LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Is Mandrake vulnerable to viruses, worms, and spyware? (https://www.linuxquestions.org/questions/linux-security-4/is-mandrake-vulnerable-to-viruses-worms-and-spyware-237453/)

wardialer 10-01-2004 05:13 AM
Is Mandrake vulnerable to viruses, worms, and spyware?
 
I am running Mandrake, and just wondering if it is vulnerable to viruses and spyware?

I know that Linux is said to be secure, but does this include Mandrake??

I am running Mandrake because its newbie friendly and I am used to it. But Im concerned about the security matters for this distro. Honestly, should I really trash Mandrake?

Xon 10-01-2004 05:28 AM
Security risks have nothing to do with distros i believe. There are distro-independent although some default stuffs are exposed more in some distros than others. (Web services for example)

Disable any service you dont need by using chkconfig (i like this tool) and run a firewall (firestarter for example). Thats a good start :)

Skyline 10-01-2004 05:40 AM
That would be dependant on the meaning of the word "vulnerable".... re "viruses", a typical desktop Linux user would run in a limited priviledge account - even if a virus were to infect a user owned program, its impact is considerably limited by the limited priviledge account itself.

Mandrake, like other distributionns, can be made considerably more secure than it's out of the box state - consider minimal installs, strong passwords, security updates, disable unecesary services, run in a limited user account, use a firewall etc etc........

Krugger 10-01-2004 05:21 PM
Just do a netstat -a and check out what are the services you are running. If you don't need it shut it down. That takes care of people snooping around. They still look but when they get an all ports closed they leave you alone. Ok, they can still DoS you, but I don't think you will get a "We own you" message.

Then it's just looking out what are you downloading and executing on your box.

wardialer 10-02-2004 09:53 AM
I got a hold of an iptables script a while back from someone out here and copied/pasted it to the rc.local directory and went to www.grc.com to test all the common ports and found it to be stealthed. So I guess that does it.

I will give you an update on the results of the netstat -a results here below:

============================================================

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:x11 *:* LISTEN
tcp 0 0 *:ipp *:* LISTEN
tcp 0 0 *:7741 *:* LISTEN
tcp 0 0 pool0058.cvx27-br:32783 66.102.7.104:http ESTABLISHED
tcp 0 0 pool0058.cvx27-br:32781 66.102.7.104:http ESTABLISHED
udp 0 0 localhost:domain *:*
udp 0 0 *:7741 *:*
udp 0 0 224.0.0.251:5353 *:*
udp 0 0 localhost:5353 *:*
udp 0 0 *:ipp *:*
raw 0 0 *:icmp *:* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 5313 /tmp/orbit-vin001/linc-77b-0-2b1351b790323
unix 2 [ ACC ] STREAM LISTENING 5371 /tmp/orbit-vin001/linc-78d-0-12ec4ee95be94
unix 2 [ ACC ] STREAM LISTENING 3147 /tmp/.font-unix/fs-1
unix 2 [ ACC ] STREAM LISTENING 3287 /var/lib/sasl2/mux
unix 2 [ ACC ] STREAM LISTENING 3254 /tmp/.X11-unix/X0
============================================================

aurb 10-05-2004 11:59 PM
You should try "netstat -ptua" so you'll know whitch programs are connected/listening for connections.


All times are GMT -5. The time now is 06:45 PM.