LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-26-2003, 07:36 AM   #1
mwj
LQ Newbie
 
Registered: Sep 2003
Location: Pakistan. Islamabad
Distribution: Red Hat-9
Posts: 24

Rep: Reputation: 15
Is there any Free antivirus for Linux Redhat-9


Hi
Sorry to be a newbeee
I want effective free antivirus for my linux machine.
Thanks for the reply
MWJ
 
Old 09-26-2003, 08:03 AM   #2
kdd281
LQ Newbie
 
Registered: Sep 2003
Posts: 10

Rep: Reputation: 0
F-Prot
 
Old 09-26-2003, 09:53 AM   #3
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Where do you want to use the virus scanner for?

There are a few viruses for Linux, but you should protect yourself for other things, such as getting hacked. Due the nature and design of Linux, viruses are less effective. (but not completely impossible though) Just a few exist. You could F-prot however, to protect the neighbor (ie. shared folders accessible by Windows)


* don't run unnecessary network services, especially if you don't use them. Every service can be exploited by hackers. (use "netstat -anpA inet" to see what you're running)
* You 'really want' to upgrade OpenSSH now..
* don't run as root user on your system. If you run as limited/mortal user, you can only loose your own files, you can't hurt your system, etc... viruses will have the same limitations.
* find out how to run a filewall... (if every Windows user had done this, blaster wouldn't have any effect)
* If you really need to change/install something, use "su" in the console, and enter the root password.
 
Old 09-26-2003, 11:53 AM   #4
activelylazy
LQ Newbie
 
Registered: Sep 2003
Distribution: Red Hat 8
Posts: 25

Rep: Reputation: 15
nice post yapp.

Also, note that if you do use "su" in the console the prompt will change from "$" to "#" to remind you that you need to "exit" when you're done acting as the super user (su). When you type "exit" (and then enter) as su, it won't close the xterm session, it will just exit out of su mode.

The same goes for when you want to change the display settings or something and it asks for the root password. Any time you've entered the the root password, you're basically running as root user and you'll want to exit out of that when you're done. (for previously mentioned security reasons)

To exit out of root permissions from the graphical interface, click on the keys that have appeared in the lower right corner (by the clock) and choose "forget authorization". (The keys don't appear when running in "su" mode in an xterm session, just after entering the password into the dialog box that pops up when you try to edit the display settings or something like that.)
 
Old 09-26-2003, 11:56 AM   #5
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
From your guys' personal experience, would it be rare to get a virus and hacked into?

I have a router that has a firewall built in. Is this effective for hackers?

And we can't get hit by the blaster worm, correct? that's only for Windows?
 
Old 09-28-2003, 02:48 AM   #6
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Quote:
Originally posted by Micro420
From your guys' personal experience, would it be rare to get a virus and hacked into?

I have a router that has a firewall built in. Is this effective for hackers?

And we can't get hit by the blaster worm, correct? that's only for Windows?
At Linux I believe, it's rare to get a virus. Viruses are still written for Microsoft Windows, partially because of it's design, and one-sidedness of integrated-everywhere applications. Though unices are used a lot more on the Internet; home users are less familiar with security issues and all seam to be using Microsoft Windows.

Getting hacked is a different story. If you don't shut down unnecessary network services, you're simply asking for visitors. (the same is true of Windows XP, which also comes with too much opened ports out-of-the-box) Since large networks are systematically scanned, you'll get indexed somewhere sooner of later. If you have a high-speed Internet connection, you'll find yourself a beloved target, because you're always on-line, and have the ability to participate in an D-DoS attack. You don't want to be responsible for attacking another system won't you?


Usually firewalls at routers 'DROP' every incoming connection. I've scanned my router (acatel) remotely, and nmap explained the host might not be up at all. (until I've opened the SSH port and such) If you haven't opened any connections to the Internet, you're usually safe.


Yep, the ms-blaster worm affects the RPC features of Microsoft Windows, and Microsoft Windows only. AFAIK: From a security bulletin, Microsoft explained that no one should run the RPC service on the network-interface connecting the computer to the Internet. You however, can't turn off RPC in Windows, and it isn't firewalled by default either.

This worm tried to exploit a security leak in a network service. 'Hackers' do the same their-selves. Crackers are the people that find these exploits; script-kiddies only know how to run a pre-made exploit program. (I don't really like to use the term hacker, because it used to mean something completely different)
 
Old 10-03-2003, 08:48 AM   #7
mwj
LQ Newbie
 
Registered: Sep 2003
Location: Pakistan. Islamabad
Distribution: Red Hat-9
Posts: 24

Original Poster
Rep: Reputation: 15
Hi Every body
Especially Mr.Yapp
I am already enjoying with advice on HOTMAIL Mail issue.Now this time once again u guys opend a new door for me as far as security is concern.

Actually , I got a worm "Redalof"in my linux box. It came through some documents i copied from my peer and finally diagnosed by an antivirus scanner Vexira....This scanner detected the worm but didnot heal it,as it was evolution copy.The vendor demanded purchase.

Next I down loaded one more free scanner PANDA.I installed and run the scanner but could not get the worm.I means i did not detect the virus ,earlier declared by Vexira. so that was the good reason i posted my problem. I dont know wether i am still infacted or not cz i deleted all those documents which were declared infected.

This particular Redalof worm not only infacts the files but it also creates a lot of infected files which disturb the system .It was in my windows network and I disinfacted it with Protector plus antivirus scanner ,But that scanner is not for linux.It spreads it self through shares in the network.I have linux machines and shares as well.So at this moment I dont know cz i dont have proper antivirus.

Rest , all other comments, they really enhansed my knowledg further and i will do all these advices .I have also learn how to protect su as well. if one user log on to the network , he/she can destroy the system through su. so we must ban su as well to protect our network, besides other measures.
mwj

Last edited by mwj; 10-03-2003 at 08:55 AM.
 
Old 10-03-2003, 10:11 AM   #8
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
...mr YaPP? and you're welcome.


How does the worm/virus spread itself through your system? Are you sure you haven't been hacked already, and that person injected/modified some system programs? If this is the case, please just pull the plug and rebuild your entire system. You cannot trust your system anymore, nor clean up the mess he creates.

I'm not sure what you mean with 'protect su'. It's a program that executes a process as another user, but not without authorization. Unless you're running as 'root', 'su' will prompt for a password. Type "who am i", "whoami", or "id" in a terminal window, and you'll see the answer quickly.



..and if you're using your system with an limited-user account (what works fluently btw, compared to Windows XP), you are simply not allowed you destroy your system, and all programs that you start (including worms) have these same limitations, unless it's a suid-root program, like "su". Such program always runs as "root", because it needs these rights to run a program as a different user.

In Linux, every user has it's own settings stored in it's home directory. (the hidden dot-files) These settings are automatically generated, and overrule the global system settings (for example, /home/you/.kde/share/config/ overrules /opt/kde/share/config)
 
Old 10-04-2003, 04:27 AM   #9
mwj
LQ Newbie
 
Registered: Sep 2003
Location: Pakistan. Islamabad
Distribution: Red Hat-9
Posts: 24

Original Poster
Rep: Reputation: 15
su protection means , every user cannot apply su and only authorised users could use "su".This is one way to avoid su and off course second protection will be the root password

This worm "Redallof" spread it self like "Dracolla" in windows environment , not in Linux environment.
 
Old 10-05-2003, 02:19 PM   #10
yapp
Member
 
Registered: Apr 2003
Location: Netherlands
Distribution: SuSE (before: Gentoo, Slackware)
Posts: 613

Rep: Reputation: 30
Quote:
Originally posted by mwj
su protection means , every user cannot apply su and only authorised users could use "su".This is one way to avoid su and off course second protection will be the root password
that is possible. but be carefull. if you try to limit set-uid executables, you might lock yourself out, or end with a system that doesn't boot.

One other thing I'd like to mention: consult a real security howto instead. Except for 'su', there are plenty of other set-uid executables, you might want to protect. Every set-uid executable runs with root permissions automatically; exploit it, and you're root. ...just be careful with who you authorize shell access at your machine.

btw, disabling all set-uid flags in executables isn't a good idea, because 'su' needs to run as root, for example to change the process-owner. (and run a process with different privileges)

But if you really want to know:
groupadd admins
* add the user names to the new 'admins' field in /etc/group
chgrp admins /bin/su
chmod o-x /bin/su
 
Old 10-06-2003, 12:27 AM   #11
mwj
LQ Newbie
 
Registered: Sep 2003
Location: Pakistan. Islamabad
Distribution: Red Hat-9
Posts: 24

Original Poster
Rep: Reputation: 15
yes

Last edited by mwj; 10-06-2003 at 12:31 AM.
 
Old 10-06-2003, 12:28 AM   #12
mwj
LQ Newbie
 
Registered: Sep 2003
Location: Pakistan. Islamabad
Distribution: Red Hat-9
Posts: 24

Original Poster
Rep: Reputation: 15
Yes sure i wil take care all of these piece of advices.I will go through the security How Tos,as soon as I settle down all of my present issues, like domain controler etc
Thanks for keeping in touch and your professional approch.
I will be in touch.Let me know the real security how to and NATing and Ip Tables as well for SQUID .
mwj
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
which is the free availabye antivirus software in linux ztdep Linux - Software 2 07-22-2005 03:33 AM
Is there a free realtime antivirus software? ginda Linux - Security 1 03-05-2005 06:55 PM
Good FREE antivirus for linux!? keithieopia Linux - Software 2 02-20-2005 05:37 PM
Best Free Antivirus for SUSE? jdblick Linux - Security 10 10-31-2004 01:45 PM
Is there any free antivirus scanner for squid? cmisip Linux - Networking 3 12-14-2003 02:51 AM


All times are GMT -5. The time now is 09:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration