How about slackware software against virii, malware and other attacks?
I am mainly thinking about AppArmor, ClamAV (yeah its db sucks) and perhaps a firewall.

1.) What is available? In the standard Slackware distro? As a package?

2.) What is reasonable?

What do you intend to use the box for, home PC, business, internet banking/purchases, top secret stuff for work....etc?

For most home users Slack is very secure by default, you can add a firewall with Erics script:
http://www.slackware.com/~alien/efg/

or use ufw from Slackbuilds:
https://slackbuilds.org/repository/14.1/network/ufw/

Re UFW: after building then copy "run" code to rc.local then do (as root) "ufw enable", "ufw default deny", "ufw deny ssh" (if you want to block all incoming including ssh). "ufw status verbose" will show you details, "ufw" will bring up help page etc....

AppArmor and SELinux are mainly overkill for most users, some commercial interests like it though.

Check out: http://docs.slackware.com/howtos:security:start

1 members found this post helpful.

As above, it depends on what your intended use is.

But the basics, iptables, SSH, SSL, etc. are all there in a Slackware install.

I am not a fan of UFW at all - you can't easily read the rules and you never know what you've got! I recommend a little time spent learning how to write your own rules, or at the very least, learn what the UFW or other front end options actually mean so that you can configure it intelligently.

Then if you are running a web server, use an application level firewall such as mod_security - and again, learn how to configure the rules intelligently.

For a mail server, same advice - learn how it works and configure it carefully.

Then monitor the logs and system status closely, and apply all applicable security patches quickly.

So the thing to take away is that security is not something you install with defaults and forget about... it is primarily the result of knowledge applied with care, using tools that you understand.

2 members found this post helpful.

In addition to the above excellent advice remember to patch your Slackware stations with the security updates that Pat provides. The updates will protect you from known security threats.

ClamAV does not "suck". The database it uses is basic, which is why you enable the extra databases in the configuration for comprehensive coverage. If ClamAV still isn't for you, BitDefender for UNICES is available as well, but I don't know how well it works.

You should also add rkhunter and run it in a timed cronjob with it logged to your user or emailed to yourself internally.

For a firewall, just use iptables. Plenty of FAQs exist on it.

The lack of an easy to use firewall like the Kerio Personal Firewall for winXp has always made me feel a little uneasy when online. Of course, I used Alien Bob's firewall generator to create a rc.firewall and made it executable so it is loaded on boot up, but something like Kerio would give one more control over one's system without having to learn iptables, etc., etc., etc.

If you want a graphical frontend for iptables (that's the firewall function in the Linux kernel), gufw works quite nicely. Slackbuilds.org also contains a KDE-based frontend for iptables called kcm-ufw; I haven't used that.

I use an rc.firewall script that I've used for years, simply because I'm used to it.

I appear to be having good luck with firehol firewall, a sort of front-end to iptables.
Also, looking into running Samhain for intrusion detecion, but waiting for a fresh Slack install.
As for viruses/malware, I just try and practice good browser/$NET_FACING_APP hygiene.
Home desktop scenario here.

Bitdefender no longer offers protection for linux

Many attacks are designed to work on Windows and will not execute on Linux.

Once, just for grins and giggles, I clicked on one of those "virus checks" that pop up from time to time. I nearly giggled as it pretended to scan my C:\ drive, as I had no C:\ drive. Furthermore, as a Windows veteran who has run many virus scans, the pretend scan ran far faster than a legit scan could have done. It was as phony as a pay-day loan ad.

Browser exploits may work in any vulnerable browser, so keeping your browser updated is important. I generally also run NoScript (or equivalent) in my browsers, but, frankly, that's not so much for security as for minimizing annoying internet stuff.

The biggest dangers that you face on Linux, other than those that can be blocked by a firewall, are dangers that user inflicts on him- or herself. As STDOUBT points out, practicing safe HEX is your best defense. If you click on a link in an email that claims to come from "mybank.com," when it actually comes from "mybankfooledyou.com," really, now, that's on you.

Port scans are a fact of life on the internet. Make sure any incoming ports are closed down in your router unless they are ports that you wish to allow access. Nevertheless, I would recommend installing fail2ban if you have any public-facing ports.

If you wish to have ssh access to your machine from the Big Wide World, consider running ssh on a non-standard port. The same goes if you wish to have VNC or VPN access from the internet. Otherwise, closing the relevant ports in your router should be enough.

Also, if you have not already done so, change your router password from the default to something else and disable external logins to the router. If someone can get into your router from the internet with "admin/admin," all bets are off.

3 members found this post helpful.

As a relatively easy option I would recommened Firejail for any applications that connect to the Internet (but maybe most importantly the web browser). There's really no reason for a browser to be able to read ~/.gnupg or other sensitive directories. Unfortunately the current version in SBo is a little out of date as preparations are being made for Slack 14.2, but you could tweak the SlackBuild to get the latest version (which has some security patches).

I'm sure grsec is worthwhile, but that means patching your kernel, and it might be a bit too much effort (depending on what you want).

Oh yeah, disable any services that you don't need

1 members found this post helpful.

There are plenty of solutions available. Linux's firewall is part of the kernel. Under Slackware you only need a script to enable it.

As to the second part of your question, it depends upon your scenario. Are you setting up a Server or Desktop? If you want to run a server, which type? Will it be Internet-facing?

I've been running Slackware for almost 17 years without any AV or anti-malware software... but this is only on my home network (i.e: not running any Internet-facing services).

In my use case, this type of protection is simply unnecessary and a waste of resources.

This is a good article (old, but still relevant): http://www.caribyte.com/articles/sho...of_linux_virus

Viruses on linux - wet dream 's Windows thinking about linux without antivirus.
For 15 years of use linux desktop without antivirus there was no , even 1 virus :-)


Grsec is quite simple and powerfull.For desktop is 1 option to simplify configuration.
Apparmor or selinux is more or less the same corporate clone of RSBAC concept from grsec.
RSBAC is less complicated /most simple yet powerfull/for home user IMHO.

and so consider options missing in the distribution kernel decsribed here

Next option is the use of 100% ASLR. Sadly binaries are not compiled with -pie option so they do not use power of full randomization .
It's also worth consider sanitize source with fortify source option and add canary to the stack with stack protector.
With slackbuilds it's simple but need some time /not too much/and works OK on current for me.

NOw will be as secure as Win10 :-)
Maybe more ;-)

Some simple sec post instalation instructions
Next is iptables.I prefer good HowTo over windoze way "click and do not think" which is present in every graphical frontend for iptables.
I am not against graphical , but if you know iptables you never need graphical for it.
Browser with implemented seccomp filters and sandbox like Chrome,Opera,Vivaldi.
Plus some filtering stuff to protect from malware like µBlock simple and customizable from easy to paranoid.
MAybe some disk encryption

and

we are more secure than in Bill's newest product for dummies :-)

Ya.It's wet dream.

This malware needs stupidity and laziness user to be dangerous .This is main part of its code.
If you have not noticed in your system, that someone is using SSH is better to go back to Windoze than to install anti-virus .
*For Linux is not dangerous , it is dangerous for those together with corporations who converge Linux to Windows philosophy.
Reason - money.
It's Windows way thinking malware - you do not know the system. antivir protect you but it does not protect you from yourself :-)
The name of that malware /BillGates/ captures the spirit of the environment in which it can spread , or the lack of elementary care about what the Administrator account which is common in in certain "user friendly" system. Before that, no antivir will protect.
But in today's world when corpo installs embeded Linux on IP cameras, Tv-s , fridges etc. and every that thing has remote access that backdoor has a chance to come in "user friendly" world .