Lynis and ClamAV installation

Clara - VPS Hosting Team

Lynis is an open-source security auditing tool used by system administrators, security professionals, and auditors to assess the security defenses of Linux and UNIX-based systems. It runs directly on the host, performing more comprehensive security scans than typical vulnerability scanners.

ClamAV is an open-source (GPL) antivirus engine used for various purposes, such as email scanning, web scanning, and endpoint security. It includes several utilities, such as a flexible, scalable multi-threaded daemon, a command-line scanner, and an advanced tool for automatic database updates.

WARNING

CentOS 7 reached its end-of-life (EOL) on June 30, 2024:

CentOS 7 EOL Announcement

As a result, you may encounter repository issues. We recommend installing another OS that has not yet reached EOL.

If you are using CentOS 7 and face a mirror issue, check this guide to resolve it.

0. Preliminary Requirements:

"CentOS 7" template installed on the server.
"nano" text editor installed (yum install nano -y).

1. Installation of Lynis:

mkdir /usr/local/lynis

cd /usr/local/lynis

wget https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz

tar -xvf lynis-2.7.5.tar.gz

The latest version can be found at: Lynis Download

2. Using Lynis:

To run Lynis, navigate to its folder:

cd /usr/local/lynis/lynis

To view the Lynis tutorial:

./lynis

To check the entire VPS:

./lynis --check-all

1. Installation of ClamAV:

yum install epel-release

yum update

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

2. Enabling Freshclam:

Freshclam keeps ClamAV up to date. In this tutorial, it's set to check for updates four times daily.

cp /etc/freshclam.conf /etc/freshclam.conf.bak

sed -i '/Example/d' /etc/freshclam.conf

Edit the "clam-freshclam.service" file:

nano /usr/lib/systemd/system/clam-freshclam.service

Paste the following content:

Enable Freshclam to start automatically:

systemctl enable clam-freshclam.service

systemctl start clam-freshclam.service

To manually update the ClamAV virus database:

freshclam

3. Configuring ClamAV Daemon:

cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf

sed -i '/Example/d' /etc/clamd.d/clamd.conf

mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service

Now, update the clamd service file:

nano /usr/lib/systemd/system/clamd.service

Content to add:

Move to the "system" directory:

cd /usr/lib/systemd/system

Enable clamd to start automatically:

systemctl enable clamd.service

systemctl start clamd.service

4. Manual Scan Options:

To scan all files on the VPS and display the name of each file:

clamscan -r /

To scan all files on the VPS and display only infected file names:

clamscan -r -i /

To scan all files on the VPS, showing only infected file names while running the scan in the background (use the jobs command to check scan progress):

clamscan -r -i / &

To scan all files in user home directories:

clamscan -r /home

To scan all files in a user's directory and move infected files to a quarantine directory:

clamscan -r --move=/home/USER/Quarantine /home/USER

To scan all files in a user's directory and delete infected files:

clamscan -r --remove /home/USER