Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
if you want an open-source virus-scanner, try clamav...
remember, clamav is made to run on linux/unix, not for linux/unix... in other words, (for example) this is mainly designed to run on linux/unix mail servers, where the clients are microsoft windows machines...
the windows machines clients scan the mail attachments for viruses on the linux/unix mail servers before they download them, for their own protection, not for linux/unix's protection...
The possibilty of getting a virus or spyware in LINUX is very, very low. You are better off winning the lottery. Just make sure you update your system when there is any security exploites. Find programs that look for root kits or something similar to them.
netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).
netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.
Main Features
* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository
What can I do with netfilter/iptables?
* build internet firewalls based on stateless and stateful packet filtering
* use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
* use NAT to implement transparent proxies
* aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
* do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header
well, i'm curious now ... how much of an issue ARE viruses on Linux anyway, i mean i'm reasonably sure there ain't much in the wild, AND that unless i'm root they can't harm anything outside the ~/ directory anyway.
BUT what's the go? are there virii that i can get, and that self exec, and behave destructive ... we don't have download options that auto exec a file in browsers and email, i haven't seen any in IRC clients and GAIM doesn't transfer files for me (i think i'm due for an update on that one). So ... are there any real risks there virus wise (provided you don't do the dumb thing and download and run any program you can find).
as long as your system is properly configured and updated, you should NEVER have to worry about getting a virus infection on linux...
whenever there is a linux virus, the virus code takes advantage of a security flaw in the system... when the hole is patched, everything is back to normal...
whenever there is a windows virus, the virus code can either take advantage of a security flaw, or of the insecure nature of the system... that's why on windows patching isn't enough, you need to have some kinda anti-virus software to protect you in real-time... you need to scan your machine for spyware every week... etc...
on linux a virus doesn't have the option to take advantage of an "insecure system nature", because when properly installed, linux is VERY secure... so they can only use security holes (which is why keeping your box up-to-date is important)...
now, of course, viruses aren't the only issue... sometimes you might set-up something incorrectly or you forget to do an update and then you inadvertently get OWNED. yes, it happens. of course, sometimes we just THINK it happens. sometimes we WONDER if it happened. because we're paranoid. we are paranoid penguins. and it's always good to be paranoid when it comes to security. but anyways, my point is that sometimes you want to make sure you haven't been OWNED... for this you can use a rootkit scanner... rootkits are tools hackers sometimes install on your sytem to maintain behind-the-scenes control, and stuff... here's a couple good rootkit scanners:
of course, you need to remember that for the attacker to have installed the rootkit on your system in the first place, he had to use a security flaw or an adminsitrator's mistake, NOT the linux system's nature...
now, a rootkit scan will only let you know you've been hit when you run it... if you want something that can periodically check all your system files (on linux, EVERYTHING IS A FILE) and report to you whenever one of them is changed (no matter how minimally) check-out tripwire:
Yeah you can get virus' on any OS. It just would seem unlikely to get many in linux because it is not a major house-hold system. If you want to do damage why not go for the system that is more accessilbe ie windows. Yet, if you want a fairly good anti-virus (it'll cost ya) look for Dr. Web or EAnthology.
There are a few viruses on the internet for Linux, but they hit systems with kernel version 2.2 or 2.3. The admins that still have those kernels running their servers have to use anti-virus programs. Kernel version 2.4 and 2.6 has the fixes the has been exploited in kernel versions 2.2 and 2.3.
Quote:
Originally posted by win32sux you are confused...
netfilter/iptables is definitely a stateful packet filtering firewall...
netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).
netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.
Main Features
* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository
What can I do with netfilter/iptables?
* build internet firewalls based on stateless and stateful packet filtering
* use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
* use NAT to implement transparent proxies
* aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
* do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header
Thats not packet filtering. It is still port filtering. Its still port filtering unless it can screen out packets with certain data like SMB, HTTP, P2P, SSH, Telnet, etc. I can assign any services to any port.
Originally posted by Electro
Thats not packet filtering. It is still port filtering. Its still port filtering unless it can screen out packets with certain data like SMB, HTTP, P2P, SSH, Telnet, etc. I can assign any services to any port.
That's not packet filtering, that's packet inspection rules.
iptables IS a stateful packet filter, it doesn't support packet-inspection
with content tracking at this time (to the best of my knowledge), which
is what you're talking about, but you seem to be confusing a few terms.
Originally posted by whishkah Yeah you can get virus' on any OS.
only to a certain point... microsoft windows is the ONLY major operating system out there that is so susceptible to viruses, worms, spyware, and the like... you don't see this kind of susceptibility on gnu/linux, mac, solaris, etc...
Quote:
Yeah you can get virus' on any OS.
"That's Microsoft's official line, but it isn't true. While every system is vulnerable to attack, the ease with which Windows systems can be compromised, the number of vulnerabilities, and the speed with which attacks can propagate are unique to Windows.
For a concrete example showing the defect in Microsoft's argument, look at Internet Web servers. The open source Apache Web server running primaily on open source Linux and BSD operating systems has more than twice the market share of Windows and IIS (Internet Information Server), yet it's the Microsoft products that have earned a reputation for poor security."
It just would seem unlikely to get many in linux because it is not a major house-hold system. If you want to do damage why not go for the system that is more accessilbe ie windows.
the reason you don't see linux/unix viruses even a fraction of the time you see windows viruses IS NOT popularity (linux/unix internet servers are WAY more popular than windows ones)... the reasons are purely technical... it is VERY difficult to create some kinda virus or worm that could take-down a bunch of linux (or any other decent unix) systems... the basic linux/unix system security model is designed to be VERY secure... microsoft's security model is simply designed to make them and their partners a lot of money: windows anti-virus' are a multi-billion dollar industry...
another thing (about the "targeting of windows"): linux (and other unixes) are used on MUCH MORE IMPORTANT and MISSION CRITICAL machines around the world... those are targets that are MUCH TASTIER than making some retarded worm in visual basic that brings-down a bunch of clueless home-user's windows PCs...
Quote:
Yet, if you want a fairly good anti-virus (it'll cost ya) look for Dr. Web or EAnthology.
just to be clear, these are both windows products... and eanthology's status is quite suspicious:
Originally posted by Electro There are a few viruses on the internet for Linux, but they hit systems with kernel version 2.2 or 2.3. The admins that still have those kernels running their servers have to use anti-virus programs.
could you please elaborate on this???
what anti-viruses do kernel 2.2 users "have to use"??? and for what specific virus threats???
please correct me if i'm wrong, but kernel 2.2 is still maintained, at least as far as security is concerned, and it sounds far-fetched to say that you need some third-party software in order for the 2.2 kernel (or any other stable version) you downloaded from kernel.org to work properly...
kernel 2.3 (or any kernel with an odd second number) is/was a purely development release and should have never been installed on any production machine in the first place...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.