FAQ   Search   Memberlist  
Profile    Log in to check your private messages    Register    Log in
periodic security sweep

 
Post new topic   Reply to topic    BLAG Forum Index -> open discussion
View previous topic :: View next topic  
Author Message
hansencomputers
PostPosted: Sun Nov 04, 2007 4:08 am    Post subject: periodic security sweep Reply with quote

Since switching to Linux, I have not been doing any scheduled security sweeps. Coming from WIN XP, I was accustomed to checking the system for any malicious software. This was required on a regular basis.

What do I need to do periodically, in terms of anti-virus, anti-spy ware, etc, to my BLAG 60K system?

I'm just getting a bit nervous. I feel like I need to check for something.

Thanks,
Mike H

john maclean
PostPosted: Sun Nov 04, 2007 12:01 pm    Post subject: Reply with quote

You don't know how many times I bugged Jebba to convince me that I did //not// need anti-virus, malware, this-ware detection!

Short story,
- A desktop or laptop that is not being used as a server. You don't need to check for anything is you are using software obtained from the BLAG repositary or other "well-known" places. (e.g, dag, sourceforge...)

- A machine that is being used as a server. Everything is crackable but it's very hard on a box running GNU/Linux.

Code:
 apt-cache search rootkit
chkrootkit - Tool to locally check for signs of a rootkit


Also

Code:
 apt-cache search clamav
clamav - End-user tools for the Clam Antivirus scanner
clamav-data - Virus signature data for the Clam Antivirus scanner
clamav-db - Virus database for clamav
clamav-devel - Header files and libraries for the Clam Antivirus scanner
clamav-lib - Dynamic libraries for the Clam Antivirus scanner
clamav-milter - Sendmail-milter for the Clam Antivirus scanner
clamav-milter-sysv - SysV initscripts for the clamav sendmail-milter
clamav-server - Clam Antivirus scanner server
clamav-server-sysv - SysV initscripts for clamav server
clamav-update - Auto-updater for the Clam Antivirus scanner data-files
clamtk - Easy to use front-end for ClamAV
claws-mail-plugins-clamav - Clamav antivirus plugin for claws-mail
exim-clamav - Clam Antivirus scanner dæmon configuration for use with Exim
klamav - Clam Anti-Virus on the KDE Desktop


_________________
BLAG 'em up!
hansencomputers
PostPosted: Sun Nov 04, 2007 12:50 pm    Post subject: Reply with quote

Thanks for the feedback. Since I steer other people to BLAG, this question comes up from the converts, and I am also concerned.

I tried running the suggested code:

Code:
[root@localhost mike]# apt-cache search rootkit
E: Unable to determine version for package fedora-release
[root@localhost mike]#


As you can see, there is an error. Any suggestions?

Also, what about running MS Windows software with WINE? Could I infect my PC with a virus designed for MS WIN if I run it with WINE? I have experimented with WINE and some MS WIN software. I have moved on to Linux software (was using DVD Shrink with WINE, now using K9Copy). I have tried running other MS WIN software with WINE to see what it can/can not do.

My top concern is with internet security and identity theft, etc. I regularly make purchases on-line, and entering CC numbers is a concern. I use Firefox, and have "PhishTank", "SiteAdvisor" and "NoScript" add-ons.

I need this info, not just for myself, but the people who have converted and feel they need to do something.

Thanks,
Mike H

john maclean
PostPosted: Sun Nov 04, 2007 12:59 pm    Post subject: Reply with quote

Hrm, that's odd. This is a BLAG box.

Code:
[jayeola@zulu ~]$ cat /etc/issue
BLAG release 60001 (odd)
Kernel \r on an \m

[jayeola@zulu ~]$ apt-cache search rootkit
chkrootkit - Tool to locally check for signs of a rootkit


About the wine stuff. Guys?


_________________
BLAG 'em up!
hansencomputers
PostPosted: Sun Nov 04, 2007 1:46 pm    Post subject: Reply with quote

I went into Add/remove programs, and searched for rootkit. I found a program called chkrootkit. This was not installed, so I added it.

The description came with some instructions. In a terminal, I typed "chkrootkit" and it ran some tests. results were negative (as expected).

Quote:
chkrootkit is a tool to locally check for signs of a rootkit. It contains:

* chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc: checks if the network interface is in promiscuous mode. * chklastlog: checks for lastlog deletions. * chkwtmp: checks for wtmp deletions. * chkproc: checks for signs of LKM trojans. * chkdirs: checks for signs of LKM trojans. * strings: quick and dirty strings replacement. * chkutmp: checks for utmp deletions.


Above is the program description.

Mike

john maclean
PostPosted: Sun Nov 04, 2007 1:54 pm    Post subject: Reply with quote

/* anecdote */
I remember reading somewhere that the first thing that the author did when he suspected that a box was cracked was to remove chrootkit, reinstall it, then run it again. His rationale was that a cracker would aim for chrootkit and change it to make the system look as if nothing bad had happened.


_________________
BLAG 'em up!
jebba
PostPosted: Sun Nov 04, 2007 8:31 pm    Post subject: Reply with quote

chkrootkit generates lots of false positives too...

keep up to date with:

Code:
apt-get update
apt-get dist-upgrade


and that should keep you quite secure. Also don't run services that you don't need (e.g. nfs, portmap, ftpd, etc)

Display posts from previous:   
Post new topic   Reply to topic    BLAG Forum Index -> open discussion
Page 1 of 1

Protected by Anti-Spam ACP