Protecting systems and dealing with malware is increasingly becoming a critical task for Linux server administrators.

With the rapid expansion of the internet, the number of attacks has multiplied and the threat of hacking or infection has increased.

You can now be certain that any website exposed to the Internet and every server with an open public IP address will be constantly scanned by bots that try to take advantage of any vulnerability. If they can find one, they will install malware on your system.

A CentOS sysadmin must know how to enforce a solid security policy and how to remove any malicious code if a server is infected, we will teach you how to achieve these goals.

Stay up to date

Most server attacks are based on known software vulnerabilities. Developers are usually quick to release patches for their applications that fix these issues, so it is very important to install them as soon as possible and make sure that your system is always updated.

There are several ways to handle updates. If you subscribe to the CentOS mailing list, you will be notified of all new patches, as well as their severity. You can also setup most applications to send you an alert every time when a new patch is released.

Another option is to set up a cron job that will check yum repositories for updates at fixed intervals and either notify you or install them automatically. The package yum-cron is very convenient for this purpose.

However, many people choose to handle updates manually, for very good reasons. New packages can break the functionality of the server, so it is important to read the release notes carefully before installing them.

Some updates, such as new kernel versions, require a reboot so they have to be scheduled during periods of low activity on production systems.

Use SELinux

Many system administrators dislike SELinux and don’t know how to use it, so they disable it outright on all of their systems.

It is a serious mistake because this tool can be very valuable for protection once you learn how it works.

SELinux is an access control system that makes sure users and processes are only allowed to use the resources they actually need. If the Apache service is compromised for example, the attacker will be unable to do any serious damage to the system.

You can set SELinux to permissive mode in order to check the logs and understand the system, before enforcing it.

Implement a strong password policy

In order to protect the server from brute force attacks, make sure that you enforce a strong password policy.

Passwords must have a minimum length, with a mixture of under case and uppercase letters, numbers and symbols. Users should be required to change their passwords at regular intervals, without reusing old ones.

For even better security, use a two-factor authentication system or completely disable password logins and rely on public-key cryptography instead.

Scan your server

Installing an antivirus can protect your server from malware and clean any infected files that might be present.

There are many options you can consider, both paid and open source. Just like on Windows systems, some of the best commercial solutions are the Linux versions of Bit Defender, Eset Nod32 or Avast.

Among the most popular free options are Maldet, Sophos or Rootkit Hunter.

Some antiviruses are available as plugins for control panels like WHM or Plesk. ClamAV can be installed for free in cPanel, while Immunify360 is a commercial plugin from the developers of Cloud Linux.

Prevent intrusion

The simplest way to prevent intrusion is to configure a very restrictive firewall; you can use the basic iptables for this purpose or more complex tools like firewalld (default in CentOS) or CSF (which also offers integration with WHM).

The most advanced protection systems available also monitor server logs for any attacks and proactively ban or block any IPs with suspicious activity, such as password login failures or attempts to use exploits.

Some of these systems are available for free, for example Modsec is a web-based firewall integrated with Apache, CPHulk protects cPanel services while lfd is a tool integrated with CSF that prevents brute-force attacks.

More advanced systems are licensed by the top antivirus providers already mentioned.

In order to boost the security of your system, you can also hire a penetration testing company that will simulate a variety of attack vectors and alert you of any vulnerabilities as well as how to fix them. Since penetration scanning can generate serious load on the server, it is better to schedule it at night.


Securing a Linux server is a very complex task and no system can ever be completely safe from attacks. The steps described in this article are a quick way to protect your CentOS 7 machine from the most common types of malware.