I just recently internet enabled...does slack 10 come with any antivirus/firewalls spyware sniffers..?

can anyone suggest any for slack..

thanks
Cleric

Firewall: yes, it ships with iptables

AV: no, you'll need to organise one.
I recommend f-prot, the Linux version is free
for private use (not OpenSource, though).

Spyware: not necessary for all I know.


Cheers,
Tink

you don't need an anti-virus or spyware scanner for linux/unix...

oh, and linux comes with netfilter/iptables, one of the most powerful packet-state filtering firewalls on the planet...

http://www.netfilter.org/


here's a link where you can find lots of info to get started with netfilter/iptables:

http://www.linuxguruz.com/iptables/


if you want an open-source virus-scanner, try clamav...

remember, clamav is made to run on linux/unix, not for linux/unix... in other words, (for example) this is mainly designed to run on linux/unix mail servers, where the clients are microsoft windows machines...

the windows machines clients scan the mail attachments for viruses on the linux/unix mail servers before they download them, for their own protection, not for linux/unix's protection...

http://www.clamav.net/

iptables is not a packet firewall. Its a port firewall. I think FreeBSD has packet firewall. After you have config your firewall, test it with Nessus.

Nessus - http://www.nessus.org

The possibilty of getting a virus or spyware in LINUX is very, very low. You are better off winning the lottery. Just make sure you update your system when there is any security exploites. Find programs that look for root kits or something similar to them.

you are confused...

netfilter/iptables is definitely a stateful packet filtering firewall...

here's an extract from the netfilter front page:



What is netfilter/iptables?

netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).

netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.
Main Features

* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository

What can I do with netfilter/iptables?

* build internet firewalls based on stateless and stateful packet filtering
* use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
* use NAT to implement transparent proxies
* aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
* do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header

well, i'm curious now ... how much of an issue ARE viruses on Linux anyway, i mean i'm reasonably sure there ain't much in the wild, AND that unless i'm root they can't harm anything outside the ~/ directory anyway.

BUT what's the go? are there virii that i can get, and that self exec, and behave destructive ... we don't have download options that auto exec a file in browsers and email, i haven't seen any in IRC clients and GAIM doesn't transfer files for me (i think i'm due for an update on that one). So ... are there any real risks there virus wise (provided you don't do the dumb thing and download and run any program you can find).

as long as your system is properly configured and updated, you should NEVER have to worry about getting a virus infection on linux...

whenever there is a linux virus, the virus code takes advantage of a security flaw in the system... when the hole is patched, everything is back to normal...

whenever there is a windows virus, the virus code can either take advantage of a security flaw, or of the insecure nature of the system... that's why on windows patching isn't enough, you need to have some kinda anti-virus software to protect you in real-time... you need to scan your machine for spyware every week... etc...

on linux a virus doesn't have the option to take advantage of an "insecure system nature", because when properly installed, linux is VERY secure... so they can only use security holes (which is why keeping your box up-to-date is important)...

now, of course, viruses aren't the only issue... sometimes you might set-up something incorrectly or you forget to do an update and then you inadvertently get OWNED. yes, it happens. of course, sometimes we just THINK it happens. sometimes we WONDER if it happened. because we're paranoid. we are paranoid penguins. and it's always good to be paranoid when it comes to security. but anyways, my point is that sometimes you want to make sure you haven't been OWNED... for this you can use a rootkit scanner... rootkits are tools hackers sometimes install on your sytem to maintain behind-the-scenes control, and stuff... here's a couple good rootkit scanners:

http://www.rootkit.nl/

http://www.chkrootkit.org/

of course, you need to remember that for the attacker to have installed the rootkit on your system in the first place, he had to use a security flaw or an adminsitrator's mistake, NOT the linux system's nature...

now, a rootkit scan will only let you know you've been hit when you run it... if you want something that can periodically check all your system files (on linux, EVERYTHING IS A FILE) and report to you whenever one of them is changed (no matter how minimally) check-out tripwire:

http://www.tripwire.org

Yeah you can get virus' on any OS. It just would seem unlikely to get many in linux because it is not a major house-hold system. If you want to do damage why not go for the system that is more accessilbe ie windows. Yet, if you want a fairly good anti-virus (it'll cost ya) look for Dr. Web or EAnthology.

Good luck...

There are a few viruses on the internet for Linux, but they hit systems with kernel version 2.2 or 2.3. The admins that still have those kernels running their servers have to use anti-virus programs. Kernel version 2.4 and 2.6 has the fixes the has been exploited in kernel versions 2.2 and 2.3.

Thats not packet filtering. It is still port filtering. Its still port filtering unless it can screen out packets with certain data like SMB, HTTP, P2P, SSH, Telnet, etc. I can assign any services to any port.

That's not packet filtering, that's packet inspection rules.

iptables IS a stateful packet filter, it doesn't support packet-inspection
with content tracking at this time (to the best of my knowledge), which
is what you're talking about, but you seem to be confusing a few terms.



Cheers,
Tink

only to a certain point... microsoft windows is the ONLY major operating system out there that is so susceptible to viruses, worms, spyware, and the like... you don't see this kind of susceptibility on gnu/linux, mac, solaris, etc...


"That's Microsoft's official line, but it isn't true. While every system is vulnerable to attack, the ease with which Windows systems can be compromised, the number of vulnerabilities, and the speed with which attacks can propagate are unique to Windows.

For a concrete example showing the defect in Microsoft's argument, look at Internet Web servers. The open source Apache Web server running primaily on open source Linux and BSD operating systems has more than twice the market share of Windows and IIS (Internet Information Server), yet it's the Microsoft products that have earned a reputation for poor security."

COMPLETE TEXT HERE:

http://www.aaxnet.com/editor/edit033.html


the reason you don't see linux/unix viruses even a fraction of the time you see windows viruses IS NOT popularity (linux/unix internet servers are WAY more popular than windows ones)... the reasons are purely technical... it is VERY difficult to create some kinda virus or worm that could take-down a bunch of linux (or any other decent unix) systems... the basic linux/unix system security model is designed to be VERY secure... microsoft's security model is simply designed to make them and their partners a lot of money: windows anti-virus' are a multi-billion dollar industry...

another thing (about the "targeting of windows"): linux (and other unixes) are used on MUCH MORE IMPORTANT and MISSION CRITICAL machines around the world... those are targets that are MUCH TASTIER than making some retarded worm in visual basic that brings-down a bunch of clueless home-user's windows PCs...


just to be clear, these are both windows products... and eanthology's status is quite suspicious:

http://www.spywareguide.com/product_show.php?id=459

http://www.pestpatrol.com/PestInfo/e/eanthology.asp


if you want a free (as in free beer, NOT freedom) virus-scanner for your windows box i recommend AVG Free Edition:

http://www.grisoft.com/us/us_dwnl_free.php


if you want a top-quality paid solution for you windows box, try panda... it always gets GREAT reviews from the top windows tech publications:

http://www.pandasoftware.com/products/


and of course, what windows box would be complete without:

http://www.safer-networking.org/index.php?page=spybotsd

http://www.lavasoftusa.com/software/adaware/

here's a few links about this linux virus issue:

http://redvip.homelinux.net/varios/virus-writing-HOWTO/

http://www.claws-and-paws.com/virus/..._viruses.shtml

http://www.theregister.co.uk/2003/10...ndows_viruses/


here's a link about a specific linux "virus":

http://math-www.uni-paderborn.de/~axel/bliss/



"In theory you can write a virus for any OS if the owner is dumb enough to install unchecked binaries as root." - Alan Cox

could you please elaborate on this???

what anti-viruses do kernel 2.2 users "have to use"??? and for what specific virus threats???

please correct me if i'm wrong, but kernel 2.2 is still maintained, at least as far as security is concerned, and it sounds far-fetched to say that you need some third-party software in order for the 2.2 kernel (or any other stable version) you downloaded from kernel.org to work properly...

kernel 2.3 (or any kernel with an odd second number) is/was a purely development release and should have never been installed on any production machine in the first place...

STABLE (even): 2.0, 2.2, 2.4, 2.6, etc...

DEVELOPMENT (odd): 2.1, 2.3, 2.5, etc..

neat ta ... will check them asap ... (like from work where internet is fast )

i see that you all were trying to do something similar to my questions.

so, how do you route multiple IP addresses into 1 single nic and then have them ported to a private ip address (email server, web server, etc)?