Anyone a Linux Guru?

Monkey Archive Forums/Digital Discussion/Anyone a Linux Guru?

CopperCircle (Posted 2012) [#1]

Hi, I have been put in charge of a Linux Debian webserver but my background is Windows servers, I believe the Linux server has some malware that is sending spam to the hosted email accounts (using Exim) but I am not sure the best way to check for malicious code?

silentshark (Posted 2012) [#2]

There isn't really much Linux malware (to date), compared with Windows, so although it might be infected, I wouldn't leap to that conclusion. In terms of antimalware for Linux, I'd take a look at ClamAV. I suspect it's in the Debian repositories. But the safest thing in this kind of situation - perhaps the machine has malware, perhaps it's been owned - is to rebuild fresh from the bare metal. If this webserver is internet facing, you should make sure it is hardened appropriately. It should be bang up to date with the relevant patches. It should be behind a properly configured firewall with appropriate ingress and egress filtering. It should have software that is not required for the functioning of the web server removed - is Exim required at all? Hope this helps somewhat. If I'm just stating stuff you already know, well, no matter :-)

CopperCircle (Posted 2012) [#3]

Thanks, I'll take a look at ClamAV.

zoqfotpik (Posted 2012) [#4]

Run rkhunter. I concur about rebuilding the system. One idea might be to do your account hosting inside of a virtual machine-- that way it's essentially impossible to access the internal hardware and any time there is a hint of a problem you can just restore the VM.