Hi
Sorry to be a newbeee
I want effective free antivirus for my linux machine.
Thanks for the reply
MWJ

F-Prot

Where do you want to use the virus scanner for?

There are a few viruses for Linux, but you should protect yourself for other things, such as getting hacked. Due the nature and design of Linux, viruses are less effective. (but not completely impossible though) Just a few exist. You could F-prot however, to protect the neighbor (ie. shared folders accessible by Windows)


* don't run unnecessary network services, especially if you don't use them. Every service can be exploited by hackers. (use "netstat -anpA inet" to see what you're running)
* You 'really want' to upgrade OpenSSH now..
* don't run as root user on your system. If you run as limited/mortal user, you can only loose your own files, you can't hurt your system, etc... viruses will have the same limitations.
* find out how to run a filewall... (if every Windows user had done this, blaster wouldn't have any effect)
* If you really need to change/install something, use "su" in the console, and enter the root password.

nice post yapp.

Also, note that if you do use "su" in the console the prompt will change from "$" to "#" to remind you that you need to "exit" when you're done acting as the super user (su). When you type "exit" (and then enter) as su, it won't close the xterm session, it will just exit out of su mode.

The same goes for when you want to change the display settings or something and it asks for the root password. Any time you've entered the the root password, you're basically running as root user and you'll want to exit out of that when you're done. (for previously mentioned security reasons)

To exit out of root permissions from the graphical interface, click on the keys that have appeared in the lower right corner (by the clock) and choose "forget authorization". (The keys don't appear when running in "su" mode in an xterm session, just after entering the password into the dialog box that pops up when you try to edit the display settings or something like that.)

From your guys' personal experience, would it be rare to get a virus and hacked into?

I have a router that has a firewall built in. Is this effective for hackers?

And we can't get hit by the blaster worm, correct? that's only for Windows?

At Linux I believe, it's rare to get a virus. Viruses are still written for Microsoft Windows, partially because of it's design, and one-sidedness of integrated-everywhere applications. Though unices are used a lot more on the Internet; home users are less familiar with security issues and all seam to be using Microsoft Windows.

Getting hacked is a different story. If you don't shut down unnecessary network services, you're simply asking for visitors. (the same is true of Windows XP, which also comes with too much opened ports out-of-the-box) Since large networks are systematically scanned, you'll get indexed somewhere sooner of later. If you have a high-speed Internet connection, you'll find yourself a beloved target, because you're always on-line, and have the ability to participate in an D-DoS attack. You don't want to be responsible for attacking another system won't you?


Usually firewalls at routers 'DROP' every incoming connection. I've scanned my router (acatel) remotely, and nmap explained the host might not be up at all. (until I've opened the SSH port and such) If you haven't opened any connections to the Internet, you're usually safe.


Yep, the ms-blaster worm affects the RPC features of Microsoft Windows, and Microsoft Windows only. AFAIK: From a security bulletin, Microsoft explained that no one should run the RPC service on the network-interface connecting the computer to the Internet. You however, can't turn off RPC in Windows, and it isn't firewalled by default either.

This worm tried to exploit a security leak in a network service. 'Hackers' do the same their-selves. Crackers are the people that find these exploits; script-kiddies only know how to run a pre-made exploit program. (I don't really like to use the term hacker, because it used to mean something completely different)

Hi Every body
Especially Mr.Yapp
I am already enjoying with advice on HOTMAIL Mail issue.Now this time once again u guys opend a new door for me as far as security is concern.

Actually , I got a worm "Redalof"in my linux box. It came through some documents i copied from my peer and finally diagnosed by an antivirus scanner Vexira....This scanner detected the worm but didnot heal it,as it was evolution copy.The vendor demanded purchase.

Next I down loaded one more free scanner PANDA.I installed and run the scanner but could not get the worm.I means i did not detect the virus ,earlier declared by Vexira. so that was the good reason i posted my problem. I dont know wether i am still infacted or not cz i deleted all those documents which were declared infected.

This particular Redalof worm not only infacts the files but it also creates a lot of infected files which disturb the system .It was in my windows network and I disinfacted it with Protector plus antivirus scanner ,But that scanner is not for linux.It spreads it self through shares in the network.I have linux machines and shares as well.So at this moment I dont know cz i dont have proper antivirus.

Rest , all other comments, they really enhansed my knowledg further and i will do all these advices .I have also learn how to protect su as well. if one user log on to the network , he/she can destroy the system through su. so we must ban su as well to protect our network, besides other measures.
mwj

...mr YaPP? and you're welcome.


How does the worm/virus spread itself through your system? Are you sure you haven't been hacked already, and that person injected/modified some system programs? If this is the case, please just pull the plug and rebuild your entire system. You cannot trust your system anymore, nor clean up the mess he creates.

I'm not sure what you mean with 'protect su'. It's a program that executes a process as another user, but not without authorization. Unless you're running as 'root', 'su' will prompt for a password. Type "who am i", "whoami", or "id" in a terminal window, and you'll see the answer quickly.



..and if you're using your system with an limited-user account (what works fluently btw, compared to Windows XP), you are simply not allowed you destroy your system, and all programs that you start (including worms) have these same limitations, unless it's a suid-root program, like "su". Such program always runs as "root", because it needs these rights to run a program as a different user.

In Linux, every user has it's own settings stored in it's home directory. (the hidden dot-files) These settings are automatically generated, and overrule the global system settings (for example, /home/you/.kde/share/config/ overrules /opt/kde/share/config)

su protection means , every user cannot apply su and only authorised users could use "su".This is one way to avoid su and off course second protection will be the root password

This worm "Redallof" spread it self like "Dracolla" in windows environment , not in Linux environment.

that is possible. but be carefull. if you try to limit set-uid executables, you might lock yourself out, or end with a system that doesn't boot.

One other thing I'd like to mention: consult a real security howto instead. Except for 'su', there are plenty of other set-uid executables, you might want to protect. Every set-uid executable runs with root permissions automatically; exploit it, and you're root. ...just be careful with who you authorize shell access at your machine.

btw, disabling all set-uid flags in executables isn't a good idea, because 'su' needs to run as root, for example to change the process-owner. (and run a process with different privileges)

But if you really want to know:
groupadd admins
* add the user names to the new 'admins' field in /etc/group
chgrp admins /bin/su
chmod o-x /bin/su

yes

Yes sure i wil take care all of these piece of advices.I will go through the security How Tos,as soon as I settle down all of my present issues, like domain controler etc
Thanks for keeping in touch and your professional approch.
I will be in touch.Let me know the real security how to and NATing and Ip Tables as well for SQUID .
mwj