Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You don't need antivirus unless you are running a mail server or sharing files with Windows users. This article explains in more detail about Linux security and viruses.
I am new to Linux so my question is do I need an Antivirus?
I've merged your thread into the GNU/Linux Antivirus Megathread. Please read the welcome message. As stated, there is no consensual answer to this question, so please take both "yes" and "no" answers with a grain of salt.
There are a lot of posts regarding AV and installing it on Linux, but my focus is upon a corporate environment. You have users that can access the Internet the same as a Window's machine, but the user cannot determine if they download something malicious. Not all Linux users are gurus. You can have a corporate network that is hosting viruses internally without detection.
Is it confidence or cost that causes people not to recommend AV for Linux? If your job was on the line what would you recommend to management? AV or not?
the user in a corporate enviroment is not usually root, so a virus would not do much, also most people run an anti-virus on a mail server, so a windows user wouldn't get infected anyways. It is also not necessary considering the lack of virus for linux, I don't think anyone in this forum has got a virus in linux.
... my focus is upon a corporate environment... If your job was on the line what would you recommend to management? AV or not?
In that case, I'd recommend some kind of AV irrespective of the technical issue. the bet is:
no AV, slightly better speed, no time "wasted" configuring
and
don't keep job if something goes wrong
versus:
AV, slightly less speed, some time configuring
and
keep job even if something goes wrong
My money is on the second option. As a 'super-fallback position' (for the paranoid sys admin only!) you can tell management that it might be difficult to test the AV thoroughly because Linux viruses are currently so rare, but you want to prepare for a future worst case scenario. Note that if management tell you not to bother (and that, technically, might be the right decision) they are going some way to taking the risk, not you.
Well, personally, I would rely on AV only under MS OSes. It is way too complicated to access to the system layer and start diagnosing anything.
Under Linux it's way much different but yes, it's possible to have viruses under Linux, but the only AV I see is the user and/or admin of the system.
There are file integrity checkers such as gamin and tripwire that exist wich may give clues on a system's infection, but nothing can tell if the viree has not been designed to change that software so it ignores those changes...
Actually a virus is not something different than any other program, it uses legitimate routines, often already written by well-thinking programmers.
The best way I see to absolutly PREVENT infections, is to copy screen-to-screen the software's source code and make sure no malicious actions are performed. That's what a very important server admin would do I guess.
To remove a virus is another story, you have to identify what are the actions performed, capture the data it sends on the wire, etc.
I don't want to scare any new comers, but some ways of being infected could be downloading precompiled software, installing from forged heavy-sized source code, downloading from a subtle replica site such as www.g00gle.com (this is just an example, not a real threat!) or even by letting unconfigured/misconfigured services listening on some ports.
Now to lower the stress level ^^, who would put malicious code in software knowing that it might be inspected by professional? If there's any virus being made, they better remain quite silent!
Finally, as many people already said, there are no real danger as long as the infected binary is not run in the root's domain.
I trust to the mods to move this if I failed to locate the most appropriate thread. I hope the references will be as interesting to other *nixies as they were to me.
According to a press release issued earlier this month by Finjan, a security research firm, compromised Web servers are infecting thousands of visitors daily with malware that turns their Windows machines into unwitting bots to do the bidding of an as yet unidentified criminal organization. Security firms ScanSafe and SecureWorks have since added their own takes on the situation, though with varying estimates on the number of sites affected. All reports thus far say the compromised servers are running Linux and Apache.
According to an article on ServerTune.com, the exploit involves a rootkit installed on the compromised server that replaces several system binaries with infected versions. When the system is booted, the infected binaries are executed, and as a result, dynamically created JavaScript payloads are randomly and intermittently served to site visitors. The malware JavaScript attempts to exploit vulnerabilites in Windows, QuickTime, and Yahoo! Messenger on the visitor's machine in order to infect them.<snip>
The cPanel Security team announced todayr that they have identified several key components of a hack known as the Random JavaScript Rootkit. The systems affected by this Rootkit are Linux based running a number of different hosting platforms. The cPanel has worked with a number of hosting providers and server owners to* investigate this Rootkit.
The cPanel Security Team has recognized that the vast majority of affected systems are initially accessed vai shell (SSH) with no indications of brute force or exploitation of the underlying service. Despite non-trivial passwords, intermediary users and nonstandard ports, the attacker is able to gain access to the affected servers with no password failures. The cPanel security team also recognized that the vast majority of affected servers come from a single undisclosed data-center. All affected systems have password based authentication enabled. Based upon these findings, the cPanel security team believes that the attacker has gained access to a database of root login credentials for a large group of Linux servers. Once the hacker, manually, gains access to a system they can then perform various tasks. The hacker can download, compile, and execute a log cleaning script in order to hide their tracks. They also can download a customized Rootkit based off of Boxer version 0.99 beta 3. Finally, the hacker searches for files containing credit card related phrases such as CVC, CVV, and/or Authorize. <snip>
Kindly look at this white-hat site: http://www.0x000000.com/ and prepare to be afraid ... be very afraid.
While it is entirely-true that unwanted modifications to the core system configuration are quite difficult in OS/X and in Linux (and, finally, becoming more-difficult in "stock" Windows), that's not how bad-guys are launching their attacks anymore!
Dear friends,
I am recently worried about security. I've been thinking about it for a while now, and ultimately decided to share my thoughts with you when I've found this great thread.
Security bothers me because it is one of the basic human needs to be safe, in order to be able to exist normally (Maslow's hierarchy of needs, which is explained in more details at: http://en.wikipedia.org/wiki/Maslow'...archy_of_needs ).
So (provided that Maslov is right), I started to think about it, and I probably started to invent the wheel again , but anyway you can take a look at my logic as follows:
First I asked myself:
Q: what are we dealing with?
A: Well, we have computer security problems (both existing and potential problems).
Q: So, starting from the beginning, what makes for a computer (thinking of a computer as an object)?
A: The software, the hardware, and the user.
Q: Which of these can be infected by malware (or be changed in a way that it does things we have no control over)?
A: The software, and the hardware, since the hardware is operated by the software.
So, the only part of this chain that is immune to attacks is the user.
Q: What does the user need to fight off the attacks (to stay safe)?
A: More speed?
Since, speed is relative, this could be done either by aiding the user's speed, or by slowing down the execution of software (execution speed of malware ideally, but the malware would have to be isolated first for this to work).
Then I let my brain rest from thinking about it for a while.
Meanwhile, since our brain never really rests (which is especially true during the sleep), I saw this movie (or should I say, I saw the light): "Tech Talk: Linus Torvalds on git" at: http://youtube.com/watch?v=4XpnKHJAok8
So, my question now is: has this... issue been already taken care of in git? Or, maybe I should ask:
Has this idea already been implemented within git, so we don't have to worry about it?
And, am I correct thinking that it works as long as you:
A: Pull software from trusted sources
B: Have some kind of backup, or history of changes?*
and provided that you have both of these elements.
*in case your trusted source is not trusted while you're pulling from it, which you don't realize during that process.
Now that things have cooled-down, I'm gonna un-sticky this thread and see what happens. Keep in mind that if there's another outbreak of "Do I need an antivirus?" questions I'll immediately give everyone a serious case of deja vous. That said, thanks to all the members who have contributed their $0.02 in this megathread - your time and energy is much appreciated.
It is almost unbelievable how many viruses are out there for windows based systems and what is needed to prevents system from being compromised. Should UNIX/LINUX based system be equipment with some type of virus scanner to prevent intrusion. I understand that UNIX/LINUX is a more secure designed system and the best thing for any system is to harden them but should an anti-virus be part of the arsenal?
It is almost unbelievable how many viruses are out there for windows based systems and what is needed to prevents system from being compromised. Should UNIX/LINUX based system be equipment with some type of virus scanner to prevent intrusion. I understand that UNIX/LINUX is a more secure designed system and the best thing for any system is to harden them but should an anti-virus be part of the arsenal?
For Samba servers and mail servers............yes. It's a good idea for a desktop box to so you don't forward attachments that are compromised.
It is almost unbelievable how many viruses are out there for windows based systems and what is needed to prevents system from being compromised. Should UNIX/LINUX based system be equipment with some type of virus scanner to prevent intrusion. I understand that UNIX/LINUX is a more secure designed system and the best thing for any system is to harden them but should an anti-virus be part of the arsenal?
If you're doing mail scanning and such-- sure it prevents recipients of messages and trojans from being bounced around. It's really NOT for the machine itself generally though.
The unix user security system is much different than that of windows, it had a different design philosophy and unless there is a buffer overflow or exploit of some kind being taken advantage of to get root access it limits how much damage the virus/trojan can do. It's one of the many reasons for instance that daemons should really run as their own user and not "nobody" or "root" or even a shared "daemon" user.
The unix user security system is much different than that of windows, it had a different design philosophy and unless there is a buffer overflow or exploit of some kind being taken advantage of to get root access it limits how much damage the virus/trojan can do. It's one of the many reasons for instance that daemons should really run as their own user and not "nobody" or "root" or even a shared "daemon" user.
What exactly is the *nix design philosophy? From what I can tell, *nix is vulnerable to all of the same threats as Windows. For example they both still have an administrator account, both have configuration, software, and hardware vulnerabilities, both can be managed by users who don't understand the threats they face, etc.
I think the reason why there isn't as many attacks for *nix is because of the environment it's in. For example, monoculture. Other things about the environment is that it's drilled into the brains of new *nix users to not use the root account unless absolutely needed, to only get software from trusted sources, to verify its integrity, etc. The average Linux user is more tech savvy than the average Windows user. I just don't see what's so special about *nix that prevents it from being attacked other than the environment it's in.
Well, Linux was constructed from the start to be secure. Windows have to be backwards compatible with the insecure past and many of those new security tools are just patching up that. Windows defender is to defend against viruses and since there are none for Linux no anti-virus is needed. Admittedly, since Linux isn't run by a big corporate giant, it is probably less fun to write visues for it, but it would also be more difficult, although not impossible.
As for the original question. Unless you are running a file server that serves Windows clients, I wouldn't bother with anti-virus, it just wastes cpu power. Any trojans and worms out there will find the unprotected windows machines irrespctive of what your Linux box has installed. Again, there are no viruses for Linux.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.