TL;DR - What are you running as a means of “antivirus” on Linux servers?
I have a few small Debian 12 servers running my services and would like to enhance my security posture. Some services are exposed to the internet and I’ve done quite a few things to protect the services and the hosts. When it comes to “antivirus”, I was looking at ClamAV as it seemed to be the most recommended. However, when I read the documentation, it stated that the recommended RAM was at least 2-4 gigs. Some of my servers have more power than other but some do not meet this requirement. The lower powered hosts are rpi3s and some Lenovo tinys.
When I searched for alternatives, I came across rkhunter and chrootkit, but they seem to no longer be maintained as their latest release was several years ago.
If possible, I’d like to run the same software across all my servers for simplicity and uniformity.
If you have a similar setup, what are you running? Any other recommendations?
P.S. if you are of the mindset that Linux doesn’t need this kind of protection then fine, that’s your belief, not mine. So please just skip this post.
AFAIK this is not what happens on NixOS. Every package gets installed into a directory that’s a hash of its dependencies in the nix store, but there’s no special isolation or anything on NixOS (well, when the packages are built there’s some isolation, but that’s mostly to keep the builds honest). That said, NixOS is a little better than most distros about creating separate daemon users for services with different permissions, but I don’t think it’s done universally. I love NixOS and it has many benefits, but I don’t think this is one.
Security concerns can vary between traditional Linux distributions and rolling release distributions.
Traditional Linux Distributions:
Stability: Traditional distributions like Ubuntu LTS tend to prioritize stability over the latest software updates. While this can reduce the risk of new software vulnerabilities, it may also mean that security patches for certain software components are not as up-to-date as in rolling releases.
Delayed Updates: Security updates for software packages may take longer to reach users in traditional distributions because they go through a more extensive testing and validation process. This delay could potentially leave systems vulnerable for a longer period.
Predictability: Traditional distributions have predictable release cycles, making it easier to plan and apply security updates. However, this predictability can also make it easier for attackers to anticipate when certain software versions will be in use.
Rolling Release Distributions:
Up-to-Date Software: Rolling releases like Arch Linux or Manjaro provide the latest software updates as soon as they are available. While this ensures access to new security features and patches quickly, it can also introduce new bugs and vulnerabilities.
Frequent Updates: Rolling releases typically require more frequent updates, which can be time-consuming and potentially introduce compatibility issues if not managed properly.
User Responsibility: Users of rolling releases have a greater responsibility to stay informed about security updates and apply them promptly. Failure to do so can leave systems vulnerable.
Testing: Rolling releases often have a testing phase where updates are evaluated by the community before being rolled out to all users. This helps catch issues, but it can still result in occasional instability.
In summary, the main security concern with traditional Linux distributions is the potential delay in receiving security updates, while rolling releases offer up-to-date software but may require more user vigilance and can occasionally introduce instability due to frequent updates. The choice between them should depend on your specific use case and your willingness to manage updates and stability.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
Honestly, the best antivirus for Linux is Arch.
No, it’s NixOS. Every package is self-contained in its own directory, which acts as chroot.
AFAIK this is not what happens on NixOS. Every package gets installed into a directory that’s a hash of its dependencies in the nix store, but there’s no special isolation or anything on NixOS (well, when the packages are built there’s some isolation, but that’s mostly to keep the builds honest). That said, NixOS is a little better than most distros about creating separate daemon users for services with different permissions, but I don’t think it’s done universally. I love NixOS and it has many benefits, but I don’t think this is one.
Hahahahaha this actually made me chuckle. Thanks for that!
Its a rolling release, so will always have the most up to date and patched packages the fastest. That concept is the antivirus.
Can’t infect your machine if the vulnerabilities are already fixed.
Now where do new vulnerabilities come from? 🤔 Oh that’s right - from new code. And how often does new code show up on Arch? Oh…
Security concerns can vary between traditional Linux distributions and rolling release distributions.
Traditional Linux Distributions:
Stability: Traditional distributions like Ubuntu LTS tend to prioritize stability over the latest software updates. While this can reduce the risk of new software vulnerabilities, it may also mean that security patches for certain software components are not as up-to-date as in rolling releases.
Delayed Updates: Security updates for software packages may take longer to reach users in traditional distributions because they go through a more extensive testing and validation process. This delay could potentially leave systems vulnerable for a longer period.
Predictability: Traditional distributions have predictable release cycles, making it easier to plan and apply security updates. However, this predictability can also make it easier for attackers to anticipate when certain software versions will be in use.
Rolling Release Distributions:
Up-to-Date Software: Rolling releases like Arch Linux or Manjaro provide the latest software updates as soon as they are available. While this ensures access to new security features and patches quickly, it can also introduce new bugs and vulnerabilities.
Frequent Updates: Rolling releases typically require more frequent updates, which can be time-consuming and potentially introduce compatibility issues if not managed properly.
User Responsibility: Users of rolling releases have a greater responsibility to stay informed about security updates and apply them promptly. Failure to do so can leave systems vulnerable.
Testing: Rolling releases often have a testing phase where updates are evaluated by the community before being rolled out to all users. This helps catch issues, but it can still result in occasional instability.
In summary, the main security concern with traditional Linux distributions is the potential delay in receiving security updates, while rolling releases offer up-to-date software but may require more user vigilance and can occasionally introduce instability due to frequent updates. The choice between them should depend on your specific use case and your willingness to manage updates and stability.
Unfortunately you can’t easily patch the fleshy thing operating the system
Not yet…