HostSEO Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


Protecting systems and dealing with malware is increasingly becoming a critical task for Linux server administrators.

With the rapid expansion of the internet, the number of attacks has multiplied and the threat of hacking or infection has increased.

You can now be certain that any website exposed to the Internet and every server with an open public IP address will be constantly scanned by bots that try to take advantage of any vulnerability. If they can find one, they will install malware on your system.

A CentOS sysadmin must know how to enforce a solid security policy and how to remove any malicious code if a server is infected, we will teach you how to achieve these goals.


Most server attacks are based on known software vulnerabilities. Developers are usually quick to release patches for their applications that fix these issues, so it is very important to install them as soon as possible and make sure that your system is always updated.

There are several ways to handle updates. If you subscribe to the CentOS mailing list, you will be notified of all new patches, as well as their severity. You can also setup most applications to send you an alert every time when a new patch is released.

Another option is to set up a cron job that will check yum repositories for updates at fixed intervals and either notify you or install them automatically. The package yum-cron is very convenient for this purpose.

However, many people choose to handle updates manually, for very good reasons. New packages can break the functionality of the server, so it is important to read the release notes carefully before installing them.

Some updates, such as new kernel versions, require a reboot so they have to be scheduled during periods of low activity on production systems.


Many system administrators dislike SELinux and don’t know how to use it, so they disable it outright on all of their systems.

It is a serious mistake because this tool can be very valuable for protection once you learn how it works.

SELinux is an access control system that makes sure users and processes are only allowed to use the resources they actually need. If the Apache service is compromised for example, the attacker will be unable to do any serious damage to the system.

You can set SELinux to permissive mode in order to check the logs and understand the system, before enforcing it.


In order to protect the server from brute force attacks, make sure that you enforce a strong password policy.

Passwords must have a minimum length, with a mixture of under case and uppercase letters, numbers and symbols. Users should be required to change their passwords at regular intervals, without reusing old ones.

For even better security, use a two-factor authentication system or completely disable password logins and rely on public-key cryptography instead.


Installing an antivirus can protect your server from malware and clean any infected files that might be present.

There are many options you can consider, both paid and open source. Just like on Windows systems, some of the best commercial solutions are the Linux versions of Bit Defender, Eset Nod32 or Avast.

Among the most popular free options are Maldet, Sophos or Rootkit Hunter.

Some antiviruses are available as plugins for control panels like WHM or Plesk. ClamAV can be installed for free in cPanel, while Immunify360 is a commercial plugin from the developers of Cloud Linux.


The simplest way to prevent intrusion is to configure a very restrictive firewall; you can use the basic iptables for this purpose or more complex tools like firewalld (default in CentOS) or CSF (which also offers integration with WHM).

The most advanced protection systems available also monitor server logs for any attacks and proactively ban or block any IPs with suspicious activity, such as password login failures or attempts to use exploits.

Some of these systems are available for free, for example Modsec is a web-based firewall integrated with Apache, CPHulk protects cPanel services while lfd is a tool integrated with CSF that prevents brute-force attacks.

More advanced systems are licensed by the top antivirus providers already mentioned.

In order to boost the security of your system, you can also hire a penetration testing company that will simulate a variety of attack vectors and alert you of any vulnerabilities as well as how to fix them. Since penetration scanning can generate serious load on the server, it is better to schedule it at night.


Securing a Linux server is a very complex task and no system can ever be completely safe from attacks. The steps described in this article are a quick way to protect your CentOS 7 machine from the most common types of malware.

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar


Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional