5 Must-Have Security Tools for Your Linux PC

5 Must Have Linux Security Tools

Some people are, rather falsely, under the impression that just because they use Linux they don’t need to worry about security. Sure, Linux doesn’t suffer from the same types of security issues and prevalent malware that Windows does, but that doesn’t mean that Linux users can neglect their systems and expect to be secure.

These five tools are absolutely essential for Linux desktop users. If you’re running a server, there are more.┬áThis guide doesn’t present them in any particular order because they all serve different and arguably equally important functions. Plus, they are all free and open-source software. So if you aren’t using any of these on your Linux desktop, start now.

1. ClamAV

ClamAV On Linux

ClamAV is a traditional antivirus program like you’d expect to find for Windows. Actually, there is a version of ClamAV available for Windows. You can use ClamAV by itself from the command line, or you can couple it with its graphical interface, ClamTK for a more familiar experience.

ClamAV has the ability to run as a daemon that you can use to automate scans and/or allow other programs like mail servers to automatically scan files on use. You can automate ClamAV via cron without the daemon, too. That may be the better option if you’re just running it on a desktop.

2. Chkrootkit

Chkrootkit on Linux

Rootkits are a special type of malware specific to Unix-like operating systems, Linux included. As their name implies, they attempt to get root access to a system. From there they can allow an attacker to do nearly anything.

Chrootkit is a simple command line utility that scans your system for known rootkits. Chkrootkit doesn’t remove rootkits. Chances are, if you’re infected with one, you’re going to be doing a fresh install unless you get lucky enough to be able to remove it manually. That said, it’s still an amazing tool for detecting potential breaches.


LUKS isn’t really an independent program, but it needs to be mentioned. LUKS actually stands for Linux Unified Key Setup, but it tends to be synonymous with the full stack that supports Linux disk encryption. Cryptsetup is the actual utility that encrypts disks and that uses a Linux kernel module called dm-crypt.

Clearly LUKS is tightly integrated into the inner workings of Linux, and that makes it an excellent candidate for encrypting your hard drives on Linux. It’s important to encrypt your hard drives for a wide variety of reasons. First off, encrypting your drives is one of the only ways to protect your data once someone has gained physical access to your computer. So if your computer is lost or stolen, the thief can’t get your data. It’s also a great way to protect storage that isn’t automatically mounted.

LUKS also works on USB volumes, so you can encrypt the flash drives that you only use on Linux systems.

4. Wireshark

Wireshark On Linux

People often think of Wireshark as a hacking tool, and it definitely can be, but Wireshark is an insanely powerful tool for analyzing network traffic.

Wireshark lets you monitor the traffic on your network at a packet level. It provides loads of valuable information on what information computers are sending and where they’re sending it. You can narrow it down and monitor specific ports and protocols as well.

Malware can be sneaky, and human intruders can be even more crafty. Sometimes even the best security and antivirus checks fail. At that point you need to check for symptoms. Wireshark can see any shady activity on your network and tell you exactly how it’s operating so you can fix it. Wireshark can also help you asses any potential gaps in your security before a problem arises.

5. Firejail

Firejail On Linux

Firejail sounds like some kind of crazy new maximum security prison, but it’s actually a tool for running programs in self contained Linux namespaces. There was a recent Reddit thread that demonstrated the need for Firejail perfectly. Sure, the individual in this instance ran Firefox as root, which is an absolutely terrible idea, but web browsers are the largest and most easily accessible attack surface on desktop Linux systems.

Firejail can contain programs like web browsers, email clients, and torrent clients to ensure that the potentially harmful content that they’re interacting with doesn’t leak out and damage the rest of the system. It provides an important additional layer between your system and the Internet.

Additional Thoughts

You can’t sum up security with a handful of tools. There are loads more tools and precautions that you can add to harden your Linux system. Alternatives to the programs listed here, like Veracrypt, can provide similar functionality.

There are other tools that are tightly integrated into the Linux ecosystem like the iptables firewall and SELinux that can add even more security. Those two weren’t mentioned here because they also impose restrictions that desktop users might find annoying or difficult to work around. They’re worth considering, though.

Nick Congleton Nick Congleton

Nick is a freelance tech. journalist, Linux enthusiast, and a long time PC gamer.


  1. Hark! Somebody wrote “Wirehark” and I did a double take… but good article besides the typo.

  2. The one problem with FireJail and other sandboxing apps is that they do not allow downloads or updates while inside the sandboxed program. You have to run a un-sandboxed Browser to allow for updates/downloads. Sort of defeats the entire purpose of sandboxing.

    1. Updating would not be happening in the sandbox in the first place on a Linux system.

      You can still access writable directories such as /home unless you are using a more restrictive profile.

      1. “Updating would not be happening in the sandbox in the first place on a Linux system.”
        Which is precisely my point. To update/upgrade/download one must be outside the sandbox which negates the advantages of the sandbox for that period of time. I’ll grant you that vast majority of the time is not spent in updating/upgrading/downloading so sandboxing does protect us.

    2. Installing programs inside the browser defeats the purpose of a sandbox. This is how ransoware and viruses are installed.

      1. Correct me if I’m wrong but a sandbox will not allow you to install a program, so ll installs have to be done outside the sandbox. That’s how ransomware and viruses are installed.

  3. Informative and useful. Coming from the Windows world (win7), I never felt comfortable unless the system was tweaked and protected by a number of 3rd-party apps.

    Would love to see an accompaning article re: firewalls. There are quite a few from Open/Free to Commercial. Some that I’ve looked at incorporate many additional features in an easy to use manner (similar to some of the better Windows counterparts).

    1. From the wording of your post I assume you are looking for info on Linux firewalls. Check out the following for starters:

  4. I think this security panic in Linux is way overblown. There hasn’t been any record of significant infections in desktop Linux as most is targeted at servers. I like Linux because of its responsiveness and speed and do no want to cripple it with antivirus running constantly in the background like in Windows. In 10 years of using it, I have yet to see any threat infected my system.. Any way I always make a snapshot of my distro once a month (/home is in a different partition). I can get back to a previous state in 5 minutes.

    1. “I think this security panic in Linux is way overblown.”
      Maybe so but don’t forget that just because you’re paranoid (use A/V and sandbox) does not mean that someone is not out to get you infected. :-)

      ” I always make a snapshot of my distro once a month”
      How do you know that you are not taking a snapshot of an infected system???

      1. I don’t use an A/V in Linux for the same reason I don’t hire a security guard to stand in my front door. It is just not worth it. I want to enjoy the freedom of movement. But if “someone”, like you said is there to get me, I would never go outside ;-))))

        Anyway, what is important is my data which is always backup somewhere else. In the unlikely event that I do get infected, which I put at .0001%, I can recover from an image backup or reinstall Linux in 5 minutes. For the minuscule amount of Linux virus, the best antivirus is safe internet practices and by using your head. As for my images infected, possibly, but I guess the whole purpose of a virus is to do something. If I was infected I would have seen something weird. How do you know that the poor performing ClamAv has not let pass a virus anyway ?

        This is my own opinion and I don’t judged anyone else for their decision.

        1. Hello to Linux its the new and improved Windows 10. And my favorite is any Rolling Bleeding edge edition like redhat-fedora open-suse, debion-ubuntu.. that have updaters that automaticly participate, send anonymous usage, metadata(ip,cpuinfo,time, version,web-history,etc…) for FREEE.!!!

          I Mostly talk out of my rear hope that is okay. I like my root user gnome desktop running firefox or chrome browser must have flash/java to view my fancy sites and love storing my cookies and history along with my accessibilities i got my webcam and pulseaudio/mic/spkrs well intergrated into my system for extra special support. Fully upgraded ipv6 anycast network-discovery, systemd, at-spi-bus, a11y, gvfs, libvirt/virtualbox…are the best feature/tools.

          technology is awesome. just like apple microsoft google

  5. While Linux might be a little more secure than either Window or Linux? I practice safe computing……which means I don’t just install things from dubious web-sites but from the “Software Center” or RPM repository that’s certified and checked. Other than that, there’s not much that I want running on my Linux machines except the software and apps I use….I don’t need bloated things sitting there that won’t ever get action from me but will sit there and get updated for nothing. I think if you stay vigilant and keep your systems updated and patched, and free from apps that aren’t needed, and you don’t just install things all over the place…..you should be fine. I have been running Fedora Linux since 2002 and I have NEVER gotten an infection, hijacked by ransomware, locked out with cryptoware, or grinded to a halt with any type of repetitive propagating viruses. I guess if you remain constant in your updates, and make SURE TO MAKE BACKUPS of your system…and do it while NOT CONNECTED to the Internet….you should be fine! But thats just me….LoL!

  6. the future is ipv6 anycast network-discovery, systemd, at-spi, gvfs, pulseaudio it just make the linuxx work nice silky and smooth,,

  7. Windows is attack prone because it is designed to be accessed by Microsoft . These back-doors are discovered and exploited by hackers over and again. Microsoft rolls out new editions with new back-doors and calls them secure. Linux has not yet been sold out in this way and I for one will continue to use it and promote it as a safer alternative to the Swiss cheese OS, Windows.

  8. Wayland does not work on my 17 in. H.P. Neither in Fedora or Ubuntu 17.10. The Desktop boots 90 degrees sideways to
    either left or right and no control of the mouse or touchpad. I never had problems before during the over 15 years I have
    being using Linux. I hope I don’t have to go back to Windows.
    Has someone a solution to the problem?
    Thank you,

Comments are closed.