Antivirus in FC3?

Scot L. Harris webid at cfl.rr.com
Mon Mar 14 22:16:19 UTC 2005 

On Mon, 2005-03-14 at 16:36, Dotan Cohen wrote:
> Does linux really need antivirus? I have been googleing this for close
> to an hour and came to the conclusion that this is only nessacary for
> linux IF there is a mailserver delivering mail to a windows box, for
> the protection of the windows box.
> 
> Any comments from those more experienced than myself?


Virus protection by the Windows definition is not really needed except
if you are running an email server for windows clients.  Both the server
and the clients should run virus software in that case.  Clamav is one
package that can run on Linux for this purpose.

Linux is not as susceptible to virus type problems since most services
don't run with root (administrator in the windows world) privileges.  
But don't take that to mean that linux is invulnerable.  There have been
worms that have compromised systems.  The difference is that the damage
is usually limited and quickly corrected.

But it is always best to do as much as possible to protect your systems.

To protect Linux itself you have a variety of tools that are available.

First use iptables, that is the firewall supplied with FC.  You can get
a variety or frontends that make managing iptables easier.

chkrootkit or rkhunter are packages that will examine a linux system for
signs that a rootkit has been installed.  

tripwire is used to take a snapshot of your systems files and then
periodically compares that snapshot to the running system.  If someone
changes something on your system tripwire will let you know what was
changed.  A good intrusion detection system.

snort is a good network intrusion detection system.  It can be used to
detect unusual network activity and take measures to block IP addresses
where suspicious activity originated.   This is a some what complex
package to deploy however.

selinux is another item recently added that adds a finer control over
access permissions to the file systems.  Think of this as an even better
ACL system.  (IMHO the original permissions scheme under Unix/Linux was
better than what Windows ever had and selinux improves on that)

Then there is best practice.  This means using good passwords,
physically securing your systems, turning off unused services, using
secure connections such as ssh, scp, and VPNs, and a host of other
things.

So don't take linux security for granted.  There is lots that needs to
be done to keep a system from being compromised.  
  
-- 

Response brought to you by AutoReponder 0.1
a product of Magic-8-ball productions.
(version 0.2 will feature correct answers!)

More information about the fedora-list mailing list