Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm currently planning to move from Windows to Linux (Mint 17x64).
I need a AV software and firewall.
The AV should have a realtime scan feature and ability to exclude folders.
The firewall should have an option to block certain programs from accessing certain or all external IPs. If it has an heuristics also, it would be great.
Both should have a GUI.
Do you know and can recommend any OSS that meet this criteria?
I'm currently planning to move from Windows to Linux
Good, good. But before you do that I suggest you read Linux (Mint) basic user documentation because it will tell you that Linux is not a drop-in replacement for Microsoft products, Linux does things differently and you're expected to adapt (as in not fight it). Also know LQ has been around for some time now and there's a wealth of knowledge amassed here. Searching LQ and reading will help you answer most common questions. *Do note however not all replies (or web log posts or docs you find on the 'net) constitute a correct answer so you remain responsible for gauging (using common sense) if it is.
Quote:
Originally Posted by Tharbad
I need a AV software and firewall.
Generally speaking you do not need anti-virus software (Linux faces a different set of threats) and the firewall is built in (its command line interface is called 'iptables').
Quote:
Originally Posted by Tharbad
The AV should have a realtime scan feature
Commercially licensed anti-virus software may come with a kernel module to facilitate on-access scanning, else you can make use of ClamAV's 'clamscan' in conjunction with inotify-based triggering.
Quote:
Originally Posted by Tharbad
The firewall should have an option to block certain programs from accessing certain or all external IPs.
Quote:
Originally Posted by Tharbad
I'm currently planning to move from Windows to Linux
Good, good. But before you do that I suggest you read Linux (Mint) basic user documentation because it will tell you that Linux is not a drop-in replacement for Microsoft products, Linux does things differently and you're expected to adapt (as in not fight it). Also know LQ has been around for some time now and there's a wealth of knowledge amassed here. Searching LQ and reading will help you answer most common questions. *Do note however not all replies (or web log posts or docs you find on the 'net) constitute a correct answer so you remain responsible for gauging (using common sense) if it is.
I've probably should written that I have some experience with Linux: Mostly servers (RHEL, FreeBSD) and some with Mint/Ubuntu (No as primary desktop - as bittorent PC). Now I want to move my primary desktop to Linux (Except for games - I'll use dual boot for that).
Quote:
Originally Posted by unSpawn
Quote:
Originally Posted by Tharbad
I need a AV software and firewall.
Generally speaking you do not need anti-virus software (Linux faces a different set of threats) and the firewall is built in (its command line interface is called 'iptables').
I read that a lot. What kind of different threats?
So for firewall I'll go with iptables. Any particular recommended frontend?
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
Rep:
one easy iptables setup is arno-iptables-firewall script that makes all the rules needed for a desktop pc.
i use debian based system and with synaptic i just searched for "arno-iptables-firewall", it asks for a (out)interface and it builds the rules for u automatically. to see if everything is ok, i just use nmap scanner and it shows all ports filtered like they should be. here is the nmap scanner : https://pentest-tools.com/discovery-...er-online-nmap
I've probably should written that I have some experience with Linux: Mostly servers (RHEL, FreeBSD) and some with Mint/Ubuntu (No as primary desktop - as bittorent PC).
Yeah, you probably should have ;-p
Quote:
Originally Posted by Tharbad
I read that a lot. What kind of different threats?
Depends but often caused by other compromised systems, weak credentials, unprotected or outright vulnerable services. (In short: lazy or (criminally) negligent admin users, software that never gets updated, systems that never get hardenend and audited regularly.) The past decade and a half it's been mostly PHP and other shells, IRC bots, service scanners, flooders, sometimes a miner. Traditional rootkits are rare but the last few years with trojaned SSH daemons, Apache DSO's and such are getting more "interesting" ;-p
Quote:
Originally Posted by Tharbad
So for firewall I'll go with iptables. Any particular recommended frontend?
Personally I don't use one. Iptables really isn't that difficult to use. Tell us what the machine should do or don't and we'll see if we can help you whip up an appropriate rule set.
Depends but often caused by other compromised systems, weak credentials, unprotected or outright vulnerable services. (In short: lazy or (criminally) negligent admin users, software that never gets updated, systems that never get hardenend and audited regularly.) The past decade and a half it's been mostly PHP and other shells, IRC bots, service scanners, flooders, sometimes a miner. Traditional rootkits are rare but the last few years with trojaned SSH daemons, Apache DSO's and such are getting more "interesting" ;-p
Windows also have those problems. Windows AV usually block access to known vulnerabilities.
Quote:
Originally Posted by unSpawn
Personally I don't use one. Iptables really isn't that difficult to use. Tell us what the machine should do or don't and we'll see if we can help you whip up an appropriate rule set.
Nothing specific. I just prefer a good powerful GUI for the basic stuff on my primary desktop.
Quote:
Originally Posted by //////
one easy iptables setup is arno-iptables-firewall script that makes all the rules needed for a desktop pc.
i use debian based system and with synaptic i just searched for "arno-iptables-firewall", it asks for a (out)interface and it builds the rules for u automatically. to see if everything is ok, i just use nmap scanner and it shows all ports filtered like they should be. here is the nmap scanner : https://pentest-tools.com/discovery-...er-online-nmap
That script is better described as a program. A lot of rules. I'll check that on my testing vm.
Nothing specific. I just prefer a (..) GUI (..)
Then just allow loopback and established traffic in. Should be the most sane rule set for a Desktop (IOW: not providing any services to others).
I also found the following:
Firestarter - easier to install but I can't see existing iptables rules - so it's useless. http://iscs.sourceforge.net/ - Seems to be targeted at enterprise. Can configure multiple firewall, including some enterprise firewalls.
Quote:
Originally Posted by unSpawn
Quote:
Originally Posted by Tharbad
Windows also have those problems.
No it doesn't. At least not in the way Linux does. Windows doesn't equal Linux.
Quote:
Originally Posted by Tharbad
Windows AV usually block access to known vulnerabilities.
Way different infection vectors.
Please elaborate.
By the way, Any recommended AV? or clam is the best?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I like having Tiger installed as it emailed me now and again to let me know which processes are listening at which ports. Thankfully I've not had anything suspicious yet but it does let me know when I install something that pulls avahi as a dependency so I can uninstall it .
While GNU/Linux isn't hard hit by viruses, having a level of protection is worth it.
ClamAV is possibly the best for this. It has a somewhat basic UI through ClamTk and supports several third party definition lists. There's also BitDefender for UNICES as well, and it's fairly easy to use as well. BitDefender is closed source but ClamAV is open source, however don't let this let you prejudge it. I've used both, and both work well.
However, most antivirus software for GNU/Linux does not have real-time on-access/execution scanning, but you can set up cronjobs to perform tasks at preset intervals.
You also might want to look into chkrootkit and rkhunter as well to scan for rootkits and other malware from time to time. Both are great additions.
As far as a Firewall, yes, Linux has iptables which can be setup through several utilities. FirewallBuilder is one of several utilities. There is an older Firewall utility called Firestarter. I'm not completely certain it's still viable but it is fairly easy to use.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.