Best practices for malware scanning on Ubuntu servers in production

Niro

8/4/23, 2:03 PM

There are multiple malware/rootkit scanning packages for ubuntu such as clamAV, rkhunter etc. I know how to use them manually but for multiple servers in production environment I could not find a solution which scans the servers daily and send report by email only if issues are found.

What is the solution you use for this case and how do you implement it ?

0 + 0

security

ubuntu

malware

amazon-web-services

Rob

8/4/23, 2:13 PM

Best practice is often just another opinion. My opinion is that you do what makes sense in your environment and fits your use-cases. For me that often is to go along with was implemented already by and for the Windows servers, adjusted to what makes sense on Linux, rather than trying to re-event the wheel and having to explain pure open source and/or home grown solutions to auditors and a compliance department...

djdomi

8/4/23, 4:43 PM

Requests for product, service, or learning material recommendations are off-topic because they attract low quality, opinionated and spam answers, and the answers become obsolete quickly. Instead, describe the business problem you are working on, the research you have done, and the steps taken so far to solve it.

Tim

8/4/23, 11:06 PM

You could consider whether AWS Inspector combined with AWS Guard Duty would be sufficient to fulfill your needs. A compromised server can trigger them by behavior.

Niro

8/5/23, 6:09 PM

Thanks @Tim Looks like AWS Inspector is what I need. Much appreciated

Score:1

Server

Tim

8/5/23, 6:12 PM

AWS Inspector combined with AWS Guard Duty should give you "good enough" protection that you don't need to use AV. They're behavioral rather than signature based, so they'll likely alert you when an instance starts behaving in a way that indicates malware.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Best practices for malware scanning on Ubuntu servers in production

TH: แนวทางปฏิบัติที่ดีที่สุดสำหรับการสแกนมัลแวร์บนเซิร์ฟเวอร์ Ubuntu ในการผลิต

RO: Cele mai bune practici pentru scanarea malware pe serverele Ubuntu în producție

VI: Các phương pháp hay nhất để quét phần mềm độc hại trên máy chủ Ubuntu trong sản xuất

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.