Hi all,

I'm currently planning to move from Windows to Linux (Mint 17x64).
I need a AV software and firewall.
The AV should have a realtime scan feature and ability to exclude folders.
The firewall should have an option to block certain programs from accessing certain or all external IPs. If it has an heuristics also, it would be great.
Both should have a GUI.

Do you know and can recommend any OSS that meet this criteria?

Thanks

Welcome to LQ, hope you like it here.

Good, good. But before you do that I suggest you read Linux (Mint) basic user documentation because it will tell you that Linux is not a drop-in replacement for Microsoft products, Linux does things differently and you're expected to adapt (as in not fight it). Also know LQ has been around for some time now and there's a wealth of knowledge amassed here. Searching LQ and reading will help you answer most common questions. *Do note however not all replies (or web log posts or docs you find on the 'net) constitute a correct answer so you remain responsible for gauging (using common sense) if it is.


Generally speaking you do not need anti-virus software (Linux faces a different set of threats) and the firewall is built in (its command line interface is called 'iptables').


Commercially licensed anti-virus software may come with a kernel module to facilitate on-access scanning, else you can make use of ClamAV's 'clamscan' in conjunction with inotify-based triggering.


See https://www.linuxquestions.org/quest...2/#post5139164

1 members found this post helpful.

I've probably should written that I have some experience with Linux: Mostly servers (RHEL, FreeBSD) and some with Mint/Ubuntu (No as primary desktop - as bittorent PC). Now I want to move my primary desktop to Linux (Except for games - I'll use dual boot for that).

I read that a lot. What kind of different threats?


So for firewall I'll go with iptables. Any particular recommended frontend?

one easy iptables setup is arno-iptables-firewall script that makes all the rules needed for a desktop pc.

i use debian based system and with synaptic i just searched for "arno-iptables-firewall", it asks for a (out)interface and it builds the rules for u automatically. to see if everything is ok, i just use nmap scanner and it shows all ports filtered like they should be. here is the nmap scanner : https://pentest-tools.com/discovery-...er-online-nmap

1 members found this post helpful.

Yeah, you probably should have ;-p


Depends but often caused by other compromised systems, weak credentials, unprotected or outright vulnerable services. (In short: lazy or (criminally) negligent admin users, software that never gets updated, systems that never get hardenend and audited regularly.) The past decade and a half it's been mostly PHP and other shells, IRC bots, service scanners, flooders, sometimes a miner. Traditional rootkits are rare but the last few years with trojaned SSH daemons, Apache DSO's and such are getting more "interesting" ;-p


Personally I don't use one. Iptables really isn't that difficult to use. Tell us what the machine should do or don't and we'll see if we can help you whip up an appropriate rule set.

1 members found this post helpful.

Windows also have those problems. Windows AV usually block access to known vulnerabilities.

Nothing specific. I just prefer a good powerful GUI for the basic stuff on my primary desktop.

That script is better described as a program. A lot of rules. I'll check that on my testing vm.

No it doesn't. At least not in the way Linux does. Windows doesn't equal Linux.


Way different infection vectors.


Then just allow loopback and established traffic in. Should be the most sane rule set for a Desktop (IOW: not providing any services to others).

Found good one: FWbuilder. However, I had to use packages from debian unstable (sid => deb http://ftp.de.debian.org/debian sid main) and install them manually (for some reason synaptic failed to download).
In case someone will ask this question, those are the packages (In order of installation):
1) https://packages.debian.org/sid/all/...ommon/download
2) https://packages.debian.org/sid/fwbuilder
3) https://packages.debian.org/sid/fwbuilder-doc
FWbuilder looks like Checkpoint FW interface.

I also found the following:
Firestarter - easier to install but I can't see existing iptables rules - so it's useless.
http://iscs.sourceforge.net/ - Seems to be targeted at enterprise. Can configure multiple firewall, including some enterprise firewalls.

Please elaborate.

By the way, Any recommended AV? or clam is the best?

There is this eset nod32 antivirus for linux it works at least in ubuntu i dont know about the other linux versions... And then there is avg that is free... http://www.eset.com/me/home/products/antivirus-linux/

I would like to find a basic firewall for linux also that would be simple to use such as zone alarm or others for windows...

I want an AV that is open source.

Try Firestarter that I've mentioned in one of my post. Seems simple.

As a file alteration monitor, I've found this:
http://glsof.sourceforge.net/
It has a GUI. I've found many other without gui (gamin, FAM, inotify).

What files/folders should I watch? I'm already watching init.d. Anything else?

I like having Tiger installed as it emailed me now and again to let me know which processes are listening at which ports. Thankfully I've not had anything suspicious yet but it does let me know when I install something that pulls avahi as a dependency so I can uninstall it .

While GNU/Linux isn't hard hit by viruses, having a level of protection is worth it.

ClamAV is possibly the best for this. It has a somewhat basic UI through ClamTk and supports several third party definition lists. There's also BitDefender for UNICES as well, and it's fairly easy to use as well. BitDefender is closed source but ClamAV is open source, however don't let this let you prejudge it. I've used both, and both work well.

However, most antivirus software for GNU/Linux does not have real-time on-access/execution scanning, but you can set up cronjobs to perform tasks at preset intervals.

You also might want to look into chkrootkit and rkhunter as well to scan for rootkits and other malware from time to time. Both are great additions.

As far as a Firewall, yes, Linux has iptables which can be setup through several utilities. FirewallBuilder is one of several utilities. There is an older Firewall utility called Firestarter. I'm not completely certain it's still viable but it is fairly easy to use.