LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-30-2004, 07:40 PM   #1
ClericPreston
LQ Newbie
 
Registered: Jun 2004
Location: Libria
Distribution: Slackware 9.1/10
Posts: 29

Rep: Reputation: 15
Anti-Virus/Firewall/Spyware


I just recently internet enabled...does slack 10 come with any antivirus/firewalls spyware sniffers..?

can anyone suggest any for slack..

thanks
Cleric
 
Old 06-30-2004, 07:55 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Firewall: yes, it ships with iptables

AV: no, you'll need to organise one.
I recommend f-prot, the Linux version is free
for private use (not OpenSource, though).

Spyware: not necessary for all I know.


Cheers,
Tink
 
Old 06-30-2004, 08:21 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
you don't need an anti-virus or spyware scanner for linux/unix...

oh, and linux comes with netfilter/iptables, one of the most powerful packet-state filtering firewalls on the planet...

http://www.netfilter.org/


here's a link where you can find lots of info to get started with netfilter/iptables:

http://www.linuxguruz.com/iptables/


if you want an open-source virus-scanner, try clamav...

remember, clamav is made to run on linux/unix, not for linux/unix... in other words, (for example) this is mainly designed to run on linux/unix mail servers, where the clients are microsoft windows machines...

the windows machines clients scan the mail attachments for viruses on the linux/unix mail servers before they download them, for their own protection, not for linux/unix's protection...

http://www.clamav.net/
 
Old 07-01-2004, 01:53 AM   #4
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
iptables is not a packet firewall. Its a port firewall. I think FreeBSD has packet firewall. After you have config your firewall, test it with Nessus.

Nessus - http://www.nessus.org

The possibilty of getting a virus or spyware in LINUX is very, very low. You are better off winning the lottery. Just make sure you update your system when there is any security exploites. Find programs that look for root kits or something similar to them.
 
Old 07-01-2004, 02:43 AM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by Electro
iptables is not a packet firewall. Its a port firewall.
you are confused...

netfilter/iptables is definitely a stateful packet filtering firewall...

here's an extract from the netfilter front page:



What is netfilter/iptables?

netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).

netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.
Main Features

* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository

What can I do with netfilter/iptables?

* build internet firewalls based on stateless and stateful packet filtering
* use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
* use NAT to implement transparent proxies
* aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
* do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header


Last edited by win32sux; 07-01-2004 at 02:45 AM.
 
Old 07-01-2004, 04:21 AM   #6
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: a few...
Posts: 654

Rep: Reputation: 32
well, i'm curious now ... how much of an issue ARE viruses on Linux anyway, i mean i'm reasonably sure there ain't much in the wild, AND that unless i'm root they can't harm anything outside the ~/ directory anyway.

BUT what's the go? are there virii that i can get, and that self exec, and behave destructive ... we don't have download options that auto exec a file in browsers and email, i haven't seen any in IRC clients and GAIM doesn't transfer files for me (i think i'm due for an update on that one). So ... are there any real risks there virus wise (provided you don't do the dumb thing and download and run any program you can find).
 
Old 07-01-2004, 05:06 AM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
as long as your system is properly configured and updated, you should NEVER have to worry about getting a virus infection on linux...

whenever there is a linux virus, the virus code takes advantage of a security flaw in the system... when the hole is patched, everything is back to normal...

whenever there is a windows virus, the virus code can either take advantage of a security flaw, or of the insecure nature of the system... that's why on windows patching isn't enough, you need to have some kinda anti-virus software to protect you in real-time... you need to scan your machine for spyware every week... etc...

on linux a virus doesn't have the option to take advantage of an "insecure system nature", because when properly installed, linux is VERY secure... so they can only use security holes (which is why keeping your box up-to-date is important)...

now, of course, viruses aren't the only issue... sometimes you might set-up something incorrectly or you forget to do an update and then you inadvertently get OWNED. yes, it happens. of course, sometimes we just THINK it happens. sometimes we WONDER if it happened. because we're paranoid. we are paranoid penguins. and it's always good to be paranoid when it comes to security. but anyways, my point is that sometimes you want to make sure you haven't been OWNED... for this you can use a rootkit scanner... rootkits are tools hackers sometimes install on your sytem to maintain behind-the-scenes control, and stuff... here's a couple good rootkit scanners:

http://www.rootkit.nl/

http://www.chkrootkit.org/

of course, you need to remember that for the attacker to have installed the rootkit on your system in the first place, he had to use a security flaw or an adminsitrator's mistake, NOT the linux system's nature...

now, a rootkit scan will only let you know you've been hit when you run it... if you want something that can periodically check all your system files (on linux, EVERYTHING IS A FILE) and report to you whenever one of them is changed (no matter how minimally) check-out tripwire:

http://www.tripwire.org


Last edited by win32sux; 05-25-2005 at 04:35 PM.
 
Old 07-01-2004, 07:24 AM   #8
whishkah
Member
 
Registered: Mar 2004
Location: PA
Distribution: SuSE 10 OSS
Posts: 83

Rep: Reputation: 15
Yeah you can get virus' on any OS. It just would seem unlikely to get many in linux because it is not a major house-hold system. If you want to do damage why not go for the system that is more accessilbe ie windows. Yet, if you want a fairly good anti-virus (it'll cost ya) look for Dr. Web or EAnthology.

Good luck...
 
Old 07-01-2004, 05:24 PM   #9
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
There are a few viruses on the internet for Linux, but they hit systems with kernel version 2.2 or 2.3. The admins that still have those kernels running their servers have to use anti-virus programs. Kernel version 2.4 and 2.6 has the fixes the has been exploited in kernel versions 2.2 and 2.3.

Quote:
Originally posted by win32sux
you are confused...

netfilter/iptables is definitely a stateful packet filtering firewall...

here's an extract from the netfilter front page:



What is netfilter/iptables?

netfilter and iptables are building blocks of a framework inside the Linux 2.4.x and 2.6.x kernel. This framework enables packet filtering, network addresss [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems.

netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback functions with the network stack. A registered callback function is then called back for every packet that traverses the respective hook within the network stack.

iptables is a generic table structure for the definition of rulesets. Each rule within an IP table consists out of a number of classifiers (iptables matches) and one connected action (iptables target).

netfilter, iptables and the connection tracking as well as the NAT subsystem together build the whole framework.
Main Features

* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository

What can I do with netfilter/iptables?

* build internet firewalls based on stateless and stateful packet filtering
* use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
* use NAT to implement transparent proxies
* aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
* do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header
Thats not packet filtering. It is still port filtering. Its still port filtering unless it can screen out packets with certain data like SMB, HTTP, P2P, SSH, Telnet, etc. I can assign any services to any port.
 
Old 07-01-2004, 06:03 PM   #10
Tinkster
Moderator
 
Registered: Apr 2002
Location: earth
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928Reputation: 928
Quote:
Originally posted by Electro
Thats not packet filtering. It is still port filtering. Its still port filtering unless it can screen out packets with certain data like SMB, HTTP, P2P, SSH, Telnet, etc. I can assign any services to any port.
That's not packet filtering, that's packet inspection rules.

iptables IS a stateful packet filter, it doesn't support packet-inspection
with content tracking at this time (to the best of my knowledge), which
is what you're talking about, but you seem to be confusing a few terms.



Cheers,
Tink
 
Old 07-01-2004, 08:44 PM   #11
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by whishkah
Yeah you can get virus' on any OS.
only to a certain point... microsoft windows is the ONLY major operating system out there that is so susceptible to viruses, worms, spyware, and the like... you don't see this kind of susceptibility on gnu/linux, mac, solaris, etc...


Quote:
Yeah you can get virus' on any OS.
"That's Microsoft's official line, but it isn't true. While every system is vulnerable to attack, the ease with which Windows systems can be compromised, the number of vulnerabilities, and the speed with which attacks can propagate are unique to Windows.

For a concrete example showing the defect in Microsoft's argument, look at Internet Web servers. The open source Apache Web server running primaily on open source Linux and BSD operating systems has more than twice the market share of Windows and IIS (Internet Information Server), yet it's the Microsoft products that have earned a reputation for poor security."

COMPLETE TEXT HERE:

http://www.aaxnet.com/editor/edit033.html


Quote:
It just would seem unlikely to get many in linux because it is not a major house-hold system. If you want to do damage why not go for the system that is more accessilbe ie windows.
the reason you don't see linux/unix viruses even a fraction of the time you see windows viruses IS NOT popularity (linux/unix internet servers are WAY more popular than windows ones)... the reasons are purely technical... it is VERY difficult to create some kinda virus or worm that could take-down a bunch of linux (or any other decent unix) systems... the basic linux/unix system security model is designed to be VERY secure... microsoft's security model is simply designed to make them and their partners a lot of money: windows anti-virus' are a multi-billion dollar industry...

another thing (about the "targeting of windows"): linux (and other unixes) are used on MUCH MORE IMPORTANT and MISSION CRITICAL machines around the world... those are targets that are MUCH TASTIER than making some retarded worm in visual basic that brings-down a bunch of clueless home-user's windows PCs...


Quote:
Yet, if you want a fairly good anti-virus (it'll cost ya) look for Dr. Web or EAnthology.
just to be clear, these are both windows products... and eanthology's status is quite suspicious:

http://www.spywareguide.com/product_show.php?id=459

http://www.pestpatrol.com/PestInfo/e/eanthology.asp


if you want a free (as in free beer, NOT freedom) virus-scanner for your windows box i recommend AVG Free Edition:

http://www.grisoft.com/us/us_dwnl_free.php


if you want a top-quality paid solution for you windows box, try panda... it always gets GREAT reviews from the top windows tech publications:

http://www.pandasoftware.com/products/


and of course, what windows box would be complete without:

http://www.safer-networking.org/index.php?page=spybotsd

http://www.lavasoftusa.com/software/adaware/
 
Old 07-01-2004, 10:10 PM   #12
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
here's a few links about this linux virus issue:

http://redvip.homelinux.net/varios/virus-writing-HOWTO/

http://www.claws-and-paws.com/virus/..._viruses.shtml

http://www.theregister.co.uk/2003/10...ndows_viruses/


here's a link about a specific linux "virus":

http://math-www.uni-paderborn.de/~axel/bliss/



"In theory you can write a virus for any OS if the owner is dumb enough to install unchecked binaries as root." - Alan Cox

 
Old 07-01-2004, 10:45 PM   #13
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by Electro
There are a few viruses on the internet for Linux, but they hit systems with kernel version 2.2 or 2.3. The admins that still have those kernels running their servers have to use anti-virus programs.
could you please elaborate on this???

what anti-viruses do kernel 2.2 users "have to use"??? and for what specific virus threats???

please correct me if i'm wrong, but kernel 2.2 is still maintained, at least as far as security is concerned, and it sounds far-fetched to say that you need some third-party software in order for the 2.2 kernel (or any other stable version) you downloaded from kernel.org to work properly...

kernel 2.3 (or any kernel with an odd second number) is/was a purely development release and should have never been installed on any production machine in the first place...

STABLE (even): 2.0, 2.2, 2.4, 2.6, etc...

DEVELOPMENT (odd): 2.1, 2.3, 2.5, etc..
 
Old 07-04-2004, 08:34 AM   #14
chakkerz
Member
 
Registered: Dec 2002
Location: Brisbane, Australia
Distribution: a few...
Posts: 654

Rep: Reputation: 32
neat ta ... will check them asap ... (like from work where internet is fast )
 
Old 05-25-2005, 04:33 PM   #15
matneyc
Member
 
Registered: Aug 2004
Posts: 31

Rep: Reputation: 15
more questions...

i see that you all were trying to do something similar to my questions.

so, how do you route multiple IP addresses into 1 single nic and then have them ported to a private ip address (email server, web server, etc)?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall, Anti-Spyware and Antivirus for Debian Mondus Linux - Security 5 08-24-2005 07:16 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
Anti-Virus/Firewall/Spyware ClericPreston Linux - Newbie 2 07-01-2004 05:42 PM
anti-virus,worm,spyware,troj,backdoor? pleasehelpme Linux - Newbie 2 12-06-2003 08:29 AM
which anti-virus/firewall Vyeperman Linux - Security 1 10-16-2003 05:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration