Linux security defense tools
Most Linux systems have the goal to fulfill a particular role, like serving web pages or sending email. These are also the type of systems that benefit from having a good layer of defenses. From intrusion detection to malware scanning, there is enough available.
This category will host a range of tools, each with a particular goal in mind. While reviewing tools, consider the different risks to the particular system. Our advice is to select the right defensive tools based on the related risks. If you are unsure about what to select, start with a technical security audit. A tool like Lynis can give a good indication of what is running and needs to be checked. Missing categories will be displayed, like a malware scanner or intrusion detection system (IDS) tool.
Linux security defense tools are typically used for defense testing, intrusion detection, risk mitigation, system hardening.
Users for these tools include security professionals and system administrators.
Popular Linux security defense tools
ArpON (MitM defense tool)
ArpON is a host-based tool to improve the security of the Address Resolution Protocol (ARP).
Fail2ban (log parser and blocking utility)
network traffic filtering, security monitoring
Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks
MongoSanitizer (defense against MongoDB injection attacks)
application security, database security
Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.
hBlock (ad blocking and tracker/malware protection)
malware protection, privacy enhancement, provide anonymity
For the privacy-aware users, tools like hBlock can be helpful to block malicious domains, malware, advertisements, and trackers. Trackers could be pixels added to websites to track which pages you visited, which might invade your privacy.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.