FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 08-03-2010, 10:35 PM
Aaron Toponce
 
Default Anti virus and Firewall

On Tue, Aug 03, 2010 at 10:43:05PM +0100, Tingez Unknown wrote:
> I am looking for any suggestions regarding Anti virus and firewall
> software that is suitable with your Debian 5 64bit operating system.
> Wanting to add as much security as possible to our server to reduce any
> problems we may encounter. I would like any suggestions as to the best
> software that can be used either paid for or freeware if you would be so
> kind.

While antivirus software exists for GNU/Linux systems such as Debian,
it's not really needed as most viruses are targeting Windows machines.
If you are concerned about the potential impact, I would recommend
running SELinux coupled with AIDE over any antivirus software. While
their goals are slightly different, the overall idea is the same- lock
down the server, and prevent any unouthorized changes to the filesystem.

When changes occur, report the change, and give an ability to restore
completely from backup. The best antivirus software will do for you is
report the virus, and attempt to remove the virus. Because you can never
be sure what has been changed, it's always best to do a reinstall after
an infection. You would do the same with SELinux and AIDE.

In terms of firewall, the Linux kernel has a builtin firewall through
the Netfilter module and the 'iptables' userspace command. There are
frontends for iptables, if it is too intimidating for you. There's also
TCP wrappers and xinetd for additional firewalling. You could even using
ACLs to allow and deny access to your services.

--
. O . O . O . . O O . . . O .
. . O . O O O . O . O O . . O
O O O . O . . O O O O . O O O
 
Old 08-03-2010, 11:53 PM
Nuno Magalhães
 
Default Anti virus and Firewall

Hi,

As Aaron Toponce said, most viruses target Windows, but if you share a
lot of files it would be nice (for your windows users) to scan them.
Try clamav: http://www.clamav.net/
Debian package clamav i tihnk, and it installs freshclam as well for updates.

As for firewall, i'm happy with shorewall, debian package with the same name.

I don't use a mail server (again an antivirus would be nice for email
attachments - plus spamfilter!), as for FTP i prefer using scp over
ssh, and for webserver i use nginx.

I've heard about tripwire, which might be similar to what Aaron mentioned.

HTH,
Nuno

--
()┬* ascii-rubanda kampajno - kontra┼* html-a retpo┼Łto
/┬* ascii ribbon campaign - against html e-mail


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTi=XmxNw6kp8x=GuoJatmEjTC2xEfdALO=Br-_u-@mail.gmail.com">http://lists.debian.org/AANLkTi=XmxNw6kp8x=GuoJatmEjTC2xEfdALO=Br-_u-@mail.gmail.com
 
Old 08-04-2010, 08:53 AM
Wolodja Wentland
 
Default Anti virus and Firewall

On Tue, Aug 03, 2010 at 22:43 +0100, Tingez Unknown wrote:
> Firstly i am very new to Debian so please excuse me for my lack of
> understanding.

Welcome to Debian

> I am looking for any suggestions regarding Anti virus and firewall software
> that is suitable with your Debian 5 64bit operating system. Wanting to add as
> much security as possible to our server to reduce any problems we may
> encounter. I would like any suggestions as to the best software that can be
> used either paid for or freeware if you would be so kind.

It has already been noted in this thread that anti-virus software is not
necessarily needed as most viruses target Windows, but you might want to
take a look at software that scans for rootkits [1].

I would also encourage you to familiarise yourself with Debian by
reading the Debian reference [2] (also available as Debian package
"debian-reference-LANG") and the "Securing Debian Manual" [3].

Have Fun

Wolodja

[1] Examples:

chkrootkit - rootkit detector
rkhunter - rootkit, backdoor, sniffer and exploit scanner

[2] http://www.debian.org/doc/manuals/reference/
[3] http://www.debian.org/doc/manuals/securing-debian-howto/

--
.'`. Wolodja Wentland <wentland@cl.uni-heidelberg.de>
: :' :
`. `'` 4096R/CAF14EFC
`- 081C B7CD FF04 2BA9 94EA 36B2 8B7F 7D30 CAF1 4EFC
 
Old 08-04-2010, 09:19 AM
Michal
 
Default Anti virus and Firewall

On 03/08/10 22:43, Tingez Unknown wrote:
Hi all Debian people,



Firstly i am very new to Debian so please excuse me for my lack of
understanding. I have recently got a Dedicated server box for my gaming
Clan and have had Debian 5 64bit installed on it. Now as we will
eventually be using the server for our web site for forums, Emails,
sending and receiving files and all other aspects web site related,
fast redirect downloading system for game server maps, mods etc., ftp,
Big brother bot game server software and game servers of varying games.




I am looking for any suggestions regarding Anti virus and firewall
software that is suitable with your Debian 5 64bit operating system.
Wanting to add as much security as possible to our server to reduce any
problems we may encounter. I would like any suggestions as to the best
software that can be used either paid for or freeware if you would be
so kind.







Kind Regards



Martin

Will your server be able to take that load? I used to run a game
hosting company and made it a rule that game servers hosted game rooms,
the web server dealt with the websites and the teamspeak/vent servers
and our redirect servers where dotted around America and we used a sort
of basic geo-ip type redirection. We had lots of customers so our needs
are different from yours, but I just want you to make sure your 1
server can take that load. We, and other friends we had the industry,
made it a rule that web/voice never went on game servers. However your
milage will vary of course.



Firewalling can be easy with iptables and so forth, on windows boxes we
used IPSEC and all that stuff is very similar and easy to use/manage.



AV...well, unless you will have people uploading files as and wish they
please you will probably not need this and I've seen many many friends
run this sort of operation with no problems. It all depends on what, if
any, files will be uploaded and by who
 
Old 08-04-2010, 02:24 PM
Brian
 
Default Anti virus and Firewall

On Wed 04 Aug 2010 at 10:53:42 +0200, Wolodja Wentland wrote:

> chkrootkit - rootkit detector
> rkhunter - rootkit, backdoor, sniffer and exploit scanner

If ckkrootkit really did detect worms like Lupper, Lion
and Adore (as opposed to the false positives both programs
appear fond of generating) the user should take a close
look at the Debian release he is using.

My problem with software like this is that it gives the
impression of providing security over and above what the
normal updating procedure provides.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100804142447.GI26887@desktop">http://lists.debian.org/20100804142447.GI26887@desktop
 
Old 08-04-2010, 03:09 PM
Jordon Bedwell
 
Default Anti virus and Firewall

On 8/4/2010 9:24 AM, Brian wrote:

On Wed 04 Aug 2010 at 10:53:42 +0200, Wolodja Wentland wrote:


chkrootkit - rootkit detector
rkhunter - rootkit, backdoor, sniffer and exploit scanner


If ckkrootkit really did detect worms like Lupper, Lion
and Adore (as opposed to the false positives both programs
appear fond of generating) the user should take a close
look at the Debian release he is using.

My problem with software like this is that it gives the
impression of providing security over and above what the
normal updating procedure provides.





Because a rootkit can't remain hidden and inject itself back into the
binary after a "security update" right? I mean it's never happened
before, that's why Tripwire doesn't exist...Or because apt does trigger
checks and validates once after the install and then once more a few
minutes later to trigger integrity violations? Or because doing a
security update on grub will remove a rootkit in your system that will
just inject itself back into the boot? All this is just figments of our
imagination and it's impossible for any of this to happen because all
you have to do is apt-get upgrade and you'll be legit.



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C59829D.1000509@envygeeks.com">http://lists.debian.org/4C59829D.1000509@envygeeks.com
 
Old 08-04-2010, 05:43 PM
Brian
 
Default Anti virus and Firewall

On Wed 04 Aug 2010 at 10:09:17 -0500, Jordon Bedwell wrote:

> Because a rootkit can't remain hidden and inject itself back into the
> binary after a "security update" right?

Correct. It wouldn't be there in the first place and I don't plan on
having my root acoount compromised. Besides, I know my system.

I mean it's never happened
> before, that's why Tripwire doesn't exist...Or because apt does trigger
> checks and validates once after the install and then once more a few
> minutes later to trigger integrity violations? Or because doing a
> security update on grub will remove a rootkit in your system that will
> just inject itself back into the boot? All this is just figments of our
> imagination and it's impossible for any of this to happen because all
> you have to do is apt-get upgrade and you'll be legit.

You're speaking hypothetically. When rootkits with these capabilities
exist neither chkrootkit nor rkhunter will detect them. By the time
they get round to it my updates will have brought in the fixes, just
as they did when Lion, which chkrootkit spuriously claims to defend
me against, was about.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100804174319.GL26887@desktop">http://lists.debian.org/20100804174319.GL26887@desktop
 
Old 08-04-2010, 06:49 PM
Nuno Magalhães
 
Default Anti virus and Firewall

On Wed, Aug 4, 2010 at 18:43, Brian <ad44@cityscape.co.uk> wrote:
> Besides, I know my system.

Famous last words...

--
()┬* ascii-rubanda kampajno - kontra┼* html-a retpo┼Łto
/┬* ascii ribbon campaign - against html e-mail


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTimKv=r0C1s1o457XMKdjGSVKnwehaavzMsW72sv@mail .gmail.com">http://lists.debian.org/AANLkTimKv=r0C1s1o457XMKdjGSVKnwehaavzMsW72sv@mail .gmail.com
 
Old 08-05-2010, 07:31 AM
Jordon Bedwell
 
Default Anti virus and Firewall

On 8/4/2010 12:43 PM, Brian wrote:

On Wed 04 Aug 2010 at 10:09:17 -0500, Jordon Bedwell wrote:
Correct. It wouldn't be there in the first place and I don't plan on
having my root acoount compromised. Besides, I know my system.


Naive but cute you think that though. You obviously don't to the latter.


You're speaking hypothetically. When rootkits with these capabilities
exist neither chkrootkit nor rkhunter will detect them. By the time
they get round to it my updates will have brought in the fixes, just
as they did when Lion, which chkrootkit spuriously claims to defend
me against, was about.


Let me know when the security industry does not run on theory and
hypothetical (until proven) proof of concepts. if it weren't for theory
and hypothetical situations you would still think MD5 was secure because
nobody would have hypothesized that if MD5 was vulnerable to clashes and
then could be vulnerable to rainbow tables, and then come up with a
proof of concept which is now generally accepted as true and proven by
the security and non-security industry. The world runs off of
hypothetical situations, without them, you would still be using a pen
and paper sir, actually, possibly and probably not because you wouldn't
even have fire.


Let me know when you can't noexec mount that drive onto a clean system,
or onto the current system with a liveCD and check for rootkits so that
the rootkit can't constantly hide itself, even if it's in the Kernel.


Chkrootkit does not claim to "defend you", "protect you", "warn you
ahead of time with constant monitoring", "secure you" or "fix problems"
it merely only claims to try and find rootkits, they don't say on their
site "you are protected from rootkits if you use our software", "you
will be safe from rootkits if you use our software", "rootkits are no
more with our software!", "we will remove the rootkits for you with our
software and you will be safe!", no, it only claims to detect them. As
a matter of fact, is the tagline of chkrootkit not: "locally checks for
signs of a rootkit" not "locally checks and removes rootkits".



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Archive: 4C5A68C8.8050802@envygeeks.com">http://lists.debian.org/4C5A68C8.8050802@envygeeks.com
 
Old 08-05-2010, 07:35 AM
Eero Volotinen
 
Default Anti virus and Firewall

2010/8/4 Tingez Unknown <tingez@twf-clan.co.uk>:
> Hi all Debian people,
>
> Firstly i am very new to Debian so please excuse me for my lack of
> understanding. I have recently got a Dedicated server box for my gaming Clan
> and have had Debian 5 64bit installed on it. Now as we will eventually be
> using the server for our web site for forums, Emails, sending and receiving
> files and all other aspects web site related, fast redirect downloading
> system for game server maps, mods etc., ftp, Big brother bot game server
> software and game servers of varying games.
>
> I am looking for any suggestions regarding Anti virus and firewall software
> that is suitable with your Debian 5 64bit operating system. Wanting to add
> as much security as possible to our server to reduce any problems we may
> encounter. I would like any suggestions as to the best software that can be
> used either paid for or freeware if you would be so kind.

See CIS instructions for debian, bit old but still working:

http://cisecurity.org/en-us/?route=downloads.show.single.debian.100

--
Eero


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTi=ygy6fLbkX7iQKgWtiKOaJLHzVv0jw2rurQM7c@mail .gmail.com">http://lists.debian.org/AANLkTi=ygy6fLbkX7iQKgWtiKOaJLHzVv0jw2rurQM7c@mail .gmail.com
 

Thread Tools




All times are GMT. The time now is 03:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org