Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm quite new with Linux, so please help me.
Are there any way a Windows virus can be running on Linux, or infect windows machines on a lan through Linux?
These days it's quite easy to have variuse exe dailers, or trojans downloaded on a windows machine if you enter the wrong url when uou're surfint the web. But if you're surfing from a Linux host, can this exe file infect windows machines on the same network?
Or are Linux machines considered "safe" from this kind of files?
At work we are setting up a Linux workstation for a consultant , but we're a bit uncertain if we need to install a virus scanner on the machine. This machine's only connection with the rest of the lan is that it will be located on the same subnet as our windows clients. There will not be any samba client or other integration with our Windows servers and workstations.
Typically I would install a virus scanner because although the virus won't be active on linux, he could pass it to you through email, or if he dumps files on a public share drive, etc.
But if he downloads a windows virus, it won't run on linux and infect the other machines as if it was downloaded on windows. He would have to explicitly send it to someone and that person would then have to run it.
So, in our case where the user has no access to Windows servers, no communication to other host on the internal network, only web access for websurfing, there are no treaths for our internal machines if he where to download either a virus through javascrips, or click on a link that would download any kind of dialer?
Since the software would simply NOT execute on Linux.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
It sounds like even a Windows box wouldn't be a threat to the rest of your network with that setup. It would only be a threat to itself.
In this case, Linux applications are much less of a threat to themself than Windows apps are (it's still possible for application level exploits though, especially via web content--Firefox for instance, has had dozens of security flaws).
andy.s,
I think windows virus may run under wine(Some linux automatic run exe file with wine), cxoffice. Please be carefull for some virus under exe file. I personally saw how hacker combine virus into a exe file and escape from norton antivirus.
Regards,
Ks
OK, so that could be a risk.
But the machine we're setting up is a plain FC6 with no spesiall add-ons execpt NEssus and Nmap. I'll guess that Wine or cxoffice is NOT a part of this setup, so again, the machine should not pose a risk.
Correct?
Even with WINE the exe/virus would be restricted to the rights of the user account. In fact, all disk access would be resitriced to that user's /home dir even, as the entire emulated Windows "C" drive exists as a hidden dir there. So basically there's really nothing a compiled binary Windows virus could do. Interpreted cross-platform code (i.e. PHP, JavaScript) poses a much greater threat, IMVHO.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
I think the practical answer is:
You probably don't need anti-virus, but you should be careful to enable the security features in the OS. Make sure it has a firewall configured, and make sure any unnecessary services are disabled. Any web browsing done from the machine should not be done as "root". Ideally the web browsing should go through your corporate proxy (if you have one) to ensure that it has the same restrictions applied as your normal users get.
By the way, I have to ask: If you're installing Nessus & NMAP on the machine (pen-testing tools), are you sure that the machine doesn't have any access to the rest of your network? What are they going to pen-test with no access? If they're going to test only your external network, then the machine should be patched into a switch at the perimeter of your network and at that point it's basically no different (from your prospective) than a computer in someone's house on DSL.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.