Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-20-2006, 05:50 AM
|
#1
|
LQ Newbie
Registered: Nov 2006
Distribution: Debian Etch
Posts: 8
Rep:
|
Gateway Antivirus Scanning
Running Debian Etch with 3 nics installed and am trying to setup a gateway appliance for windows active directory network. I have in in a test environment now with a windows xp sp2 laptop as client. The debian box is issuing ip addresses correctly and the xp laptop can access the internet. I have shorewall installed and configured for firewall purposes. Bind running for DNS purposes. Installed squid and played around with it for a while but decided to remove. Will probably at some point put email and web server on this debian box. I have search everywhere trying to find an antivirus software program that will scan for virus/spyware/etc at the gateway eth0 and stop these from filtering into the network and onto the windows side. I have installed a copy of Pandasoftware's commandlinesecure and am running in resident mode, but it does not detect/clean/delete the eicar test viruses. I can manually run the ./pavcl command to scan the downloads folder and it finds it. Anyway, has anybody had any luck with this type of install? I know there are appliances you can purchase that will do this and are running some disto of linux. And the cost of the appliance does not scare me, it's the annual fees that are causing me to try and "build" my own. Any help on software/solutions for gateway scanning this way would be great.
|
|
|
11-20-2006, 02:31 PM
|
#2
|
Member
Registered: Jul 2006
Distribution: Debian Testing
Posts: 299
Rep:
|
IPcop http://www.ipcop.org/ is a dediacted firewall distro, it dose pritty much everything you want out the box except anti-virus but the copfilter http://copfilter.org/ plugin will do that, I don't know much about setting it up though.
Also you can't easily run a web or email server but running one of those on you're firewall is just asking for trouble.
|
|
|
11-20-2006, 04:01 PM
|
#3
|
LQ Newbie
Registered: Nov 2006
Distribution: Debian Etch
Posts: 8
Original Poster
Rep:
|
I've tried IPCOP w/copfilter a few installs ago. I have deleted and installed so many different distro on this computer not sure why I did not go with IPCOP anymore.
I have just contacted Panda Technical support and found that the commandlinesecure product is a file/folder scanner only. It does not do packet scanning. They told me to use DesktopSecure for Linux. So, I'm in the process of downloading and installing this product. Not sure if it's available as a free download or not, since I'm already a corporate client I can download it. Commandlinesecure is a free download. I will check to see if Desktopsecure is available for free.
|
|
|
11-20-2006, 06:07 PM
|
#4
|
LQ Newbie
Registered: Nov 2006
Distribution: Debian Etch
Posts: 8
Original Poster
Rep:
|
Trying to install panda desktop secure for linux I continue to get the following error. Any idea on what I'm still needing.
You haven't installed the compiler for your kernel
You haven't installed the correct kernel headers
You haven't installed the necessary development tools
|
|
|
11-21-2006, 02:10 PM
|
#5
|
Member
Registered: Jul 2006
Distribution: Debian Testing
Posts: 299
Rep:
|
Well the problem is clear, you need to install dependencies before desktopsecure. But it dosn't say what dependencies you are missing, check the desktop secure docs or ask their tech suport. Although I somewhat doubt its designed for a gateway, its called desktopsecure after all.
|
|
|
11-21-2006, 06:43 PM
|
#6
|
LQ Newbie
Registered: Nov 2006
Distribution: Debian Etch
Posts: 8
Original Poster
Rep:
|
Ok talking with tech support and reading some different posts I find that if I recompile the kernel with dazuko I can install desktopsecure without these errors. Or another virus scanner with "resident live scanning" like clamav.
So, I got dazuko-2.3.1.tar.gz extracted it and tried ./config and got the following.
Quote:
verifying capabilities are not built-in... built-in
error: capabilities are built-in to the kernel:
you will need to recompile a kernel with capabilities
as a kernel module
|
So I try recompile of kernel by doing the following.
apt-get install linux-source-2.6.17
tar xjf linux-source-2.6.17.tar.bz2
cd linux-2.6.11.7/
make-kpkg clean
fakeroot make-kpkg --initrd --revision=custom.1.0 kernel_image
make menuconfig
Security Options --->
<*> Default Linux Capabilities (changed to M)
<M> Default Linux Capabilities
Saved new kernel configuration then
cd ../
dpkg -i linux-image-2.6.17_custom.1.0_i386.deb
Then rebooted and ran
uname -a
Linux scrapper 2.6.17-2-686 #1 SMP Wed Sep 13 16:34:10 UTC 2006 i686 GNU/Linux
To be honest I did not know how to go about recompiling the kernel without some help from http://www.howtoforge.com/forums/showthread.php?t=21. So then I try ./configure of dazuko and still get the capabilities built-in error again.
Pretty new to linux so any help here would be great. If I need to repost this error into another thread let me know. Thanks.
|
|
|
11-22-2006, 08:09 AM
|
#7
|
LQ Newbie
Registered: Nov 2006
Distribution: Debian Etch
Posts: 8
Original Poster
Rep:
|
Ok, not like anybody else is replying or even reading this thread, but in my previous post I forgot to load my current config from /boot/config-2.6.17 while in menuconfig. After loading my current config I then changed the default linux capabilities to "m" then recompiled and it worked. Well, I just think it worked. Now I cannot seem to get dazuko module to load before capability module upon boot. I can however run:
sudo rmmod capability
sudo modprobe dazuko
sudo modprobe capability
And this installs dazuko. But upon reboot I have to run this again. So I tried the following from this website.
http://allyourtech.com/content/artic...untu_linux.php
Quote:
sudo gedit /etc/modprobe.d/dazuko
Copy and paste the following code into the blank document and save it.
install dazuko modprobe -r capability;\
modprobe -i dazuko; \
modprobe -i capability
While still running gedit as root, open the modules file, located in /etc directory. Add the word dazuko to the end of the list. Save the file.
|
After reboot still no dazuko. Any help?
|
|
|
11-22-2006, 09:51 AM
|
#8
|
LQ Newbie
Registered: Nov 2006
Distribution: Debian Etch
Posts: 8
Original Poster
Rep:
|
Well, as stated above not much help here, but was able to figure out what the problem was. Hopefully this thread can help others who run into this same problem. After creating the dazuko file in /etc/modprobe.d/ and adding the dazuko line in /etc/modules file, I had to copy the dazuko.ko file into /lib/modules/2.6.17/kernel/security. Rebooted and upon running cat /proc/modules both dazuko and capability are running. Started up panda desktopsecure installation and do not get the errors.
Quote:
Originally Posted by tortanick
Although I somewhat doubt its designed for a gateway, its called desktopsecure after all.
|
Good point. And as a client/user of panda's windows based antivirus I know for a fact their products are memory hogs. So, I may go with a less hoggy antivirus, since I should now be able to run resident virus scanning.
|
|
|
11-22-2006, 03:43 PM
|
#9
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
As far as doing real-time scanning of network traffic for every protocol, I'm only aware of the major firewall vendors supporting this, such as Juniper, Checkpoint, Fortinet, etc... To get enough speed in the AV process to get anywhere close to wire-speed, they implement a lot of the logic in hardware and even then, I know that Juniper at least only uses a very small set of the most common virus signatures, so you're not even covered for every known virus.
I'm not aware of any Linux distro that can do such real-time scanning. I notice that Astaro advertizes AV on their firewalls, but if you look closely it only does Anti-Virus for e-mail messages and web downloads.
|
|
|
12-05-2006, 01:57 PM
|
#10
|
LQ Newbie
Registered: Nov 2006
Distribution: Debian Etch
Posts: 8
Original Poster
Rep:
|
Thanks chort, unfortunately I have found this out the hard way. But, if your willing to spend some money which I may, F-Secure makes a pretty cool product I am currently evaluating. It's called Internet Gatekeeper for Linux. http://www.f-secure.com/small_busine...ts/fsigkl.html
It seems to do everything I want. But as chort states, I am curious to see how many users I can put behind this box before I start having issues. For now it's just a single laptop and internet gatekeeper is working great. I am hopefully in the near future going to test this linux UTM on a more taxing network and see how she stands up. By the way a 1yr subscription to f-secure internet gateway with 50 users runs approx $650.00. That's with a 20% end of year discount. Each additional year looks to be $7 - $8 per user per year.
|
|
|
All times are GMT -5. The time now is 01:27 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|