1. Update your server: Make sure your server is up-to-date with the latest security patches and software updates.
#sudo apt update
#sudo apt upgrade
2. Install an antivirus tool: ClamAV is a popular antivirus tool for Ubuntu. Install it using the following command:
#sudo apt install clamav
3. Update ClamAV signatures: Update the ClamAV virus signature database to ensure it recognizes the latest threats.
4.Scan your system with ClamAV: Perform a comprehensive scan of your system to identify potential Trojan files.
#sudo clamscan -r /path/to/scan
Replace /path/to/scan with the directory you want to scan.
5. Monitor system processes: Use the ps command to view active processes and identify any suspicious ones.
Look for processes with unusual names, especially those that are not associated with known applications.
6.Check network connections: Use the netstat command to monitor network activity and identify any suspicious connections.
Look for unfamiliar IP addresses or suspicious port numbers.
7.Analyze system logs: Check system logs for any irregularities or suspicious entries. Common log files include /var/log/syslog and #/var/log/auth.log.
#grep -i “trojan” /var/log/syslog
#grep -i “trojan” /var/log/auth.log
8. Use rootkit detection tools: Rootkits often accompany Trojans. Install and run a rootkit detection tool like rkhunter.
#sudo apt install rkhunter
#sudo rkhunter –check
Follow any recommendations provided by the tool to eliminate detected threats.
9. Check startup programs: Inspect the list of startup programs to ensure there are no unauthorized entries. Use the ls command to list files in the /etc/init.d/ directory.
Investigate any unfamiliar scripts.
10.Use file integrity checking: Verify the integrity of critical system files using tools like debsums.
#sudo apt install debsums
#sudo debsums -c
This command checks and reports any changes in system files.
11.Manual inspection: Perform a manual inspection of important directories, looking for any files that seem out of place or have suspicious names.
#ls -la /path/to/directory
Replace /path/to/directory with the directory you want to inspect.
Remember to exercise caution and backup important data before taking any corrective actions. If you’re uncertain about a file or process, seek assistance from experienced users or security professionals. Regularly updating your system and staying vigilant are crucial in maintaining a secure Ubuntu environment.
If you are looking for assistance to secure your site or server or purchase a server for your site, NatSav is the right choice for you. At NatSav, we offer Dedicated Server and Managed VPS Hosting options. In addition, our skilled team provides 24/7/365 support and monitoring services so that you can focus on your websites. Contact our team today to learn more.