. Consider that a disaster avoided.

Don’t disable SELinux, and use your firewall

I would venture a guess that one of the first things Linux admins do on RHEL-based distributions is disable SELinux. Don’t. Just don’t. SELinux is there for a reason. Yes, it can be a real pain, but the security that subsystem offers is worth the hassle. There is a lot to learn with regards to SELinux, but the sooner you start considering this security system an absolute must, the sooner you can get it to work with you instead of against you.

At the same time, use your firewall. Learn whatever tool your distribution of choice uses — such as UFW or FirewallD — and get familiar with how it works. Do not disable it, but enable it. That firewall could be the last bastion of security for your data. Why ignore it?

And there you have it, my best advice for avoiding malicious software on Linux. It’s no be-all-end-all, for sure, but it could go a long way in preventing you or your company from suffering through a disaster.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday