LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


View Poll Results: How often do you scan your Linux Computer(s)?
I am so paranoid I scan it more then once a day... 0 0%
Once a day. 4 13.79%
Once a week. 0 0%
Once a month. 2 6.90%
A few times a year. 11 37.93%
Depends really on what I am doing. Can be often or not. 12 41.38%
Voters: 29. You may not vote on this poll

Reply
  Search this Thread
Old 11-01-2010, 01:16 PM   #16
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42

Samhain is free. People should check it out and run it daily at night. There's no reason not to. You'll never even notice it's there unless something happens.
 
Old 11-01-2010, 01:39 PM   #17
H_TeXMeX_H
LQ Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291Reputation: 1291
Quote:
Originally Posted by meetscott View Post
Samhain is free. People should check it out and run it daily at night. There's no reason not to. You'll never even notice it's there unless something happens.
There's also no reason to use it, unless you're running a server.
 
Old 11-01-2010, 01:41 PM   #18
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
Quote:
There's also no reason to use it, unless you're running a server.
Malware is only a problem on servers?

But I guess I can accept the argument that it might be a little overkill.

Last edited by meetscott; 11-01-2010 at 01:44 PM. Reason: Overkill statement.
 
Old 11-01-2010, 01:43 PM   #19
cincindie
Member
 
Registered: Jul 2004
Location: Zinzinnati, OH
Distribution: RH, FC 1-6, F 7-21, Debian, LinuxPPC, Knoppix, Ubuntu, Yellow Dog
Posts: 176

Rep: Reputation: 31
I rarely if ever perform a regular scan of the whole system. I do monitor the logs and look for unusual activity. Otherwise, e-mails on the server are the only things that get scanned on a regular basis.
 
Old 11-01-2010, 01:49 PM   #20
mesiol
Member
 
Registered: Nov 2008
Location: Lower Saxony, Germany
Distribution: CentOS, RHEL, Solaris 10, AIX, HP-UX
Posts: 731

Rep: Reputation: 137Reputation: 137
Hi,

rkhunter and chkrootkit on a daily base works okay for me. AV software running on my mailservers, but not locally on my workstation. Never found anything not intented by myself to be there.
 
Old 11-01-2010, 02:12 PM   #21
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
Quote:
Originally Posted by meetscott View Post
Malware is only a problem on servers?

But I guess I can accept the argument that it might be a little overkill.
I can't. I think you should run a HIDS on all of your boxes.
 
Old 11-01-2010, 03:13 PM   #22
clifford227
Member
 
Registered: Dec 2009
Distribution: Slackware 14
Posts: 282

Rep: Reputation: 64
Could audio files (mp3, flac, etc) or video files (avi, mpg, mkv, etc) contain exploits or trojans?

My external backup drives contain mostly media files and ofcourse you cant do a reformat or you lose all your stuff.

What is the best practice for protecting external backup drives?

Last edited by clifford227; 11-01-2010 at 03:21 PM.
 
Old 11-01-2010, 03:23 PM   #23
Amdx2_x64
Member
 
Registered: Jun 2008
Distribution: Left LQ. Mods are too Rude!
Posts: 598

Original Poster
Rep: Reputation: 50
Quote:
Could audio files (mp3, flac, etc) or video files (avi, mpg, mkv, etc) contain exploits or trojans?
From my understanding, yes. I also believe jpg's or other image formats can as well. Though I am not sure how this is done or for that matter how likely, even if possible, it would be.

Last edited by Amdx2_x64; 11-01-2010 at 03:24 PM.
 
1 members found this post helpful.
Old 11-01-2010, 04:39 PM   #24
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 419Reputation: 419Reputation: 419Reputation: 419Reputation: 419
Quote:
Originally Posted by clifford227 View Post
Could audio files (mp3, flac, etc) or video files (avi, mpg, mkv, etc) contain exploits or trojans?

My external backup drives contain mostly media files and ofcourse you cant do a reformat or you lose all your stuff.

What is the best practice for protecting external backup drives?
Unless I've missed something, unless your media files are executable (and I have no idea why someone would let data be executable), they can't do damage. Simply opening a media file in its appropriate viewer shouldn't allow any damage.
 
1 members found this post helpful.
Old 11-01-2010, 06:06 PM   #25
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by H_TeXMeX_H View Post
There's also no reason to use it, unless you're running a server.
Given the fact that some OS installations are not that well-protected out of the box (Ubuntu's Remote Desktop comes to mind, see for instance the reports on Ubuntuforums), some users not knowing or caring for any security and the amount of hosts being compromised through the web stack still, I disagree.
 
Old 11-01-2010, 06:13 PM   #26
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally Posted by clifford227 View Post
Could audio files (mp3, flac, etc) or video files (avi, mpg, mkv, etc) contain exploits or trojans?
They most certainly can. In fact, as pointed out by Amdx2_x64, even image files can contain exploits.

Image example: CVE-2010-1205; Audio example: CVE-2007-6279; Video example: CVE-2009-3389.
 
1 members found this post helpful.
Old 11-01-2010, 06:17 PM   #27
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by Amdx2_x64 View Post
I was just curious how many times the average Linux desktop user at these forums check their computer for virus', root kits, etc. (..) So How often does everyone scan their Linux Computers and what do you use?
Next to whatever basic hardening / logging entails I use GNU/Tiger or LSAT, Auditd, Samhain (daemon: active) or Aide (cronjob: passive), Snort, a slightly modified Chkrootkit, Rootkit Hunter with add-ons and some home-brewn scripts. If I run AV SW it'll mostly be to help determine stuff sent to me or found elsewhere.
 
Old 11-01-2010, 06:19 PM   #28
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by win32sux View Post
image files can contain exploits.
...and next to that PHP scripts are often uploaded with image type extensions to bypass crude filters.
 
Old 11-01-2010, 06:22 PM   #29
meetscott
Samhain Slackbuild Maintainer
 
Registered: Sep 2004
Location: Phoenix, AZ, USA
Distribution: Slackware
Posts: 411

Rep: Reputation: 42
It's easy to get way off base here. Install as much security as you can and then back off based on usability and cost limitations. Sometimes extra security does not return anything given what is being protected.

Sometimes "Fort Knox" style is the appropriate path if what you are protecting is worth the investment. I like to see costs (processing, I/O, admin time), barriers (knowledge, time, training, etc.) and investment (research, setup, etc.) be so low that people can't help but be secure and make good choices.

I think we are moving closer and closer to that with Linux and options we have today. This forum also contributes to that greater good.
 
Old 11-01-2010, 06:34 PM   #30
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Define "extra security"?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iwlist scan - no scan results compu73rg33k Linux - Wireless Networking 6 05-29-2009 02:37 AM
LXer: The world's fastest computers are Linux computers LXer Syndicated Linux News 0 11-28-2008 06:20 PM
Nessus scan and no port scan possible? memo007 Linux - Security 1 09-08-2008 06:21 PM
LXer: FSF works with Los Alamos Computers to provide free computers LXer Syndicated Linux News 0 07-29-2008 10:12 PM
To SCAN or not to SCAN? HP750xi Suse 9.2 Pro newtwolinux Linux - Hardware 4 06-22-2005 04:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration