Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I suspect my LAN infected by Malware, because our IP was black listed, I am running CentOS 6.5 x64 running as gateway, is there any tools that can help me to determine the problem?
I might be tempted to install a firewall _going_out_ and log what's blocked. Allow ports 25, 110, 80(for smtp, pop, and http), and any others you know should be there. Look for strange ports. Log everything and read what's going out.
That being said, I believe clamav is the program to reach for.
Yes, yes, all these things are possible. But you are the sysadmin, and know what you have got. You can set logging levels - you may have to restart daemons with -l or something, but it's all doable.
Static or dynamic IP?
What does the blacklist entry say?
Is it identified as a netblock that possibly includes other ranges typically assigned to "home use" computers?
Are there any Windows hosts behind this LAN?
What do the logs on the gateway host suggest is going on?
static IP
malware
not yet identified
yes there are windows in the LAN
I dont know the what log should I check and how to turn on the related log for investigating this..
You are the sysadmin.
If I applied for the job of sysadmin in this country, I wouldn't even get an interview. My CV wold go straight in the bin; and you want advice from me??
My advice is: Do your job. Log everything in and out and read those logs to find out what's going on. Make sensible decisions and implement them. Search every PC on your network for malware with the best tools you can get. Don't think you can solve this with a point and click. Sysadmins do have to work.
Thanks a lot to everyone here for the idea, sharing and comment.. make this forum is very useful to share the idea and or problem..especially for newbie to get know how .. etc
to. business_kid.. this is a free public forum and that's why everyone here could ask some idea or at least share the experience or something... you need something like commercial forum, I think you should send private message to someone looks facing un-solve problem and ask them if they need to resolve their problem soon then you offer your technical service to help them.. hopefully your CV will not go in bin again... skill + attitude is a combination that can help you to get a job, the rest you give it to God.. good luck
You are not a "newbie" if you run such a site as http://www.calistasoft.com/
that states "We provide setup and configuring routing and security for internet, intranet and extra-networking solutions for your company."
wrt:
Quote:
Originally Posted by Winanjaya
to. business_kid.. this is a free public forum and that's why everyone here could ask some idea or at least share the experience or something
I find that I don't have to respond to every post that irritates me personally. Sometimes, you just have to exercise some discretion and ignore replies you don't like, especially on a public forum where people volunteer their time and expertise. And at least express some gratitude for any feedback.
Thanks a lot Habitual!..
And you are right that I am not newbie in Linux.. again I just want to get know how other people dealing with this and also get little bit discussion about this..
Well my thought to know what other people do if they face this problem also useful
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.