|
| View previous topic :: View next topic |
| Author |
Message |
hansencomputers
|
 Posted: Sun Nov 04, 2007 4:08 am Post subject: periodic security sweep |
 |
|
Since switching to Linux, I have not been doing any scheduled security sweeps. Coming from WIN XP, I was accustomed to checking the system for any malicious software. This was required on a regular basis.
What do I need to do periodically, in terms of anti-virus, anti-spy ware, etc, to my BLAG 60K system?
I'm just getting a bit nervous. I feel like I need to check for something.
Thanks,
Mike H
|
|
|
 |
john maclean
|
| Posted: Sun Nov 04, 2007 12:01 pm Post subject: |
|
|
You don't know how many times I bugged Jebba to convince me that I did //not// need anti-virus, malware, this-ware detection!
Short story,
- A desktop or laptop that is not being used as a server. You don't need to check for anything is you are using software obtained from the BLAG repositary or other "well-known" places. (e.g, dag, sourceforge...)
- A machine that is being used as a server. Everything is crackable but it's very hard on a box running GNU/Linux.
| Code: | apt-cache search rootkit
chkrootkit - Tool to locally check for signs of a rootkit |
Also
| Code: | apt-cache search clamav
clamav - End-user tools for the Clam Antivirus scanner
clamav-data - Virus signature data for the Clam Antivirus scanner
clamav-db - Virus database for clamav
clamav-devel - Header files and libraries for the Clam Antivirus scanner
clamav-lib - Dynamic libraries for the Clam Antivirus scanner
clamav-milter - Sendmail-milter for the Clam Antivirus scanner
clamav-milter-sysv - SysV initscripts for the clamav sendmail-milter
clamav-server - Clam Antivirus scanner server
clamav-server-sysv - SysV initscripts for clamav server
clamav-update - Auto-updater for the Clam Antivirus scanner data-files
clamtk - Easy to use front-end for ClamAV
claws-mail-plugins-clamav - Clamav antivirus plugin for claws-mail
exim-clamav - Clam Antivirus scanner dæmon configuration for use with Exim
klamav - Clam Anti-Virus on the KDE Desktop |
|
_________________
BLAG 'em up! |
|
|
hansencomputers
|
| Posted: Sun Nov 04, 2007 12:50 pm Post subject: |
|
|
Thanks for the feedback. Since I steer other people to BLAG, this question comes up from the converts, and I am also concerned.
I tried running the suggested code:
| Code: | [root@localhost mike]# apt-cache search rootkit
E: Unable to determine version for package fedora-release
[root@localhost mike]# |
As you can see, there is an error. Any suggestions?
Also, what about running MS Windows software with WINE? Could I infect my PC with a virus designed for MS WIN if I run it with WINE? I have experimented with WINE and some MS WIN software. I have moved on to Linux software (was using DVD Shrink with WINE, now using K9Copy). I have tried running other MS WIN software with WINE to see what it can/can not do.
My top concern is with internet security and identity theft, etc. I regularly make purchases on-line, and entering CC numbers is a concern. I use Firefox, and have "PhishTank", "SiteAdvisor" and "NoScript" add-ons.
I need this info, not just for myself, but the people who have converted and feel they need to do something.
Thanks,
Mike H
|
|
|
|
john maclean
|
| Posted: Sun Nov 04, 2007 12:59 pm Post subject: |
|
|
Hrm, that's odd. This is a BLAG box.
| Code: | [jayeola@zulu ~]$ cat /etc/issue
BLAG release 60001 (odd)
Kernel \r on an \m
[jayeola@zulu ~]$ apt-cache search rootkit
chkrootkit - Tool to locally check for signs of a rootkit |
About the wine stuff. Guys?
|
_________________
BLAG 'em up! |
|
|
hansencomputers
|
| Posted: Sun Nov 04, 2007 1:46 pm Post subject: |
|
|
I went into Add/remove programs, and searched for rootkit. I found a program called chkrootkit. This was not installed, so I added it.
The description came with some instructions. In a terminal, I typed "chkrootkit" and it ran some tests. results were negative (as expected).
| Quote: | chkrootkit is a tool to locally check for signs of a rootkit. It contains:
* chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc: checks if the network interface is in promiscuous mode. * chklastlog: checks for lastlog deletions. * chkwtmp: checks for wtmp deletions. * chkproc: checks for signs of LKM trojans. * chkdirs: checks for signs of LKM trojans. * strings: quick and dirty strings replacement. * chkutmp: checks for utmp deletions. |
Above is the program description.
Mike
|
|
|
|
john maclean
|
| Posted: Sun Nov 04, 2007 1:54 pm Post subject: |
|
|
/* anecdote */
I remember reading somewhere that the first thing that the author did when he suspected that a box was cracked was to remove chrootkit, reinstall it, then run it again. His rationale was that a cracker would aim for chrootkit and change it to make the system look as if nothing bad had happened.
|
_________________
BLAG 'em up! |
|
|
jebba
|
| Posted: Sun Nov 04, 2007 8:31 pm Post subject: |
|
|
chkrootkit generates lots of false positives too...
keep up to date with:
| Code: | apt-get update
apt-get dist-upgrade |
and that should keep you quite secure. Also don't run services that you don't need (e.g. nfs, portmap, ftpd, etc)
|
|
|
|
|
|
|
