Score:0

Best practices for malware scanning on Ubuntu servers in production

us flag

There are multiple malware/rootkit scanning packages for ubuntu such as clamAV, rkhunter etc. I know how to use them manually but for multiple servers in production environment I could not find a solution which scans the servers daily and send report by email only if issues are found.

What is the solution you use for this case and how do you implement it ?

us flag
Rob
Best practice is often just another opinion. My opinion is that you do what makes sense in your environment and fits your use-cases. For me that often is to go along with was implemented already by and for the Windows servers, adjusted to what makes sense on Linux, rather than trying to re-event the wheel and having to explain pure open source and/or home grown solutions to auditors and a compliance department...
djdomi avatar
za flag
Requests for product, service, or learning material recommendations are off-topic because they attract low quality, opinionated and spam answers, and the answers become obsolete quickly. Instead, describe the business problem you are working on, the research you have done, and the steps taken so far to solve it.
Tim avatar
gp flag
Tim
You could consider whether AWS Inspector combined with AWS Guard Duty would be sufficient to fulfill your needs. A compromised server can trigger them by behavior.
us flag
Thanks @Tim Looks like AWS Inspector is what I need. Much appreciated
Score:1
gp flag
Tim

AWS Inspector combined with AWS Guard Duty should give you "good enough" protection that you don't need to use AV. They're behavioral rather than signature based, so they'll likely alert you when an instance starts behaving in a way that indicates malware.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.