Lynis and ClamAV Installation and Configuration Guide
Introduction
Lynis is an open-source security auditing tool used to evaluate the security defenses of Linux and UNIX-based systems. It performs extensive security scans by running directly on the host.
ClamAV is an open-source anti-virus engine used for email scanning, web scanning, and endpoint security, providing various utilities including a multi-threaded daemon and a command-line scanner.
Preliminary Requirements:
- "CentOS 7" template installed on the server
- "nano" text editor installed (
yum install nano -y)
1. Installation of Lynis
1.1 Create the installation directory:
mkdir /usr/local/lynis
1.2 Navigate to the directory:
cd /usr/local/lynis
1.3 Download Lynis:
wget https://downloads.cisofy.com/lynis/lynis-2.7.5.tar.gz
1.4 Extract the tarball:
tar -xvf lynis-2.7.5.tar.gz
1.5 Find the latest version at: Lynis Download
2. Using Lynis
2.1 Move to the Lynis folder:
cd /usr/local/lynis/lynis
2.2 To view the Lynis tutorial:
./lynis
2.3 To check the entire VPS:
./lynis --check-all
1. Installation of ClamAV
1.1 Install the EPEL repository:
yum install epel-release
1.2 Update the system:
yum update
1.3 Install ClamAV and related packages:
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
2. Enabling Freshclam
2.1 Backup the Freshclam configuration file:
cp /etc/freshclam.conf /etc/freshclam.conf.bak
2.2 Remove the example lines from the configuration:
sed -i '/Example/d' /etc/freshclam.conf
2.3 Edit the "clam-freshclam.service" file:
nano /usr/lib/systemd/system/clam-freshclam.service
Paste the following content:
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
2.4 Enable and start the Freshclam service:
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
2.5 To manually update the ClamAV virus database:
freshclam
3. Configuring ClamAV Daemon
3.1 Copy the sample configuration file:
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
3.2 Remove example lines from the configuration:
sed -i '/Example/d' /etc/clamd.d/clamd.conf
3.3 Move the service file:
mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
3.4 Edit the Clamd service file:
nano /usr/lib/systemd/system/clamd.service
Paste the following content:
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Now move to "system" directory:
cd /usr/lib/systemd/system
3.5 Enable and start the Clamd service:
systemctl enable clamd.service
systemctl start clamd.service
4. Manual Scan Options
4.1 To scan all files on the VPS and show each file's name:
clamscan -r /
4.2 To scan all files but only show names of infected files:
clamscan -r -i /
4.3 To scan all files and show names of infected files in the background:
clamscan -r -i / &
4.4 To scan all files in user home directories:
clamscan -r /home
4.5 To scan all files in a specific user's directory and move infected files to a quarantine directory:
clamscan -r --move=/home/USER/Quarantine /home/USER
4.6 To scan all files in a specific user's directory and delete infected files:
clamscan -r --remove /home/USER
