Recommended antivirus and other protection (like from hackers)

Some of the things I’ve seen makes me suspicious that someone is trying to hack into my computer - it’s happened a few times before (by a very advanced hacker coming in through the cable internet).

I’ve checked what I know to check, and have installed rkhunter. It had what looks like a few false positives (five ‘suspicious’ files and four possible rootkits found - which look like errors on the part of rkhunter).

I’m not familiar with many of the security programs that came with Leap 15.3. I have Clamtk installed, but it focuses only on viruses.

(1) any suggestions on how to help keep hackers out (I have to work via the internet)?
(2) can someone recommend a good virus/malware/hacker program?

Thanks!
Bob

Your desrcription about “trying to hack” is not very clear. It is of course better if “they” do not even try, but they do. The important thing is if they have much chance to succeed… That is not very likely with an up-to-date Linux system and you taking the usual precautions (like not having ports open you do not need, not publishing passwords, running firewall functionality at least at your modem/router and probably also on the system).

Not many Linux system managers run anti-virus software on their system. AFAIK there are still no real functioning viruses for Linux in the first place and the anti-virus software as exists now does only check for MS Windows viruses and thus are of not much help if there are.
There are people that want to check e.g. emails coming trough their system (because they run a mail server) that may go to MS Windows systems for MS Windows viruses as a service to those poor people, but those cases are the exception.

one thing you can do is turn off root remote login , that is if you do not use it .

You could also close port 22 in your firewall and if you wish to access your PC via ssh then configure your openSUSE to use a different port other than the default port 22.

I would say, when you do not need SSH access, do not start sshd at all.

I have run Fail2ban for a long time as I run a mail server. I have configured it to not only ban IP addresses but also the whole associated subnet for each attempt to relay via my server for 30 days. Quite draconian but it works.

Thanks, everyone, for the suggestions!

I try to keep it updated (sometimes the notice of updates slides by), have the router firewall and my system firewall active, and only run what I need. I don’t ever access my computer remotely (and think I’ve got all that disabled), and the only connection I make is with my work computer, through Remmina. For personal stuff I use Firefox, and for school stuff Chromium. I also take the normal precautions (“safe surfing” I guess you could say). I suspect hacking attempts because of past experiences - a little over a year ago a hacker gained access to my system (right when I’d installed my school’s VPN software) and caused me great harm by deleting important files and screwing with my system - I actually saw him moving folders and deleting stuff. I lost some of the data for my dissertation, but not all of it (enough to show I’d made a breakthrough). Previous to that, a hacker had gotten into at least three different modem/routers and wrecked them trying to take them over - turning on the wireless and turning off security, for instance (and then tying up our internet by downloading huge files).

Now that one major source of stress is reduced, I can look into more ways to protect the system and my work (which I have multiple backups of).

If anyone else has suggestions (besides disconnecting from the internet - most of my work is through it), I’d appreciate it!

Fail2ban to disable remote logins.

Also clamav to scan for malware.

I wrote my own fail2ban like application that uses iptables - it prevents connections into my machine from most countries.
This is what it has reported (as of 6/23/2022 at 21:14)

Starting ban lookup Thu Jun 23 21:14:01 CDT 2022
===================== Old log begins =======================
Starting ban lookup Sun Jun 12 11:58:01 CDT 2022
185.255.131.42 is going to be banned due to 3 login attempts
185.255.131.42 root attempts count as 3 seperate attacks
0 root attempts were found from 185.255.131.42
/usr/sbin/iptables -A INPUT -s 185.255.131.42 -j DROP
/usr/sbin/iptables -A OUTPUT -d 185.255.131.42 -j DROP
There are 10 new ip addresses being blocked.
Since the last mkipset was run 37216 being blocked.
There are 3936 sites that hacked but not blocked.
updated iptables
All Done Sun Jun 12 11:58:24 CDT 2022
bad passwords found but no change to iptables
All Done Mon Jun 20 07:55:24 CDT 2022
===================== Old log ends =========================
last mkipset run was Jun 23 02:06
Since the last mkipset was run 37226 being blocked.
no new hacks
no changes to iptables
All Done Thu Jun 23 21:14:01 CDT 2022

From Wikipedia:

On Linux servers ClamAV can be run in daemon mode, servicing requests to scan files sent from other processes. These can include mail exchange programs, files on Samba shares, or packets of data passing through a proxy server.

Thus when you do not provide such services on a system, I do not see much use for clamav.