Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
06-30-2004, 07:40 PM
|
#1
|
LQ Newbie
Registered: Jun 2004
Location: Libria
Distribution: Slackware 9.1/10
Posts: 29
Rep:
|
Anti-Virus/Firewall/Spyware
I just recently internet enabled...does slack 10 come with any antivirus/firewalls spyware sniffers..?
can anyone suggest any for slack..
thanks
Cleric
|
|
|
06-30-2004, 07:55 PM
|
#2
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Firewall: yes, it ships with iptables
AV: no, you'll need to organise one.
I recommend f-prot, the Linux version is free
for private use (not OpenSource, though).
Spyware: not necessary for all I know.
Cheers,
Tink
|
|
|
06-30-2004, 08:21 PM
|
#3
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
you don't need an anti-virus or spyware scanner for linux/unix...
oh, and linux comes with netfilter/iptables, one of the most powerful packet-state filtering firewalls on the planet...
http://www.netfilter.org/
here's a link where you can find lots of info to get started with netfilter/iptables:
http://www.linuxguruz.com/iptables/
if you want an open-source virus-scanner, try clamav...
remember, clamav is made to run on linux/unix, not for linux/unix... in other words, (for example) this is mainly designed to run on linux/unix mail servers, where the clients are microsoft windows machines...
the windows machines clients scan the mail attachments for viruses on the linux/unix mail servers before they download them, for their own protection, not for linux/unix's protection...
http://www.clamav.net/
|
|
|
07-01-2004, 01:53 AM
|
#4
|
LQ Guru
Registered: Jan 2002
Posts: 6,042
Rep:
|
iptables is not a packet firewall. Its a port firewall. I think FreeBSD has packet firewall. After you have config your firewall, test it with Nessus.
Nessus - http://www.nessus.org
The possibilty of getting a virus or spyware in LINUX is very, very low. You are better off winning the lottery. Just make sure you update your system when there is any security exploites. Find programs that look for root kits or something similar to them.
|
|
|
07-01-2004, 02:43 AM
|
#5
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally posted by Electro
iptables is not a packet firewall. Its a port firewall.
|
you are confused...
netfilter/iptables is definitely a stateful packet filtering firewall...
here's an extract from the netfilter front page:
What is netfilter/iptables?
netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).
netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.
Main Features
* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository
What can I do with netfilter/iptables?
* build internet firewalls based on stateless and stateful packet filtering
* use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
* use NAT to implement transparent proxies
* aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
* do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header
Last edited by win32sux; 07-01-2004 at 02:45 AM.
|
|
|
07-01-2004, 04:21 AM
|
#6
|
Member
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: a few...
Posts: 654
Rep:
|
well, i'm curious now ... how much of an issue ARE viruses on Linux anyway, i mean i'm reasonably sure there ain't much in the wild, AND that unless i'm root they can't harm anything outside the ~/ directory anyway.
BUT what's the go? are there virii that i can get, and that self exec, and behave destructive ... we don't have download options that auto exec a file in browsers and email, i haven't seen any in IRC clients and GAIM doesn't transfer files for me (i think i'm due for an update on that one). So ... are there any real risks there virus wise (provided you don't do the dumb thing and download and run any program you can find).
|
|
|
07-01-2004, 05:06 AM
|
#7
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
as long as your system is properly configured and updated, you should NEVER have to worry about getting a virus infection on linux...
whenever there is a linux virus, the virus code takes advantage of a security flaw in the system... when the hole is patched, everything is back to normal...
whenever there is a windows virus, the virus code can either take advantage of a security flaw, or of the insecure nature of the system... that's why on windows patching isn't enough, you need to have some kinda anti-virus software to protect you in real-time... you need to scan your machine for spyware every week... etc...
on linux a virus doesn't have the option to take advantage of an "insecure system nature", because when properly installed, linux is VERY secure... so they can only use security holes (which is why keeping your box up-to-date is important)...
now, of course, viruses aren't the only issue... sometimes you might set-up something incorrectly or you forget to do an update and then you inadvertently get OWNED. yes, it happens. of course, sometimes we just THINK it happens. sometimes we WONDER if it happened. because we're paranoid. we are paranoid penguins. and it's always good to be paranoid when it comes to security. but anyways, my point is that sometimes you want to make sure you haven't been OWNED... for this you can use a rootkit scanner... rootkits are tools hackers sometimes install on your sytem to maintain behind-the-scenes control, and stuff... here's a couple good rootkit scanners:
http://www.rootkit.nl/
http://www.chkrootkit.org/
of course, you need to remember that for the attacker to have installed the rootkit on your system in the first place, he had to use a security flaw or an adminsitrator's mistake, NOT the linux system's nature...
now, a rootkit scan will only let you know you've been hit when you run it... if you want something that can periodically check all your system files (on linux, EVERYTHING IS A FILE) and report to you whenever one of them is changed (no matter how minimally) check-out tripwire:
http://www.tripwire.org
Last edited by win32sux; 05-25-2005 at 04:35 PM.
|
|
|
07-01-2004, 07:24 AM
|
#8
|
Member
Registered: Mar 2004
Location: PA
Distribution: SuSE 10 OSS
Posts: 83
Rep:
|
Yeah you can get virus' on any OS. It just would seem unlikely to get many in linux because it is not a major house-hold system. If you want to do damage why not go for the system that is more accessilbe ie windows. Yet, if you want a fairly good anti-virus (it'll cost ya) look for Dr. Web or EAnthology.
Good luck...
|
|
|
07-01-2004, 05:24 PM
|
#9
|
LQ Guru
Registered: Jan 2002
Posts: 6,042
Rep:
|
There are a few viruses on the internet for Linux, but they hit systems with kernel version 2.2 or 2.3. The admins that still have those kernels running their servers have to use anti-virus programs. Kernel version 2.4 and 2.6 has the fixes the has been exploited in kernel versions 2.2 and 2.3.
Quote:
Originally posted by win32sux
you are confused...
netfilter/iptables is definitely a stateful packet filtering firewall...
here's an extract from the netfilter front page:
What is netfilter/iptables?
netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.
iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).
netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.
Main Features
* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository
What can I do with netfilter/iptables?
* build internet firewalls based on stateless and stateful packet filtering
* use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
* use NAT to implement transparent proxies
* aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
* do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header
|
Thats not packet filtering. It is still port filtering. Its still port filtering unless it can screen out packets with certain data like SMB, HTTP, P2P, SSH, Telnet, etc. I can assign any services to any port.
|
|
|
07-01-2004, 06:03 PM
|
#10
|
Moderator
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
|
Quote:
Originally posted by Electro
Thats not packet filtering. It is still port filtering. Its still port filtering unless it can screen out packets with certain data like SMB, HTTP, P2P, SSH, Telnet, etc. I can assign any services to any port.
|
That's not packet filtering, that's packet inspection rules.
iptables IS a stateful packet filter, it doesn't support packet-inspection
with content tracking at this time (to the best of my knowledge), which
is what you're talking about, but you seem to be confusing a few terms.
Cheers,
Tink
|
|
|
07-01-2004, 08:44 PM
|
#11
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally posted by whishkah
Yeah you can get virus' on any OS.
|
only to a certain point... microsoft windows is the ONLY major operating system out there that is so susceptible to viruses, worms, spyware, and the like... you don't see this kind of susceptibility on gnu/linux, mac, solaris, etc...
Quote:
Yeah you can get virus' on any OS.
|
"That's Microsoft's official line, but it isn't true. While every system is vulnerable to attack, the ease with which Windows systems can be compromised, the number of vulnerabilities, and the speed with which attacks can propagate are unique to Windows.
For a concrete example showing the defect in Microsoft's argument, look at Internet Web servers. The open source Apache Web server running primaily on open source Linux and BSD operating systems has more than twice the market share of Windows and IIS (Internet Information Server), yet it's the Microsoft products that have earned a reputation for poor security."
COMPLETE TEXT HERE:
http://www.aaxnet.com/editor/edit033.html
Quote:
It just would seem unlikely to get many in linux because it is not a major house-hold system. If you want to do damage why not go for the system that is more accessilbe ie windows.
|
the reason you don't see linux/unix viruses even a fraction of the time you see windows viruses IS NOT popularity (linux/unix internet servers are WAY more popular than windows ones)... the reasons are purely technical... it is VERY difficult to create some kinda virus or worm that could take-down a bunch of linux (or any other decent unix) systems... the basic linux/unix system security model is designed to be VERY secure... microsoft's security model is simply designed to make them and their partners a lot of money: windows anti-virus' are a multi-billion dollar industry...
another thing (about the "targeting of windows"): linux (and other unixes) are used on MUCH MORE IMPORTANT and MISSION CRITICAL machines around the world... those are targets that are MUCH TASTIER than making some retarded worm in visual basic that brings-down a bunch of clueless home-user's windows PCs...
Quote:
Yet, if you want a fairly good anti-virus (it'll cost ya) look for Dr. Web or EAnthology.
|
just to be clear, these are both windows products... and eanthology's status is quite suspicious:
http://www.spywareguide.com/product_show.php?id=459
http://www.pestpatrol.com/PestInfo/e/eanthology.asp
if you want a free (as in free beer, NOT freedom) virus-scanner for your windows box i recommend AVG Free Edition:
http://www.grisoft.com/us/us_dwnl_free.php
if you want a top-quality paid solution for you windows box, try panda... it always gets GREAT reviews from the top windows tech publications:
http://www.pandasoftware.com/products/
and of course, what windows box would be complete without:
http://www.safer-networking.org/index.php?page=spybotsd
http://www.lavasoftusa.com/software/adaware/
|
|
|
07-01-2004, 10:45 PM
|
#13
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally posted by Electro
There are a few viruses on the internet for Linux, but they hit systems with kernel version 2.2 or 2.3. The admins that still have those kernels running their servers have to use anti-virus programs.
|
could you please elaborate on this???
what anti-viruses do kernel 2.2 users "have to use"??? and for what specific virus threats???
please correct me if i'm wrong, but kernel 2.2 is still maintained, at least as far as security is concerned, and it sounds far-fetched to say that you need some third-party software in order for the 2.2 kernel (or any other stable version) you downloaded from kernel.org to work properly...
kernel 2.3 (or any kernel with an odd second number) is/was a purely development release and should have never been installed on any production machine in the first place...
STABLE (even): 2.0, 2.2, 2.4, 2.6, etc...
DEVELOPMENT (odd): 2.1, 2.3, 2.5, etc..
|
|
|
07-04-2004, 08:34 AM
|
#14
|
Member
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: a few...
Posts: 654
Rep:
|
neat ta ... will check them asap ... (like from work where internet is fast )
|
|
|
05-25-2005, 04:33 PM
|
#15
|
Member
Registered: Aug 2004
Posts: 31
Rep:
|
more questions...
i see that you all were trying to do something similar to my questions.
so, how do you route multiple IP addresses into 1 single nic and then have them ported to a private ip address (email server, web server, etc)?
|
|
|
All times are GMT -5. The time now is 01:51 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|