Lynis is a powerful, open-source security auditing tool primarily used by system administrators, security experts, and auditors to assess the security of Linux and UNIX-based systems. Unlike traditional vulnerability scanners, Lynis performs in-depth security checks by running directly on the host, providing more thorough evaluations.
ClamAV is an open-source anti-virus engine licensed under the GPL, widely used for email scanning, web protection, and endpoint security. It includes multiple tools such as a multi-threaded daemon, command-line scanner, and an advanced feature for automatic virus database updates.
WARNING: CentOS 7 End of Life
CentOS 7 reached its end-of-life (EOL) on June 30, 2024. For more details, refer to the official CentOS announcement: CentOS 7 EOL Notice.
Due to the EOL, you may face issues with repositories. We recommend upgrading to a supported operating system.
If you’re using CentOS 7 and experiencing mirror issues, follow this guide to resolve them.
0. Preliminary Requirements:
- 1. Ensure the CentOS 7 template is installed on the server.
- 2. Install the nano text editor:
yum install nano -y
1. Install Lynis
Create the Lynis directory:
mkdir /usr/local/lynis
cd /usr/local/lynis
Download and extract Lynis:
wget https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz
tar -xvf lynis-2.7.5.tar.gz
The latest version of Lynis can always be found here: Lynis Download.
2. Using Lynis
Navigate to the Lynis directory:
cd /usr/local/lynis/lynis
To view the Lynis tutorial, run:
./lynis
To scan your entire VPS, use:
./lynis --check-all
1. Install ClamAV
Install the EPEL repository and update packages:
yum install epel-release
yum update
Install ClamAV packages:
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
2. Enable Freshclam (Automatic Updates)
Freshclam keeps ClamAV up to date. The following configuration sets it to check for updates four times a day.
Back up the Freshclam configuration file:
cp /etc/freshclam.conf /etc/freshclam.conf.bak
Remove unnecessary example lines:
sed -i '/Example/d' /etc/freshclam.conf
Edit the clam-freshclam.service file:
nano /usr/lib/systemd/system/clam-freshclam.service
Paste the following content:
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Enable and start the Freshclam service:
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
To manually update the ClamAV virus database:
freshclam
3. Configure ClamAV Daemon
Copy the default configuration:
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
Remove example lines:
sed -i '/Example/d' /etc/clamd.d/clamd.conf
Rename and edit the clamd service file:
mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
nano /usr/lib/systemd/system/clamd.service
Add the following content:
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Enable and start the ClamAV daemon:
systemctl enable clamd.service
systemctl start clamd.service
4. Manual Scan Options
To run various manual scans with ClamAV, here are some examples:
Scan all files on the VPS and display their names:
clamscan -r /
Scan all files, only showing names of infected files:
clamscan -r -i /
Scan files in the background, displaying infected file names:
clamscan -r -i / &
Scan files in all user home directories:
clamscan -r /home
Scan files in a specific user directory and move infected files to a quarantine folder:
clamscan -r --move=/home/USER/Quarantine /home/USER
Scan a user’s directory and delete infected files:
clamscan -r --remove /home/USER
