Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Where I have web facing production I harden, use selinux and the iptables based firewall, install ClamAV for a daily scan, install RootKitHunter for a daily scan (in case something/someone gets past the other levels), and configure syslog to log to a syslog server that reports with a daily summary and immediate email for suspicious activity.
All of the tools I use are available to anyone without cost. Using them ALL on a server in a secure network would be wasteful, I only recommend using them where the threat is greatest.
If you suspect that you have a real need for antivirus, use ClamAV. Be warned: it is not a windows style resident/intrusive package, it only scans what you tell it to, WHEN you tell it to do so.
I have only handled *nix servers that were hit by a virus 4 times in 20 years. (I would not even attempt to get a count of the windows desktops and servers I have had to clean or reload in the same period.) More common in the *nix world are breakers: criminals who break into the system (weak password or application vulnerability) and install back doors or rootkits that give them total control of your machine.
Protection consists of good backups, good security practice, extra backups, a file/folder change detections (ala tripwire, selinx can do a significant part of that job if configured properly - RootKitHunter detects changes, but also looks for some specific threat characteristics that are easy for other packages to miss), backups, remote logging and log automated log analysis, and verified backups.
Did I mention backups? ;-)
Early in my career I was told that if I could not program myself out of a spot I could call for help, If my machines did not perform adequately I could request bigger iron, but if I could not secure my data from loss I might better go into politics because backup and restore is the survival skill of the sysadmin.
I have seen nothing to make me doubt that lesson.
Distribution: Mepis and Fedora, also Mandrake and SuSE PC-BSD Mint Solaris 11 express
Here's a link to AVG free antivirus from Google. Ubuntu should have its own firewall. If not, go to the add remove software tool and type in firewall to see what comes up. Using a hardware firewall, like the one on your router, might be a bit more robust.
There are no cases that I know of where Linux viruses have propagated in the wild outside of a lab. Even if they did, you would have to be surfing the net running as root in order to get one because Linux will not automatically execute a program like that with only user rights.
Using encrypted partitions and guarding physical access to the computer itself pay off much better for defending Linux from attack. There are M$ programs that can read and write to Reiser and ext** types of file systems if M$ can mount the drive. An example of this might be removing the hard drive and putting it into an enclosure. Of course, if the bad guys have a Linux box themselves, it is worse for you as well.
Last edited by mdlinuxwolf; 01-23-2012 at 02:08 AM.
I agree with Satyaveer Arya, the best place to begin with security tools is the package list for your distribution.
You should find everything there that you need.
RE: "There are no cases that I know of where Linux viruses have propagated in the wild outside of a lab."
I have seen this comment in several threads now. Do not base your protection on another persons ignorance.
I have been hit by 4 *nix viruses over the years, and seen several more that I managed to avoid. They are FAR less common than Windows viruses, but they do exist.
I have also seen the misinformation that only if someone can break or install using the root account is there a problem. A threat program that is installed under your personal account can do anything you can do, and possibly things that you would never think to try. Those security patches that keep appearing in the repositories close vectors by which such a program could elevate its authority to root, deny you access to your own machine, shut down, cripple, or take over services, or other nasty things that you want NOT to happen on YOUR machine. They can even use your machine as a launchpad to attack other machines.
Unless you store critical information and practice vulnerable operations I would not obsess over security. I would also not allow anyone else prevent you from taking some reasonable precautions.
If you need an antivirus software does in no way depend on where the machine stands or which OS is installed on it. It only depends on the use case of that machine. If you download something for a different machine with an insecure OS installed then it may be good advice to scan that software for malware, regardless which OS you have installed on your machine.
For example, sometimes you can get drivers for Windows (especially when it is older hardware) only from somewhat obscure sources. It may be better, just to be on the safe side, to scan those drivers.
Originally Posted by JohnVV
as to antivirus
Linux is NOT Microsoft
And you want to say what? That it is a bad idea to run a malware scanner on a file- or mail-server running Linux, just because it isn't Windows?
there is ClamAV but in 5+ years i have NEVER had one install nor do i PERSONALLY know someone why has
Same thing here: just because you have not installed it (and you don't know someone who has) doesn't mean that it is a good advice in general not to install it. By the way, why do you have to shout here?
The majority of Linux anti-virus programs are simply used to scan for Windows viruses on Linux boxes, to keep you from accidentally spreading a virus around, even if it doesn't affect you directly. If you aren't swapping files back and forth between this system and various Windows boxes via Samba, FTP, etc., then there's not much need for anti-virus software on Linux.