What some free cli application level firewalls for Linux?
I have Ubuntu OS with no desktop/display driver. I need a free application firewall (like glasswire for windows); but the constraint is that it should be solely cli; can anyone give some suggestions. Description of why I think I might need this below:
I have server with Ubuntu OS this server is used for spam and virus filtering on emails. Recently, my Alien Vault siem is identifying that this sever is doing dns queries for some malicious sites (I know it can give false positives too but the point I am worried is I cann't logically account for these queries). To log it I turned on process accounting and also ip table logging. But when next time another such incident took place (i.e. after setting up logging and process accounting) the part of logs were missing for that specific time (not too accurately but it was like there were no ip or accounting logs for more then half day which is practically not possible).
This led me to conclusion that may be the server have been compromised (may be some vulnerability of the service), now I can update all packages but I want to know what exactly went rogue. I also tried to scan the whole system by adding additional signatures for the vulnerability as shown in Alien Vault; I used clamav with updated signatures for it. But clamav return no vulnerabilities. I have tried rootkit hunter too; that too returned no vulnerabilities.
I am lost as to how to proceed further to identify which service shown vulnerability. How to prepare for such events proactively? How can ensure that logs or services do not get tampered with?
I guess if I had an application level firewall (like there are for windows e.g. glasswire which shows exactly which application with path tried to make connection where and at what time) it will help. I researched and learned that there are options like opensnitch but they apparently require GUI while I have non desktop versions of OS installed. This brings me to the main part of question are there any application firewalls (opensource or free) which can work for os solely using cli.
