Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
12-25-2006, 06:28 AM
|
#1
|
|
Member
Registered: Nov 2006
Location: India
Distribution: Ubuntu 21.04
Posts: 168
Rep: 
|
Anti-virus and Firewall which one and how to setup?
I am using FC6. I have recently switched over from Windows. As in windows it is must to use antivirus and firewall, I would like to know whether it is also must to use antivirus and firewall.
As I could not find any menu opion for antivirus, I would like to know in details about which antivirus and which firewall to use and how to set them up?
|
|
|
|
|
12-25-2006, 07:23 AM
|
#2
|
|
Member
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 734
Rep:
|
On Viruses:
Viruses are a non-issue in the Linux world. The reason is because Linux has a superior filesystem setup. No one but root can edit or modify any programs on the system. So all you need to do to protect yourself from viruses in Linux is this:
-Do your everyday tasks as a regular user, not root.
-Keep your system up to date.
Follow those two simple rules and your system will be more secure than an MS computer WITH Antirus software.
On Firewall:
I don't use a firewall on Linux and never found a good reason to use one. Maybe the program 'guarddog' is what you're looking for?
|
|
|
|
|
12-25-2006, 07:43 AM
|
#3
|
|
Senior Member
Registered: Mar 2002
Location: Oklahoma
Posts: 1,154
Rep:
|
most Linux kernels use IPTables for a firewall, a good frontend for Gnome on Fedora would be firestarter
http://www.fs-security.com/ |
|
|
|
|
12-25-2006, 10:23 PM
|
#4
|
|
Member
Registered: Nov 2006
Location: India
Distribution: Ubuntu 21.04
Posts: 168
Original Poster
Rep:
|
Thanks Sepero and Okie for help. As I am already working as an user and not as a root, so I believe I have already (unknowlingly though LOL) done the right thing.
Can you please guide me on how to keep my system up-to-date? I am working in Fedora 6 in KDE. I can't find any system up-to-date option.
|
|
|
|
|
12-26-2006, 12:10 AM
|
#5
|
|
Member
Registered: Jun 2006
Location: In the bended light of the prism-
Distribution: Mandriva
Posts: 53
Rep:
|
check here- http://www.accessgrid.org/node/413
_________________________________________________________
>>BLACKHOLE<<
>>BLACKHOLE<<
2006-(-_+) |
|
|
|
|
12-26-2006, 12:21 AM
|
#6
|
|
Member
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 734
Rep:
|
apt? yum? I dunno. Check out the Fedora guides. I'm sure its in there.
|
|
|
|
|
12-27-2006, 01:55 PM
|
#7
|
|
LQ Newbie
Registered: Dec 2006
Location: On Planet Earth
Distribution: Fedora 6, RedHat Enterprise 4.0, Knoppix
Posts: 4
Rep: 
|
Nutcracker virus found
I am not sure about linux being completely safe from viruses.
I am running FC6, have firewall through iptables, only run as user unless I am making changes, and browse with the most up-to-date Firefox.
I just did a scan of my computer with Avast's linux scanner and it found a Nutcracker virus in the /usr/share/locale/ area of my file system.
Someone explain to me how a predominantly Windows virus from 1998 gets onto my computer?
|
|
|
|
|
12-27-2006, 07:00 PM
|
#8
|
|
Member
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 734
Rep:
|
linux_newber, your first mistake was installing Closed Source Software on your system.
Avast is the problem, not the file.
/usr/share/locale/pa/LC_MESSAGES/redhat-artwork.mo/PartNo_0#860842075
See here: http://www.fedoraforum.org/forum/sho...d.php?p=577427
Besides that, even if it was a virus, Linux is immune to Microsoft viruses. It cannot be infected. |
|
|
|
|
12-28-2006, 11:27 AM
|
#9
|
|
Member
Registered: Nov 2006
Location: India
Distribution: Ubuntu 21.04
Posts: 168
Original Poster
Rep:
|
Thanks Soporo, for the great link. I am though using firestarter as firewall. I hope I can use that. I have not set any firewall rules, just kept it normal.
|
|
|
|
|
12-28-2006, 01:27 PM
|
#10
|
|
LQ Newbie
Registered: Dec 2006
Location: On Planet Earth
Distribution: Fedora 6, RedHat Enterprise 4.0, Knoppix
Posts: 4
Rep:
|
thank you Sepero
thanks for the info.
You know I am a little ticked off at Avast. The one great thing about them is that they're superior to Norton on Windows machines.
I will download Clamav as a precaution for the dozen or so Linux viruses out there.
Someone should send Avast a message letting them know of their flaws with their linux version.
|
|
|
|
|
12-28-2006, 06:52 PM
|
#11
|
|
Member
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 734
Rep:
|
Glad I could be of help guys.
Quote:
|
Originally Posted by linux_newber
I will download Clamav as a precaution for the dozen or so Linux viruses out there.
|
Clam is Open Source, but like Avast, it only detects Microsoft viruses. Again, Linux is immune to Microsoft viruses. Keep your Linux software up to date, and no anti-virus software is needed.
Quote:
|
Originally Posted by linux_newber
Someone should send Avast a message letting them know of their flaws with their linux version.
|
Unfortunately, after searching the web about this, I'm that sure many people already have. |
|
|
|
|
12-29-2006, 12:02 AM
|
#12
|
|
Member
Registered: Nov 2006
Location: India
Distribution: Ubuntu 21.04
Posts: 168
Original Poster
Rep:
|
Thanks Soporo for your suggestion. Actually for those who are switching over from Windows environment, it take some time to digest that Linux is a virus-free attack-free zone because of the inbuilt security of Linux.
I had two questions though which I again put here (I hope I can do that in this thread itself instead of making another one), as fortunately for me I have got you to solve my queries  :
a) How do I keep my system up-to-date? Is it by checking the update box while I open up Yum-extender in my KDE?
b) Is there any need to set up any rules for my firewall (firestarter). Presently I am just running it normally). I hope this is ok.
Thank you. |
|
|
|
|
12-29-2006, 12:52 AM
|
#14
|
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
|
Originally Posted by Sepero
Viruses are a non-issue in the Linux world.
|
this is an extremely dangerous point of view for a linux sysadmin... the statement is completely false - and history proves it...
Quote:
|
The reason is because Linux has a superior filesystem setup. No one but root can edit or modify any programs on the system.
|
there isn't one particular reason why viruses aren't as big an issue on linux as they are on windows... yes, the sane permissions system might be one of the reasons, but there's also other possible reasons, such as the small size of the linux desktop market, for example...
Quote:
So all you need to do to protect yourself from viruses in Linux is this:
-Do your everyday tasks as a regular user, not root.
-Keep your system up to date.
|
although this is indeed great advice, it is not directly related to what you are actually advising on... running an infected executable as a non-root user can have consequences far worse than if (for example) your /etc folder was borked by an evil program with root privilages... look at it this way: malware doesn't need any root privilages in order to delete all the important documents in your home folder (or send copies of them to everyone in your address book)... it also doesn't need any root privilages to send-out 1,000 SPAMs per minute...
once again, using the root account only when absolutley necessary, and keeping your system up-to-date is really good advice, but it's no replacement for a virus/malware scanner...
Quote:
|
Linux is immune to Microsoft viruses. It cannot be infected.
|
yes, linux itself cannot be infected by windows- only viruses... but it's ALWAYS good to know when a file/document you are gonna work with is infected with ANY sort of virus... the reasons for this go beyond your own system's integrity... the only practical way to do this is with a virus scanner...
Quote:
|
Clam is Open Source, but like Avast, it only detects Microsoft viruses.
|
wrong! clamav does detect linux viruses... it's just that there's so little of them in the wild that one starts to think it only picks-up windows ones... do a search for "linux" on clamav's online database if you want to see for yourself... at the time of this post, this is what the results looked like:
Code:
daily.cvd Dropper.Worm.Linux.Coptic
daily.cvd Worm.Linux.Coptic
daily.cvd Worm.Linux.Coptic-1
daily.cvd Exploit.Linux.Race.H
daily.cvd Linux.Bish.A
daily.cvd Linux.Evil.A
daily.cvd Exploit.Linux.Race.C
daily.cvd Exploit.Linux.Small.V
main.cvd DDoS.Linux.Fork (Clam)
main.cvd DoS.Linux.Blitz (Clam)
main.cvd DoS.Linux.Chass (Clam)
main.cvd DoS.Linux.Octopus (Clam)
main.cvd Exploit.Linux.MySQL.20b4 (Clam)
main.cvd Exploit.Linux.Pine.v456.Sorbo (Clam)
main.cvd Exploit.Linux.WU-FTPD.v262.WOOoouHappy (Clam)
main.cvd Linux.Adore worm (Clam)
main.cvd Linux.Bliss.a (Clam)
main.cvd Linux.Dido-478
main.cvd Linux.Dido.478.elf (Clam)
main.cvd Linux.Diesel.969.elf (Clam)
main.cvd Linux.Gildo (Clam)
main.cvd Linux.Godog.A (Clam)
main.cvd Linux.Godog.C (Clam)
main.cvd Linux.GodogWorm
main.cvd Linux.Kagob.A
main.cvd Linux.Kagob.B
main.cvd Linux.LionWorm.9
main.cvd Linux.Lionworm (Clam)
main.cvd Linux.Lion worm (Clam)
main.cvd Linux.Mandrag.666 (Clam)
main.cvd Linux.ManPage (Clam)
main.cvd Linux.Manpages (Clam)
main.cvd Linux.Nuxbee.1403 (Clam)
main.cvd Linux.NuxBee (Clam)
main.cvd Linux.Orig (Clam)
main.cvd Linux.Osf.8759 (Clam)
main.cvd Linux.QNX.Probe.B (Clam)
main.cvd Linux.Quasi
main.cvd Linux.Radix16
main.cvd Linux.Rst.A (Clam)
main.cvd Linux.RST.B (Clam)
main.cvd Linux.RST.B-1 (Clam)
main.cvd Linux.Siilov.5916
main.cvd Linux.Siilov
main.cvd Linux.Silvio.A (Clam)
main.cvd Linux.Silvio.B (Clam)
main.cvd Linux.Slapper-A (Clam)
main.cvd Linux.Staog
main.cvd Linux.Svat.A (Clam)
main.cvd Linux.Svat.B (Clam)
main.cvd Linux.Telf.8000
main.cvd Linux.Telf.9812
main.cvd Linux.Telf.A
main.cvd Linux.Telf.B
main.cvd Linux.Telf.C
main.cvd LINUX.Vit.4096
main.cvd Linux.Winter-343
main.cvd Linux.x.c worm (Clam)
main.cvd Linux.ZipWorm.elf (Clam)
main.cvd Trojan.Linux.BO.002 (Clam)
main.cvd Trojan.Linux.Rootin.A (Clam)
main.cvd Trojan.Linux.Rootin.C (Clam)
main.cvd Trojan.Linux.RST.b (Clam)
main.cvd Trojan.Linux.SSHD (Clam)
main.cvd Trojan.Linux.SucKIT (Clam)
main.cvd Troj.Linux.Rootkit-A (Clam)
main.cvd VirTool.Linux.Infect (Clam)
main.cvd VirTool.Linux.Mmap.443 (Clam)
main.cvd Worm.Linux.Hijack (Clam)
main.cvd Worm.Linux.Mworm (Clam)
main.cvd Worm.Linux.Ramen.B (Clam)
main.cvd Worm.Linux.Ramen (Clam)
main.cvd Worm.Linux.Slapper.A (Clam)
main.cvd Worm.Linux.Ramen.C (Clam)
main.cvd Linux.LIME (Clam)
main.cvd VirTool.Linux.Elfwrsec.A (Clam)
main.cvd Trojan.Linux.UDP (Clam)
main.cvd Trojan.Linux.BO.121.B-cli (Clam)
main.cvd Trojan.Linux.Cyrax.A (Clam)
main.cvd Linux.Osf.3974 (Clam)
main.cvd Linux.Ovets.A (Clam)
main.cvd Linux.Fecto.A (Clam)
main.cvd Linux.Nel.A (Clam)
main.cvd Linux.Neox.A (Clam)
main.cvd Linux.Xone.A (Clam)
main.cvd Linux.Ovets.B (Clam)
main.cvd Linux.Svat.C (Clam)
main.cvd Linux.RcrGood.556 (Clam)
main.cvd Linux.Sickabs.15488 (Clam)
main.cvd Linux.Cassini.1618 (Clam)
main.cvd Linux.Slapper.B.src (Clam)
main.cvd Linux.Nibom.A (Clam)
main.cvd PolyEngine.Linux.LIME (Clam)
main.cvd Linux.Thebe (Clam)
main.cvd Exploit.Linux.RPC.A (Clam)
main.cvd Exploit.Linux.RPC.B (Clam)
main.cvd Exploit.Linux.RPC.C (Clam)
main.cvd Exploit.Linux.RPC.D (Clam)
main.cvd Trojan.Linux.Rootkit.I (Clam)
main.cvd Linux.LionCleaner (Clam)
main.cvd Exploit.Linux.RPC.E (Clam)
main.cvd Linux.Brk.B (Clam)
main.cvd Exploit.Shellcode.Linux-Gen-1 (Clam)
main.cvd DoS.Linux.Forkbomb (Clam)
main.cvd Trojan.Linux.Attack
main.cvd Linux.ELF.Compagnion
main.cvd Trojan.Linux.Rootkit.C
main.cvd Linux.Adm.Sh
main.cvd Linux.Adm.Src
main.cvd Backdoor.Linux.Suki.A
main.cvd Exploit.Linux.Da2.B
main.cvd Linux.Alaeda.A
main.cvd Trojan.Linux.Small.I
main.cvd Exploit.Linux.Lupii
main.cvd Exploit.Linux.Lupii-2
main.cvd Trojan.Linux.Rohack.A
main.cvd Trojan.Linux.Rootkit.A
as you can see, clamav will also pick-up linux malware, trojans, and exploits that aren't technically classified as "viruses"... clamav is really great stuff and i highly recommend that users always scan documents and stuff before they open them - no matter how secure they think they are...
security is about adding layers... there is no "superior filesystem setup" that will be the cure to all your ails... there is no magic bullet... linux desktop users need to excersise as many security techniques as is plausible for them...
up-to date systems, use of root account when only necessary, properly configured firewall, virus/malware scanner, rootkit scanner, common sense - they all count for something - but none count for everything, not even together... each just adds an additional layer on top of a problem that is INFINITE by nature (no matter what operating system you use)...
my advice is this:
install clamav and learn to use it properly - you're better-off with it than without it... 
Quote:
|
Originally Posted by arindom
for those who are switching over from Windows environment, it take some time to digest that Linux is a virus-free attack-free zone
|
and hopefully they won't *ever* finish digesting that, because it's not true...
Last edited by win32sux; 12-29-2006 at 03:50 AM.
|
|
|
|
|
12-29-2006, 05:28 AM
|
#15
|
|
Member
Registered: Jul 2004
Location: Tampa, Florida, USA
Distribution: Ubuntu
Posts: 734
Rep:
|
Quote:
|
Originally Posted by win32sux
there isn't one particular reason why viruses aren't as big an issue on linux as they are on windows... yes, the sane permissions system might be one of the reasons, but there's also other possible reasons, such as the small size of the linux desktop market, for example...
|
Fear Uncertainty and Doubt (FUD)
Linux does claim a small desktop market, but that means nothing. Linux runs on nearly 40% of all the servers in the world, so relating popularity to viruses is pure FUD.
Yes, a malicious program could delete all your files. So could a script with this single line "rm -rf ~/" (which could be written in dozens of different scripting languages). So how exactly is is a virus scanner supposed to protect against the millions of variations of that being in any type of possible script or program? It can't.
I disagree completely with the premis of virus scanners. They are a "back measure". Instead of preventing the problem to begin with, they try to go _back_ after damage has already been done. I don't call that security.
Also on the email virus, more FUD. On MS computers, everyone uses 'Outlook'. All the cracker has to do is write a virus for Outlook. On Linux computers everyone runs... what? Ah hah. Not everyone uses the same email program on Linux. One person might use Evolution, another might use Mozilla, another Kmail, etc., etc. That is what you call security through a non-homogenous environment. In addition to that, if the virus isn't specifically made for that users email client, it must be saved to disk and specifically SET as executable. Total FUD.
Quote:
|
yes, linux itself cannot be infected by windows-only viruses... but it's ALWAYS good to know when a file/document you are gonna work with is infected with ANY sort of virus...
|
True, you can choose to help out Microsoft users by scanning for their viruses on your Linux computer. That's your choice. Personally, I prefer they get the XPerience they paid for.
Quote:
|
wrong! clamav does detect linux viruses...
|
Ooh! You got me. I did not know that it scanned for Linux viruses too. (It's still just a "back measure" though.)
You show an impressively long list of Linux viruses, exploits, trojans, etc. Tell me though... how many of them will infect an up to date system?
I'm not saying it's impossible to write a virus for an up to date system, but 99.9X% of viruses written for Linux are written for old software. I replied to a thread this week where someone was trying to install Redhat 6. When's that from? 1996? I told them to destroy the CD's immediately!
Quote:
|
install clamav and learn to use it properly - you're better-off with it than without it...
|
I can't deny this, but if your running AV software and you keep your system up to date, you really won't be helping yourself as much as you help others. Mainly you'll be helping those who don't bother to keep their software updated. If you bother to keep your AV updated, why not just skip the step and keep your system updated instead.
Quote:
|
and hopefully they won't *ever* finish digesting that, because it's not true...
|
I do not have any anti-virus software on my system. I do not run any firewall. I don't run rootkit software. I haven't for a long time. I challenge anyone to try to crack my system. I dare you.
I just dare you.
EDIT:
Here's my ip address: <removed by moderator>
Last edited by Capt_Caveman; 12-29-2006 at 02:30 PM.
|
|
|
|
All times are GMT -5. The time now is 08:14 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
