A Simple Security Guide for Linux Workstations and Servers
Many small businesses depend on Linux for their daily operations. Linux is stable and secure, but no system is completely safe from threats. Any machine connected to a network can be exposed to malware, rootkits, weak passwords, and outdated software.
This guide gives you plain language explanations and step by step instructions for installing and using trusted free tools to check your Linux systems. You do not need deep technical knowledge to understand the purpose of each tool or why it helps.
Before You Begin
A rootkit is software that hides itself and gives an attacker control. Malware is anything harmful that ends up installed on your system. Linux threats often arrive through exposed services, unpatched software, or weak authentication.
All commands in this guide should be run with administrative privileges, usually by using sudo.
rkhunter
rkhunter checks for known rootkits and unusual system changes.
Install rkhunter
Debian or Ubuntu
sudo apt update
sudo apt install rkhunter
CentOS, Rocky, Alma, or RHEL
sudo yum install epel-release
sudo yum install rkhunter
Update and run rkhunter
sudo rkhunter --update
sudo rkhunter --propupd
sudo rkhunter --check
chkrootkit
chkrootkit looks for signs of well known rootkits on the system.
Install chkrootkit
Debian or Ubuntu
sudo apt install chkrootkit
CentOS, Rocky, Alma, or RHEL
sudo yum install chkrootkit
Run chkrootkit
sudo chkrootkit
Lynis
Lynis provides a full security audit and suggests improvements.
Install Lynis
Debian or Ubuntu
sudo apt install lynis
CentOS, Rocky, Alma, or RHEL
sudo yum install lynis
Run Lynis
sudo lynis audit system
Lynis stores its log here:
/var/log/lynis.log
ClamAV
ClamAV scans files for malware and is especially useful for email and file servers.
Install ClamAV
Debian or Ubuntu
sudo apt install clamav clamav-daemon
sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclam
CentOS, Rocky, Alma, or RHEL
sudo yum install epel-release
sudo yum install clamav clamav-update
sudo freshclam
Run a scan
Scan the entire system
sudo clamscan -r -i /
Scan a specific directory
sudo clamscan -r -i /home
Linux Malware Detect (LMD or Maldet)
LMD is helpful for systems that host websites or handle uploaded files.
Install LMD
Debian or Ubuntu
sudo apt install maldet
CentOS, Rocky, Alma, or RHEL
sudo yum install epel-release
sudo yum install maldet
Run a scan
sudo maldet -a /
Reports are stored in:
/usr/local/maldetect/sessions/
AIDE
AIDE tracks changes to important system files and alerts you when something unexpected is modified.
Install AIDE
Debian or Ubuntu
sudo apt install aide
CentOS, Rocky, Alma, or RHEL
sudo yum install aide
Initialize AIDE
sudo aide --init
sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
Run AIDE checks
sudo aide --check
Logwatch
Logwatch generates readable summaries of system logs.
Install Logwatch
Debian or Ubuntu
sudo apt install logwatch
CentOS, Rocky, Alma, or RHEL
sudo yum install logwatch
Run Logwatch
sudo logwatch --detail medium --service all --range today
How Often Should These Tools Be Used
A simple schedule for small businesses:
- rkhunter weekly
- chkrootkit weekly
- Lynis monthly
- ClamAV or LMD weekly
- AIDE daily or weekly
- Logwatch daily on important servers
When to Ask for Help
Reach out to a security professional if you see:
- Repeated warnings from multiple tools
- Unknown accounts or processes
- Unexpected open network ports
- AIDE reports unusual changes
- Any sign of unauthorized access
Bringing It All Together
These free tools give small businesses a clear starting point for checking the health of their Linux systems. They also help build a routine of continuous monitoring that supports your broader security and governance goals.
If your organization needs help interpreting results, improving configurations, or building an ongoing security plan, Anchor Cyber Security is ready to support you.