Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i've been doing alot of reading about viruses in linux. I've read some people saying that linux doesn't get virses and others saying that it can. I am just wanting some general input what you regular users are doing for security.
I notice that most of the programs that come up under antivirus are mainly for mail scanning.
should install an antivrius program or even a firewall other than the one RedHat 9 comes with?
/Jason
Last edited by jasonmcneil0; 11-04-2003 at 07:25 PM.
For most linux users AV products are snake oil
unless you spend all your time as root (Bad! NO! *Whack w/ 2x4*)
or you are acting as a screen for windows clients.
Under linux you can only write to a file you have permissions for
so if you run an infected program you can only infect files that you
own. Most people don't actually own the programs they run they
are owned by root and hence are safe from virii. I think a better
option is to run a program like trip wire.
so will this proggy check for virii, or will just show which files have been changed since a certain time. It says it checks integrity, so i am wondering what it acutally does.
Yes that's what tripwire does.
Since privilege separation is more complete under
linux (see a paper on the shatter attack)
there is less danger to most linux systems from
email, malicious web attacks and from the most
of the security problems that haunt Windows.
However there is still a risk of attack. AIDES and
tripwire help in intrusion detection by checking
if the configuration files and executables on your
computer have be changed. Tripwire "walks"
down directories specified in its config and
compares them to previously recorded walks.
It does this by taking an MD5 sum for each file
at install and using that virgin database for
comparisons.
Most of the "real" antivirus software for linux
is so linux mail server don't pass on infected
email messages to vulnerable windows clients.
Most of the "real" antivirus software for linux is so linux mail server don't pass on infected email messages to vulnerable windows clients.
(...) As for the "virus" thingie I wish we as a Linux community try to "convert" people away from the typical perception of "viruses" and direct them towards what is important wrt Linux: user/filesystem permissions, b0rken/suid/sgid software, worms, trojans and rootkits. (...)
(For more see the LQ FAQ: Security references, post #3, "Intrusion detection etc" under "Viruses on Linux/GNU, Antivirus software")
How does Tripwire/AIDES protect its own data? I made a list of md5sums of some key apps and files using, well, md5sum, and saved it to a floppy. Any data on a network-exposed harddrive is vulnerable to compromise. If your virgin database gets deflowered, comparisons against it don't do much good. So if it doesn't save that (and itself) to a floppy, I wouldn't put too much trust in it. Then again, I'm pretty clueless when it comes to networking and security.
How does Tripwire/AIDES protect its own data? I made a list of md5sums of some key apps and files using, well, md5sum, and saved it to a floppy.
It's exactly what I've always been promoting. Always save the binary and a copy of the databases to read-only media.
If you read about tripwire or AIDES they recommend you
run it and save the db to a read only media like a CD-R
or floppy (make sure to open the little window afterwards)
all before you connect to any kind of network. Computers
are often attacked within minutes of connecting to the
Internet.
Originally posted by unSpawn Most of the "real" antivirus software for linux is so linux mail server don't pass on infected email messages to vulnerable windows clients.
(...) As for the "virus" thingie I wish we as a Linux community try to "convert" people away from the typical perception of "viruses" and direct them towards what is important wrt Linux: user/filesystem permissions, b0rken/suid/sgid software, worms, trojans and rootkits. (...)
While I agree with the above, for those of us who have to use a certain proprietary OS on our multiple-boot machines, it's nice to be able to get a second opinion by virus-scanning said OS from Linux using something like F-Prot in a cron job. What one AV product misses, another detection engine may pick up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.