The Best Security Tools for Linux Administrators

linux system administrator

Security is of utmost importance in any computer system. In this article, we will be looking at some amazing open source security tools that can be used on a Linux desktop by anyone.

The security tools listed in this article span a wide range — from network security tools to intrusion detection and prevention systems.

The first one that we will be looking at is Nikto. This tool is mainly used for Web security. More than 6000 tests can be automatically performed by Nikto to detect Web vulnerabilities in a system.

We can install this tool on our system using the following command:

sudo apt-get install nikto

Nmap is a tool used to scan networks. Developed by Gordon Lyon, it helps us get the list of open ports and analyse them by sending and receiving packets and responses. Various services and hosts can be detected or discovered using this tool. Many more services like OS detection, etc, are provided by Nmap.

For installation, just enter the following command:

sudo apt-get install nmap

Now check that Nmap has been installed properly by using the following command. Once you give this command, you should get the version of Nmap, which will indicate that the installation has been done correctly.

nmap --version

One of the most important tools to keep your system secure is ClamAV. This open source and free toolkit helps our machines fight against malware. Many different types of malware can be successfully detected by ClamAV. It was first developed by Cisco for only UNIX systems but is now available for Linux, MacOS, etc, with the help of some third parties.
The command for installing ClamAV is given below:

apt-get install clamav clamav-daemon -y

Snort is an open source intrusion detection and prevention system that was developed by Martin Roesch, but is now owned by Cisco. It has many inbuilt tests to detect different kinds of attacks including Web based attacks.

Installation can be done by executing the following commands in the terminal:

wget (check for the latest version)
tar xvzf snort-3.tar.gz
cd snort-3
./configure –enable-sourcefire && make && sudo make install

This tool can scan exploits, backdoor attacks, rootkits, etc, and is based on UNIX. It can identify which files or software are dangerous and which are not. It also has special tests for Linux.

The command for installation is:

apt install rkhunter -y

Lynis is a free, open source and extensible security auditing tool used by many security auditors across the world. Security specialists, network administrators and penetration testers are all the intended users of this tool. With Lynis, you can add your own custom test.
To install, execute the command given below:

sudo apt-get install lynis

We can also perform a basic test using the following command:

lynis audit system --quick

The seventh tool in this list of top security tools is OSSEC, which is basically an open source and free host based intrusion detection system. Its many special features include integrity checking, rootkit detection, time based alerting, log analysis, etc.

Run the following commands to install OSSEC:

apt install gcc make libevent-dev zlib1g-dev libssl-dev libpcre2-dev wget tar -y
wget -P /tmp
#cd /tmp
tar xzf 3.6.0.tar.gz
cd ossec-hids-3.6.0/

The eighth tool is Wazuh. This is also an open source, free and enterprise wide security monitoring solution that provides a host based security system similar to OSSEC, but is much lighter in weight.

Installation commands are:

apt install gcc make libevent-dev zlib1g-dev libssl-dev libpcre2-dev wget tar -y
wget -P /tmp
#cd /tmp
tar xzf 3.6.0.tar.gz
cd ossec-hids-3.6.0/

Radare2, which is also known as r2, is a reverse engineering and command-line based tool. It works on different operating systems.

You can install this tool by executing the command given below on a Debian based system:

sudo apt-get install -y radare2

This is a part of the GVM (Greenbone vulnerability manager); it provides vulnerability scanning and vulnerability management services. The installation command is:

sudo apt-get install openvas9

The last top tool in this list is Maltrail. This open source high traffic detection system helps keep malware away from our system. It helps us avoid malicious threats. All the traffic sources and data from the Internet are used to compare and understand where the malware traffic is.

The installation commands are:

git clone
cd maltrail/
python &

I have listed what are, according to me, the best and most famous tools that can be used on Linux systems to improve, test and audit security. Visit their websites for complete documentation and try them out. Exploring them could be a lot of fun.


Please enter your comment!
Please enter your name here