Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How can I run Diagnostics/Virus Scan on my Linux Server?

Posted on 2008-06-23
4
Medium Priority
?
415 Views
Last Modified: 2013-12-16
I am concerned about the performance of my Linux server. It's acting... "different".

My suspicions:
10% Virus or Trojan
40% messed up configuration
50% conflicting packages in PHP

I'd really like to rule out the Virus or Trojan.

Is there some way to run a virus/trojan scan on it? (Ubuntu server 6)

Thanks for your time
0
Comment
Question by:oxygen_728
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
http:// thevpn.guru earned 500 total points
ID: 21846385
Use top and ps aux to check for CPU and Memory usage. Use jnettop to check for network traffic. Install clamav to do some AV scanning.
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 1000 total points
ID: 21856869
1) www.chkrootkit.org
     easy to install and run.  i use this on my machines.

2) www.mailscanner.info 
    for mail, run MailScanner, Spamassass, ClamAV

3) www.buqtraq.org
    keep on top of vulnerabilities

4) keep a spreadsheet that lists the OS and applications versions
    check them against new releases, particularly security vulnerabilities
0
 
LVL 8

Assisted Solution

by:eager
eager earned 500 total points
ID: 21859397
If you believe that your Linux system has been compromised, then anything which you run on the system will give you results which are not reliable.  Disconnect the system from the network and boot with a live CD, like Ubuntu.  Then you can run diagnostics.  

There are products like tripwire which will perform an audit of your Linux system. But most depend on your installing a known good system, then installing the product.  
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 1000 total points
ID: 21859819
I'm in agreement with the "if you believe .." - If that's the case, then I would rebuild the machine from scratch.  But the steps up above that I listed are important to be proactive and prevent future intrusions.

Check your httpd log files for unusual activity.  Check "/tmp" for files that shouldn't be there.

If you're using an outdated version of PHP, you stand a chance for a shell kit intrusion.  

Add to that list of security items -> modsecurity for Apache and iptables.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question