LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Any recommendations for antivirus, antispyware and firewall on slack 10.2 (http://www.linuxquestions.org/questions/slackware-14/any-recommendations-for-antivirus-antispyware-and-firewall-on-slack-10-2-a-425527/)

Old_Fogie 03-16-2006 06:18 PM

Any recommendations for antivirus, antispyware and firewall on slack 10.2
 
Hi all,

Just wondering what app's I might use to on this old laptop of mine running 10.2 w/the "testing" 2.6 kernel on it for antivirus, anti-spam, and firewall.

The laptop is 300 mhz amd k6 96mb ram w/3 gig available space; runs slack very nicely thanks to all the help you guys gave me this week.

The laptop is for general surfing, forums, occasional letters, emails thru webmail while watching the boob tube.

I don't surf "pron" on this machine ( i got another machine for that :D ) So I would think I simply need lean and mean software; nothing to intense; just to do a weekly scan or so is all and should be fine.

Thank you in advance.

Alien Bob 03-16-2006 06:44 PM

A linux-only box where you read mail using a webmail interface? I would not consider putting a virus scanner and a SPAM checker on it. Those are applications more suited for a server. If you want a firewall, all you need is a decent script with a set of iptables rules that you install as
Code:

/etc/rc.d/rc.firewall
If an executable file with that name exists, Slackware will run it automatically during boot.

There are many tools for creating such a script if you're not an IPtables guru. A script generator called Easy Firewall Generator for IPtables does a good job and I use it regularly. I have a modified copy at http://www.slackware.com/~alien/efg/ - modified so that it actually produces a script that you can use directly in Slackware (the original was geared toward Redhat, but I just changed the path to the iptables program). You can try it out; YMMV.

Eric

gbonvehi 03-16-2006 07:25 PM

A nice free open-source antivirus for Linux is ClamAV: http://www.clamav.net/
I heard SpamAssasin is a nice anti-spam program, but I've never used it: http://spamassassin.apache.org/

As AlienBob said, iptables is a very nice firewall and already comes with Slackware, you just need to configure it.

Shade 03-16-2006 10:51 PM

Old Fogie --

Although the advice here is good, I really wouldn't bother with any of these apps. If you're using this thing primarily as a web browser and email cruiser, you're pretty much safe. If you're sharing files to windows clients from this machine, then I'd consider a virus scanner. Otherwise, leave it be.

The land of linux is nowhere near as nefarious as that of windows. Unless you are the one engaging in the nefarious behavior.

Dust off your old habits and just *use* your system. No need to support it with crutches like these for your purposes.

-- Shade

Old_Fogie 03-16-2006 11:40 PM

Quote:

Originally Posted by Shade
Dust off your old habits and just *use* your system. -- Shade

As a long time user of windows, I'm so accustomed to spending 80% of my time in front of pc spent to make sure the pc will run, patched, updated, scanned, checkdisked, defragged so that it runs for the remaining 20% of my available time.

It's just amazing! With Linux you just use it :D

And the other posts are truly helpful. Now that I've gotten my feet wet I'm going to load up my desktop pc once I get wireless going on this laptop. I will need to run a tighter ship on that vessel when the time comes.

Interestingly enough, as I was perusing the internet for the answer to my question (before I posted) and went to the sites of companies that dominate the windows marketplace; I was shocked that McAfee, Norton, Lavasoft, Grisoft either did not have linux versions or if they did the were very limited in what distro's they could run on. It really raised my eyebrow when I read how much of the marketplace that Linux owns.

Old_Fogie 03-17-2006 03:05 PM

Quote:

Originally Posted by all you need is a decent script with a set of iptables rules that you install as [CODE
/etc/rc.d/rc.firewall[/CODE]
If an executable file with that name exists, Slackware will run it automatically during boot.
Eric

Eric:

by putting an executable in there you say slackware will run it at boot.

do you think it would run this if i made a text file, gave it an "sh" extension, then chmod it to be executable? this is from a post I made here in the forums for mepis...but like I said i wan't to switch to slackware on this computer that has mepis on it now.


from my thread:

"need a script to set AGP cards latency at boot please

Hi all,

I'm wondering how to add the following line of code to my startup scripts of mepis 3.4.3 on 2.6.15-1-586tsc i686 machine with KDE version 3.5.1:

code i want to enter:

setpci -v -s 03:00.0 latency_timer=20

edit: 3/16/06: i made a text file with it and gave it an .sh extension. NOw I can cick on it and execute it but I have to put in root pass. Any way to automate this on boot with mepis?"


thank you in advance.

Fogie.

Alien Bob 03-17-2006 05:19 PM

Quote:

Originally Posted by Old_Fogie
Eric:

by putting an executable in there you say slackware will run it at boot.

do you think it would run this if i made a text file, gave it an "sh" extension, then chmod it to be executable? this is from a post I made here in the forums for mepis...but like I said i wan't to switch to slackware on this computer that has mepis on it now.

No, I only said that if you create an executable script called /etc/rc.d/rc.firewall, this firewall script will be run automatically by Slackware. For any other script that you create, or any other command you want to run on boot, you will have to add lines to /etc/rc.d/rc.local - that is where all the commands go that you, the user, want to run, after all the other boot scripts have been run by Slackware.

Quote:

Originally Posted by Old_Fogie
code i want to enter:
setpci -v -s 03:00.0 latency_timer=20

Fogie.

I would just put that line in /etc/rc.d/rc.local :
Code:

/sbin/setpci -v -s 03:00.0 latency_timer=20
and because it is run at boot, it will run as the root user, and you don't have to enter any password at all to make it run.

BTW; in this other topic I just gave an example of how to deal with scripts that you want to run on boot.

Eric

Old_Fogie 03-29-2006 12:33 AM

On my desktop PC...slackware 10.2 w/2.6 kernel and stock KDE environment I downloaded and installed (as root) the guarddog.

On occasion I get a message on start-up of the guarddog that says to be sure that DCOP is running. But the guarddog opens and it is useful. If I close guarddog and reopen it, I do not get the error.

I did some googling and it appears that DCOP is something to do with KDE.

The guarddog was the latest version from linuxpackages.net and it says that it was compiled for KDE 3.5 but older versions should be ok.

Do you guys think that this issue of mine might be a KDE version glitch? Any thoughts.

slackfan007 03-29-2006 11:00 PM

Old_Fogie,
Guarddog is indeed a very neat and easy way to setup your firewall rules, but you don't have to start it every time you boot your PC to get the firewall running. Since Guarddog puts the rc.firewall script in /etc, all you need to do is edit /etc/rc.d/rc.inet2. Find a line that reads:
if [ -x /etc/rc.d/rc.firewall ]; then
/etc/rc.d/rc.firewall start
fi

and change it to:
if [ -x /etc/rc.firewall ]; then
echo "Starting firewall..." #or whatever message you wish to see
/etc/rc.firewall start
fi

Of course make sure that the rc.firewall is executable.
This way you'll have to run Guarddog only if you need to open/close/reconfigure anything.

Alien Bob 03-30-2006 01:51 AM

... or, if you're uncomfortable with editing Slackware's rc.inet2 script, create a symlink called /etc/rc.d/rc.firewall that points to /etc/rc.firewall. The rc.inet2 script will see that link and use it:
Code:

cd /etc/rc.d
ln -sf /etc/rc.firewall

Eric

Old_Fogie 04-16-2006 04:34 AM

gent's quick question for you:

for some reason the echo "starting firewall" doesnt work, no biggie. I just want to know if I'm looking in the right place for the firewall to start.

Is it located at "/var/log/syslog"

I see a line entered there in syslog on boot up that says:
Apr 16 01:19:01 mypooter kernel: ip_tables: (C) 2000-2002 Netfilter core team

Then i do see packages dropped etc.

I cant ping my pc from other pc's so I think the firewall is starting right.

I don't see anything listed in ps ax that catches my eye as to indicte a firewall running. Thank you in advance for any clarification on this.

tobyl 04-16-2006 05:16 AM

try looking in /var/log/messages you should see


Apr 16 09:52:29 darkstar guarddog: Configuring iptables firewall now.
Apr 16 09:52:30 darkstar guarddog: Finished configuring firewall

tobyl

Old_Fogie 04-16-2006 06:53 AM

oh ok thank you. i actually found it in messages1 thank you again.

dcdbutler 04-16-2006 08:58 AM

# iptables -L

will show which firewall rules are in place, useful as a check that everything in the script works OK.

Rick485 04-16-2006 03:19 PM

Last night I ran the clamav virus scanner and it identified three old email messages that is says contain the HTML.Phishing.Azon-5, HTML.Phishing.Pay-92, and HTML.Phishing.Bank-376 viruses or whatever they are. I use the Thunderbird email program for downloading email from my pop-mail account under Slackware 10.2. I wonder if those are actual viruses attached to the email messages or just phishing scheme messages. I occasionally get phishing scheme messages that claim to be from Paypal, Amazon.com or from banks. Whatever they are they are in several messages along with all my other incoming email several directories down underneath the hidden .thunderbird directory.

Of course, that does not mean my Linux computer is actually infected with a running virus, It presumably just means that I have recevied several messages that contain something. At least I now know not to forward those messages to my friends and relatives. Perhaps I should just delete all the old phishing scheme email messages that I have saved.

I use the Guarddog firewall on my computer. By default Slackware does not have any firewall enabled. I forget the exact details of what I did while installing Guarddog. One thing I do remember doing is creating a symbolic link called rc.firewall in my /etc/rc.d directory linked to rc.firewall which was in the /etc directory. Of course the symbolic link needs to have the appropriate priveleges such as being executeable before the script will be run when the computer is being booted up (just like every other executeable script in that directory). I can't recall if there is anything else, besides installing the program that I did nor not. When I ran the command "iptables -L" when logged in as root, it does show which firewall rules are in place,

I tested my firewall from the other side by going to the grc.com website, clicking on "ShieldsUP", "Proceed", and "All Service Ports." Perhaps someone who knows how to use nmap could have scanned for open ports and other vulnerabilities with that instead but, I am not yet familiar with using nmap.


All times are GMT -5. The time now is 06:41 PM.