Server Malware Protection

Introduction

Having strong malware protection on your server is an important part of not only keeping the server safe, but also the other computers that may be using that server.

The Virginia Tech minimum security standards requires that some form of a security monitoring tool must be used. The following are options that may be used.

Wazuh Security Monitoring

Wazuh is a service that provides security monitoring for server machines. The platform features Endpoint Security, Threat Intelligence, Security Operations, and Cloud Security. These tools help you review alerts as they come in.

OSSEC Security Monitoring

OSSEC is a host intrusion detection platform that can be used to help protect a system. OSSEC is open source and is free. The software is PCI compliant and is multiplatform.

Procedures

Microsoft Windows Server

Much like Windows 10, Microsoft Windows server comes pre-installed with strong anti-malware software. These features can be accessed via both a graphical user interface and PowerShell.

Graphical User Interface

  1. Go to settings. This can be accessed by the Windows start menu.
  2. Go to Update and Security
  3. Open Windows Security.
  4. Open Virus and Threat Protection.
    • Scan Threats - Scan your system for possible threats.
    • Scan Options - Configure various options for the scan, such as when they will occur.
    • Check for Updates - Keeping your system up-to-date is a great way to ensure that it is protected against possible threats.
    • Ransomware Protection - Ransomware has become a more popular attack in recent years. Luckily Microsoft’s built in ransomware protection is strong and easy to use.

PowerShell

PowerShell allows you to utilize Windows built-in malware protection right from the command line. For more information on how to use these commands and more, view the Microsoft Documentation.

  1. Open PowerShell as an administrator. That can be done by right clicking PowerShell, and selecting Run as administrator.
    • get-mpcomputerstatus - This command allows you to get the status of the antimalware software.
    • get-mpthreat - This command gets the history of all threats detected on the computer.
    • get-mpthreatdetection - This command gets all active and past malware threats.
    • get-mpthreatcatalog - This command gets known threats from the definitions catalog.
    • set-mppreference - This command allows you to configure and set preferences for the Windows Defender. More information on how to use this command can be found via the Microsoft Documentation.
    • update-mpsignature - This command allows you to update the anti-malware definitions on the computer.
    • start-mpscan - This command starts a scan on the computer.

macOS Server

Apple has discontinued macOS server. If you are interested in securing your macOS client system, see the documentation on Endpoint Malware Protection.

Linux Server

While Linux is generally less susceptible to malware attacks, there are a few best practices you can do to keep your Linux server protected. Using a combination of anti-malware software and frequent software updates will greatly reduce the possibility of malware infection.

Some useful anti-malware software for Linux servers include:

  • ClamAV
  • Rkhunter
  • Chkrootkit

For more information how to install and use anti-malware software on Linux distributions, see the documentation on Endpoint Malware Protection.

Update Ubuntu

  1. Update repository index: 
    apt update
  2. Update Packes: 
    apt dist-upgrade

Update Debian

  1. Update repository index: 
    apt update
  2. Update Packes: 
    apt dist-upgrade

Update Fedora

  1. Install the fedora-upgrade package: 
    sudo dnf install fedora-upgrade
  2. Run the fedora-upgrade script: 
    sudo fedora-upgrade

Find and Remove Malware

Information on how to find and remove malware from your system can be found in the documentation on Endpoint Malware Protection.