BLAG

BLAG Forums
It is currently Sat Dec 20, 2014 7:25 am

All times are UTC




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: periodic security sweep
PostPosted: Sun Nov 04, 2007 4:08 am 
Offline

Joined: Sun Mar 25, 2007 11:33 am
Posts: 240
Location: Great Lakes
Since switching to Linux, I have not been doing any scheduled security sweeps. Coming from WIN XP, I was accustomed to checking the system for any malicious software. This was required on a regular basis.

What do I need to do periodically, in terms of anti-virus, anti-spy ware, etc, to my BLAG 60K system?

I'm just getting a bit nervous. I feel like I need to check for something.

Thanks,
Mike H


Top
 Profile  
 
 Post subject:
PostPosted: Sun Nov 04, 2007 12:01 pm 
Offline
Site Admin

Joined: Wed Mar 17, 2004 6:17 pm
Posts: 1340
Location: London, UK
You don't know how many times I bugged Jebba to convince me that I did //not// need anti-virus, malware, this-ware detection!

Short story,
- A desktop or laptop that is not being used as a server. You don't need to check for anything is you are using software obtained from the BLAG repositary or other "well-known" places. (e.g, dag, sourceforge...)

- A machine that is being used as a server. Everything is crackable but it's very hard on a box running GNU/Linux.

Code:
 apt-cache search rootkit
chkrootkit - Tool to locally check for signs of a rootkit


Also

Code:
 apt-cache search clamav
clamav - End-user tools for the Clam Antivirus scanner
clamav-data - Virus signature data for the Clam Antivirus scanner
clamav-db - Virus database for clamav
clamav-devel - Header files and libraries for the Clam Antivirus scanner
clamav-lib - Dynamic libraries for the Clam Antivirus scanner
clamav-milter - Sendmail-milter for the Clam Antivirus scanner
clamav-milter-sysv - SysV initscripts for the clamav sendmail-milter
clamav-server - Clam Antivirus scanner server
clamav-server-sysv - SysV initscripts for clamav server
clamav-update - Auto-updater for the Clam Antivirus scanner data-files
clamtk - Easy to use front-end for ClamAV
claws-mail-plugins-clamav - Clamav antivirus plugin for claws-mail
exim-clamav - Clam Antivirus scanner dæmon configuration for use with Exim
klamav - Clam Anti-Virus on the KDE Desktop

_________________
BLAG 'em up!


Top
 Profile  
 
 Post subject:
PostPosted: Sun Nov 04, 2007 12:50 pm 
Offline

Joined: Sun Mar 25, 2007 11:33 am
Posts: 240
Location: Great Lakes
Thanks for the feedback. Since I steer other people to BLAG, this question comes up from the converts, and I am also concerned.

I tried running the suggested code:

Code:
[root@localhost mike]# apt-cache search rootkit
E: Unable to determine version for package fedora-release
[root@localhost mike]#


As you can see, there is an error. Any suggestions?

Also, what about running MS Windows software with WINE? Could I infect my PC with a virus designed for MS WIN if I run it with WINE? I have experimented with WINE and some MS WIN software. I have moved on to Linux software (was using DVD Shrink with WINE, now using K9Copy). I have tried running other MS WIN software with WINE to see what it can/can not do.

My top concern is with internet security and identity theft, etc. I regularly make purchases on-line, and entering CC numbers is a concern. I use Firefox, and have "PhishTank", "SiteAdvisor" and "NoScript" add-ons.

I need this info, not just for myself, but the people who have converted and feel they need to do something.

Thanks,
Mike H


Top
 Profile  
 
 Post subject:
PostPosted: Sun Nov 04, 2007 12:59 pm 
Offline
Site Admin

Joined: Wed Mar 17, 2004 6:17 pm
Posts: 1340
Location: London, UK
Hrm, that's odd. This is a BLAG box.

Code:
[jayeola@zulu ~]$ cat /etc/issue
BLAG release 60001 (odd)
Kernel \r on an \m

[jayeola@zulu ~]$ apt-cache search rootkit
chkrootkit - Tool to locally check for signs of a rootkit


About the wine stuff. Guys?

_________________
BLAG 'em up!


Top
 Profile  
 
 Post subject:
PostPosted: Sun Nov 04, 2007 1:46 pm 
Offline

Joined: Sun Mar 25, 2007 11:33 am
Posts: 240
Location: Great Lakes
I went into Add/remove programs, and searched for rootkit. I found a program called chkrootkit. This was not installed, so I added it.

The description came with some instructions. In a terminal, I typed "chkrootkit" and it ran some tests. results were negative (as expected).

Quote:
chkrootkit is a tool to locally check for signs of a rootkit. It contains:

* chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc: checks if the network interface is in promiscuous mode. * chklastlog: checks for lastlog deletions. * chkwtmp: checks for wtmp deletions. * chkproc: checks for signs of LKM trojans. * chkdirs: checks for signs of LKM trojans. * strings: quick and dirty strings replacement. * chkutmp: checks for utmp deletions.


Above is the program description.

Mike


Top
 Profile  
 
 Post subject:
PostPosted: Sun Nov 04, 2007 1:54 pm 
Offline
Site Admin

Joined: Wed Mar 17, 2004 6:17 pm
Posts: 1340
Location: London, UK
/* anecdote */
I remember reading somewhere that the first thing that the author did when he suspected that a box was cracked was to remove chrootkit, reinstall it, then run it again. His rationale was that a cracker would aim for chrootkit and change it to make the system look as if nothing bad had happened.

_________________
BLAG 'em up!


Top
 Profile  
 
 Post subject:
PostPosted: Sun Nov 04, 2007 8:31 pm 
Offline
Site Admin

Joined: Sun Mar 14, 2004 3:17 pm
Posts: 4492
Location: Loveland, Colorado, USA
chkrootkit generates lots of false positives too...

keep up to date with:

Code:
apt-get update
apt-get dist-upgrade


and that should keep you quite secure. Also don't run services that you don't need (e.g. nfs, portmap, ftpd, etc)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group