Re: Linux anti-virus any good? [CLOSED}

[William]

Well, the high-scoring workstation choices cost too much for me, and/or 
did not have a version for Linux.  Server choices are not appropriate 
for my situation.  So I'll stick with rkhunter, chkrootkit, NoScript, 
uBlock Origin, Better Privacy, what's built into Firefox and 
Thunderbird, and trying to be careful with links and attachments in e-mail.


It was an an interesting and educational discussion.  Thank-you, 
everyone.  I consider this closed.


Bill.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[William Mattison]

Good morning,

(replying to a few messages at once)

> Linux has no viruses.

There are actually *two* reasons for starting this thread.  First, to get 
advice needed to choose the right "anti-virus" for my home workstation.  
Second, I believe that the article that I referenced would be of real interest 
to many of this list's members.  The article makes it very clear that there is 
malware targeting Linux systems.  I really recommend a good, careful reading of 
the article. 

> ... However, as Linux is often used to provide services to other systems ...

I agree, and that's part of what the article focuses on.  In my case, this is a 
stand-alone home workstation.

> The group may be independent and objective, but running tests with known 
> malware samples
> is easy to do and not particularly helpful. What is more important than 
> %detection of some
> collection of known malware is the track record of the vendor -- do they 
> detect new variants of
> old malware? How quickly do they distribute database updates? Do the tests 
> include 3rd party
> AV database updates ...

Thank-you George!  I needed that reminder.  I agree.

> Other testing organizations: https://www.av-comparatives.org
> https://www.icsalabs.com/ https://www.nsslabs.com/

I will check those out.  Thank-you.

> Given that the US government has limited use of Kaspersky software ...

I recall hearing about that in the news within the past couple of weeks, but I 
forgot which company the report focused on.  Thanks.  I agree with your point.

As advised in a separate recent thread, I've shut down sshd.  I use "rkhunter" 
and "chkrootkit" as advised in a thread some 4 tears ago.  I have "NoScript", 
"uBlock Origin", and "Better Privacy" add-ons in my Firefox, and I think 
Firefox itself tries to minimize or block some data-gathering ("browser 
fingerprinting"?).  I have Firefox set to not keep history, and to delete cache 
when exiting.  But there's spoofing, ever-cookies, phishing, browser and canvas 
fingerprinting, stegaongraphic concealment, and how many others that I haven't 
yet heard of.  I recall that last year (?), some phishing scam was good enough 
to fool some government chief of some government security agency.  I'm fallible 
too.  So I believe it would be a good idea to have and use good anti-malware on 
my system.  It's the workstation anti-malware that I'm interested in, not the 
server anti-malware.

Thank-you, everyone.
Bill.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[George N. White III]

On 11 July 2017 at 21:33, William  wrote:

> Good evening,
>
> A few years ago, I found a web site "https://www.av-test.org; when trying
> to find comparisons of windows-7 anti-virus software.  I more recently
> re-visited that site, and found an article on Linux and anti-virus software
> for Linux.  It's here:
> "https://www.av-test.org/en/news/news-single-view/linux-16-
> security-packages-against-windows-and-linux-malware-put-to-the-test/".
>
> I have a few questions for this list:
> 1. How independent and objective is the group doing these tests,
> comparisons, and evaluations?  This is important for knowing just how much
> weight to give what they say.
> 2. If you've had any experience with any of the anti-virus packages
> reported on in that article, especially those that received high scores for
> workstations, what is your review of that/those packages?
>
> I do see that this article is nearly 2 years old.  And I do realize that
> nothing gives me 100% protection or detection.
>

Given that the US government has limited use of Kaspersky software (
https://www.reuters.com/article/us-usa-kasperskylab-idUSKBN19W2W2), reviews
of AV software should
mention known ties to national government agencies.   Careful people
shouldn't use tools they or a trusted agent didn't build from source, and
should be careful about where
they get database updates.

-- 
George N. White III 
Head of St. Margarets Bay, Nova Scotia
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Jon LaBadie]

On Wed, Jul 12, 2017 at 05:28:47PM -0500, Doug wrote:
> 
> > On Wed, Jul 12, 2017 at 12:09:09PM -0500, Dave Ihnat wrote:
> > > On Wed, Jul 12, 2017 at 10:55:01AM -0400, Frank Pikelner wrote:
> > > > It is not complicated finding SSH running on a different port using 
> > > > Nmap:
> > > That's true.  It's also true that the vast majority of scriptkiddies don't
> > > do that.  Quite seriously, moving SSH off port 22 *will* and *does* drop
> > > the vast majority of doorknob rattling.
> > > 
> > > > Suggest adding something like Fail2Ban to slow down the password guess
> > > > attempts against SSH.
> > > True.  Not only that, but also adding DenyHosts.
> > 
> > jl
> How do you move SSH off port 22? Please supply konsole code.
> 

If you are using a router to connect to your ISP it may provide
an alternative to changing the sshd configuration.  The ones I've
used have a feature called 'port forwarding'; if something comes
in on port X forward it to host A on port Y.

For example, my router forwards internet connections that come in
on to port 222 to host 'mums' on port 22.  Similarly, connections
on port 223 are directed to host 'vost' on port 22.

No change is needed in the sshd configuration so I can still use
the normal port 22 for connections inside my lan.

Jon
-- 
Jon H. LaBadie  jo...@jgcomp.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Ed Greshko]

On 07/13/17 08:39, Rick Stevens wrote:
> On 07/12/2017 05:28 PM, Ed Greshko wrote:
>> On 07/13/17 08:23, Samuel Sieb wrote:
>>> On 07/12/2017 05:15 PM, Ed Greshko wrote:
 And if you're running selinux in enforcing mode you'll need to generate a 
 policy to
 allow sshd to bind to the chosen port.
>>> You don't have to generate a policy, it's really easy.  Assuming port 222, 
>>> just do:
>>> semanage port -a -t ssh_port_t -p tcp 222
>>>
>> Yes, you can do that as well.
>> The point is, you need to make a selinux change.
> Ah, yes, I forgot about selinux. D'oh!

And, I should also mention that in most cases I prefer to create my own 
policies for
changes made to selinux for the simple reason that I have a bad memory for 
things I
do infrequently.  So, if I create a policy with a good descriptive name I have a
better chance of recalling what I did to make something work.  :-) :-)

-- 
Fedora Users List - The place to go to speculate endlessly



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Rick Stevens]

On 07/12/2017 05:28 PM, Ed Greshko wrote:
> On 07/13/17 08:23, Samuel Sieb wrote:
>> On 07/12/2017 05:15 PM, Ed Greshko wrote:
>>> And if you're running selinux in enforcing mode you'll need to generate a 
>>> policy to
>>> allow sshd to bind to the chosen port.
>>
>> You don't have to generate a policy, it's really easy.  Assuming port 222, 
>> just do:
>> semanage port -a -t ssh_port_t -p tcp 222
>>
> 
> Yes, you can do that as well.
> The point is, you need to make a selinux change.

Ah, yes, I forgot about selinux. D'oh!
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
-   A squeegee, by any other name, wouldn't sound as funny.  -
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Ed Greshko]

On 07/13/17 08:23, Samuel Sieb wrote:
> On 07/12/2017 05:15 PM, Ed Greshko wrote:
>> And if you're running selinux in enforcing mode you'll need to generate a 
>> policy to
>> allow sshd to bind to the chosen port.
>
> You don't have to generate a policy, it's really easy.  Assuming port 222, 
> just do:
> semanage port -a -t ssh_port_t -p tcp 222
>

Yes, you can do that as well.
The point is, you need to make a selinux change.

-- 
Fedora Users List - The place to go to speculate endlessly



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Samuel Sieb]

On 07/12/2017 05:18 PM, Samuel Sieb wrote:
I'm not sure what the original poster was meaning by the last part of 
that command.  You should use either a single host(name) or an IP range, 
not both.  In your case use either "linux1" or "192.168.1.11", but I'm 
not sure how effective it is to scan yourself like that.  You should do 
the nmap from another computer on the network.


Oh, the "original poster" I was referring to there was you.  I see what 
you misunderstood.  The real original poster wrote "nmap -p- -sV 
".  That part at the end means either use a hostname or an 
IP address.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Samuel Sieb]

On 07/12/2017 05:15 PM, Ed Greshko wrote:

And if you're running selinux in enforcing mode you'll need to generate a 
policy to
allow sshd to bind to the chosen port.


You don't have to generate a policy, it's really easy.  Assuming port 
222, just do:

semanage port -a -t ssh_port_t -p tcp 222
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Samuel Sieb]

On 07/12/2017 05:10 PM, Doug wrote:

On 07/12/2017 06:42 PM, Samuel Sieb wrote:

On 07/12/2017 04:39 PM, Doug wrote:

[root@linux1 doug]# nmap -p -sV linux1 1.192.168.1/24


It's the difference between "-p" and "-p-". 


Still doing something wrong:

(this PC is static named 192.168.1.11 and is called "linux1"

[root@linux1 doug]# nmap -p- -sV linux1/192.168.1.11

Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-12 19:00 EST
Unable to split netmask from target expression: "linux1/192.168.1.11"
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.24 seconds


I'm not sure what the original poster was meaning by the last part of 
that command.  You should use either a single host(name) or an IP range, 
not both.  In your case use either "linux1" or "192.168.1.11", but I'm 
not sure how effective it is to scan yourself like that.  You should do 
the nmap from another computer on the network.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Rick Stevens]

On 07/12/2017 05:10 PM, Doug wrote:
> 
> On 07/12/2017 06:42 PM, Samuel Sieb wrote:
>> On 07/12/2017 04:39 PM, Doug wrote:
>>> On 07/12/2017 09:55 AM, Frank Pikelner wrote:
 It is not complicated finding SSH running on a different port using
 Nmap:

   i.e. nmap -p- -sV 

>>> running PCLOS. Command fails:
>>>
>>> [doug@linux1 ~]$ su
>>> Password:
>>> [root@linux1 doug]# nmap -p -sV linux1 1.192.168.1/24
>>
>> It's the difference between "-p" and "-p-".
>> _
> 
> 
> Still doing something wrong:
> 
> (this PC is static named 192.168.1.11 and is called "linux1"
> 
> [root@linux1 doug]# nmap -p- -sV linux1/192.168.1.11
> 
> Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-12 19:00 EST
> Unable to split netmask from target expression: "linux1/192.168.1.11"
> WARNING: No targets were specified, so 0 hosts scanned.
> Nmap done: 0 IP addresses (0 hosts up) scanned in 0.24 seconds
> [root@linux1 doug]# nmap -p- -sV linux1/192.168.1.11

Your command should be:

nmap -p- -sV linux1

Or, to scan your entire 192.168.1.0 class C network:

nmap -p- -sV 192.168.1.0/24

To scan both:

nmap -p- -sV linux1 192.168.1.0/24

--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
-Brain:  The organ with which we think that we think.-
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Ed Greshko]

On 07/13/17 06:50, Rick Stevens wrote:
> On 07/12/2017 03:39 PM, Dave Ihnat wrote:
>> On Wed, Jul 12, 2017 at 05:28:47PM -0500, Doug wrote:
>>> How do you move SSH off port 22? Please supply konsole code.
>> Dunno about konsole code; it's a single-line change in
>> "/etc/ssh/sshd_config", from
>>
>>   Port 22
>>
>> to some unused port.
> To be clear, edit /etc/ssh/sshd_config using your favorite editor.
> Around line 17, you'll see:
>
>   #Port 22
>
> Change that to read
>
>   Port 222
>
> or whatever port you want it on. Then:
>
>   $ sudo systemctl restart sshd.service
>
> To confirm it:
>
>   $ sudo netstat -lpnt | grep sshd
>
> You should see something like:
>
>   tcp0  0 0.0.0.0:222 0.0.0.0:*
> LISTEN  1429/sshd
>   tcp6   0  0 :::222  :::*
> LISTEN  1429/sshd
>
> The first line is sshd listening on port 222 for IPV4 connections,
> the second is the same for IPV6 and may not be present if you have
> disabled IPV6. The "1429" is the PID of the sshd process on my
> machine. Your PID will probably be different.

And don't forget 2 other items

One has to open the chosen port on the firewall if you're running one.
And if you're running selinux in enforcing mode you'll need to generate a 
policy to
allow sshd to bind to the chosen port.


-- 
Fedora Users List - The place to go to speculate endlessly



signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Doug]

On 07/12/2017 06:42 PM, Samuel Sieb wrote:

On 07/12/2017 04:39 PM, Doug wrote:

On 07/12/2017 09:55 AM, Frank Pikelner wrote:
It is not complicated finding SSH running on a different port using 
Nmap:


  i.e. nmap -p- -sV 


running PCLOS. Command fails:

[doug@linux1 ~]$ su
Password:
[root@linux1 doug]# nmap -p -sV linux1 1.192.168.1/24


It's the difference between "-p" and "-p-". 
_



Still doing something wrong:

(this PC is static named 192.168.1.11 and is called "linux1"

[root@linux1 doug]# nmap -p- -sV linux1/192.168.1.11

Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-12 19:00 EST
Unable to split netmask from target expression: "linux1/192.168.1.11"
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 0.24 seconds
[root@linux1 doug]# nmap -p- -sV linux1/192.168.1.11
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Rick Stevens]

On 07/12/2017 04:42 PM, Samuel Sieb wrote:
> On 07/12/2017 04:39 PM, Doug wrote:
>> On 07/12/2017 09:55 AM, Frank Pikelner wrote:
>>> It is not complicated finding SSH running on a different port using
>>> Nmap:
>>>
>>>   i.e. nmap -p- -sV 
>>>
>> running PCLOS. Command fails:
>>
>> [doug@linux1 ~]$ su
>> Password:
>> [root@linux1 doug]# nmap -p -sV linux1 1.192.168.1/24
> 
> It's the difference between "-p" and "-p-".

Yes, "-p-" means scan ports 1 to 65535, "-p" (no trailing dash) would
try to scan ports "-sV", which is nonsensical.
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
- To iterate is human, to recurse, divine.   -
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Samuel Sieb]

On 07/12/2017 04:39 PM, Doug wrote:

On 07/12/2017 09:55 AM, Frank Pikelner wrote:

It is not complicated finding SSH running on a different port using Nmap:

  i.e. nmap -p- -sV 


running PCLOS. Command fails:

[doug@linux1 ~]$ su
Password:
[root@linux1 doug]# nmap -p -sV linux1 1.192.168.1/24


It's the difference between "-p" and "-p-".
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Doug]

On 07/12/2017 09:55 AM, Frank Pikelner wrote:

Fred,

It is not complicated finding SSH running on a different port using Nmap:

  i.e. nmap -p- -sV 




running PCLOS. Command fails:

[doug@linux1 ~]$ su
Password:
[root@linux1 doug]# nmap -p -sV linux1 1.192.168.1/24

Starting Nmap 7.40 ( https://nmap.org ) at 2017-07-12 18:37 EST
Error #486: Your port specifications are illegal.  Example of proper 
form: "-100,200-1024,T:3000-4000,U:6-"

QUITTING!

Probably doing something wrong--help!

--doug
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Rick Stevens]

On 07/12/2017 03:39 PM, Dave Ihnat wrote:
> On Wed, Jul 12, 2017 at 05:28:47PM -0500, Doug wrote:
>> How do you move SSH off port 22? Please supply konsole code.
> 
> Dunno about konsole code; it's a single-line change in
> "/etc/ssh/sshd_config", from
> 
>   Port 22
> 
> to some unused port.

To be clear, edit /etc/ssh/sshd_config using your favorite editor.
Around line 17, you'll see:

#Port 22

Change that to read

Port 222

or whatever port you want it on. Then:

$ sudo systemctl restart sshd.service

To confirm it:

$ sudo netstat -lpnt | grep sshd

You should see something like:

tcp0  0 0.0.0.0:222 0.0.0.0:*
LISTEN  1429/sshd
tcp6   0  0 :::222  :::*
LISTEN  1429/sshd

The first line is sshd listening on port 222 for IPV4 connections,
the second is the same for IPV6 and may not be present if you have
disabled IPV6. The "1429" is the PID of the sshd process on my
machine. Your PID will probably be different.
--
- Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com -
- AIM/Skype: therps2ICQ: 226437340   Yahoo: origrps2 -
--
-"You think that's tough?  Try herding cats!"-
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Frank Pikelner]

On Wed, Jul 12, 2017 at 6:28 PM, Doug  wrote:
>
> On 07/12/2017 02:10 PM, Jon LaBadie wrote:
>>
>> On Wed, Jul 12, 2017 at 12:09:09PM -0500, Dave Ihnat wrote:
>>>
>>> On Wed, Jul 12, 2017 at 10:55:01AM -0400, Frank Pikelner wrote:

 It is not complicated finding SSH running on a different port using
 Nmap:
>>>
>>> That's true.  It's also true that the vast majority of scriptkiddies
>>> don't
>>> do that.  Quite seriously, moving SSH off port 22 *will* and *does* drop
>>> the vast majority of doorknob rattling.
>>>
 Suggest adding something like Fail2Ban to slow down the password guess
 attempts against SSH.
>>>
>>> True.  Not only that, but also adding DenyHosts.
>>
>> What are the benefits of running both?
>>
>> jl
>
> How do you move SSH off port 22? Please supply konsole code.
>

if on Linux:

edit /etc/ssh/sshd_config


# Port 22


Change from "Port 22" to your desired port.


Frank
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[bruce]

On Wed, Jul 12, 2017 at 6:28 PM, Doug  wrote:
>
> On 07/12/2017 02:10 PM, Jon LaBadie wrote:
>>
>> On Wed, Jul 12, 2017 at 12:09:09PM -0500, Dave Ihnat wrote:
>>>
>>> On Wed, Jul 12, 2017 at 10:55:01AM -0400, Frank Pikelner wrote:

 It is not complicated finding SSH running on a different port using
 Nmap:
>>>
>>> That's true.  It's also true that the vast majority of scriptkiddies
>>> don't
>>> do that.  Quite seriously, moving SSH off port 22 *will* and *does* drop
>>> the vast majority of doorknob rattling.
>>>
 Suggest adding something like Fail2Ban to slow down the password guess
 attempts against SSH.
>>>
>>> True.  Not only that, but also adding DenyHosts.
>>
>> What are the benefits of running both?
>>
>> jl
>
> How do you move SSH off port 22? Please supply konsole code.

in either the sshd_config  or the ssh_config file (in /etc/..)
there are a couple of lines to use to change the port that the ssh
server is running on.

at th same time.. when you do the "ssh " as the client  you specify
the "port that the clietn uses to connect with the ssh server

Hope this helps..



>
> -doug
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Dave Ihnat]

On Wed, Jul 12, 2017 at 05:28:47PM -0500, Doug wrote:
> How do you move SSH off port 22? Please supply konsole code.

Dunno about konsole code; it's a single-line change in
"/etc/ssh/sshd_config", from

  Port 22

to some unused port.

Cheers,
--
Dave Ihnat
dih...@dminet.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Doug]

On 07/12/2017 02:10 PM, Jon LaBadie wrote:

On Wed, Jul 12, 2017 at 12:09:09PM -0500, Dave Ihnat wrote:

On Wed, Jul 12, 2017 at 10:55:01AM -0400, Frank Pikelner wrote:

It is not complicated finding SSH running on a different port using Nmap:

That's true.  It's also true that the vast majority of scriptkiddies don't
do that.  Quite seriously, moving SSH off port 22 *will* and *does* drop
the vast majority of doorknob rattling.


Suggest adding something like Fail2Ban to slow down the password guess
attempts against SSH.

True.  Not only that, but also adding DenyHosts.

What are the benefits of running both?

jl

How do you move SSH off port 22? Please supply konsole code.

-doug
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Frank Pikelner]

On Wed, Jul 12, 2017 at 3:10 PM, Jon LaBadie  wrote:
>> > It is not complicated finding SSH running on a different port using Nmap:
>>
>> That's true.  It's also true that the vast majority of scriptkiddies don't
>> do that.  Quite seriously, moving SSH off port 22 *will* and *does* drop
>> the vast majority of doorknob rattling.
>>
>> > Suggest adding something like Fail2Ban to slow down the password guess
>> > attempts against SSH.
>>
>> True.  Not only that, but also adding DenyHosts.
>
> What are the benefits of running both?

DenyHosts and Fail2Ban do the same thing, with the later able to
protect other applications other than SSH from bruteforce dictionary
attacks by limiting connection attempts.

Fail2Ban uses IPTables, DenyHost uses hosts.deny.

So, you should use one or the other.

You can also use pure IPTables with Port Knocking as another option.

Best,

Frank Pikelner
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Jon LaBadie]

On Wed, Jul 12, 2017 at 12:09:09PM -0500, Dave Ihnat wrote:
> On Wed, Jul 12, 2017 at 10:55:01AM -0400, Frank Pikelner wrote:
> > It is not complicated finding SSH running on a different port using Nmap:
> 
> That's true.  It's also true that the vast majority of scriptkiddies don't
> do that.  Quite seriously, moving SSH off port 22 *will* and *does* drop
> the vast majority of doorknob rattling.
> 
> > Suggest adding something like Fail2Ban to slow down the password guess
> > attempts against SSH.
> 
> True.  Not only that, but also adding DenyHosts.

What are the benefits of running both?

jl
-- 
Jon H. LaBadie  jo...@jgcomp.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Frank Pikelner]

On Wed, Jul 12, 2017 at 1:09 PM, Dave Ihnat  wrote:
>> It is not complicated finding SSH running on a different port using Nmap:
>
> That's true.  It's also true that the vast majority of scriptkiddies don't
> do that.  Quite seriously, moving SSH off port 22 *will* and *does* drop
> the vast majority of doorknob rattling.

There are security issues/concerns with running SSH using ports above
1024. Ports below 1024 can only be opened by uid 0 (root). Ports above
1024 can be opened by non privileged users. That means that SSH
running on port 20002 can be opened by non-root user and with scripts
simulate the SSH port functionality with scripting capturing sessions.
This is something to keep in mind - i.e. using SSH on high port can
you trust the connection based on your environment.

>
>> Suggest adding something like Fail2Ban to slow down the password guess
>> attempts against SSH.
>
> True.  Not only that, but also adding DenyHosts.

Yes, DenyHosts is a good measure.

Something else that may be considered is Port Knocking Daemon that
keeps all ports down (i.e. SSH port 22 would not be open), until the
correct knock sequence is received by the daemon.


Frank Pikelner
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Dave Ihnat]

On Wed, Jul 12, 2017 at 10:55:01AM -0400, Frank Pikelner wrote:
> It is not complicated finding SSH running on a different port using Nmap:

That's true.  It's also true that the vast majority of scriptkiddies don't
do that.  Quite seriously, moving SSH off port 22 *will* and *does* drop
the vast majority of doorknob rattling.

> Suggest adding something like Fail2Ban to slow down the password guess
> attempts against SSH.

True.  Not only that, but also adding DenyHosts.

Cheers,
--
Dave Ihnat
dih...@dminet.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Frank Pikelner]

Fred,

It is not complicated finding SSH running on a different port using Nmap:

 i.e. nmap -p- -sV 


Suggest adding something like Fail2Ban to slow down the password guess
attempts against SSH.

Cheers,

Frank Pikelner

On Wed, Jul 12, 2017 at 2:49 AM, fred roller  wrote:
>
>
> On Wed, Jul 12, 2017 at 2:19 AM, Sylvia Sánchez  wrote:
>>
>>
>> Good morning,
>>
>> Linux has no viruses. Why would anyone want an anti-virus then?  It is
>> possible to install security tools of course, but those come with your
>> distribution, you don't need to look up for external stuff.
>>
>
> Wrong. Viruses (Now accepted and not viri) for Linux exist.  Tho I can no
> longer cite the information, when I was working with the systems the monthly
> output of new virus for Linux vs. Windows was in the neighborhood of 1,000
> vs. 10,000 respectively.  Viruses tended to need predictable systems and
> predictable user habits to be most effective for which Windows is painfully
> predictable with admin access out of the box.  Linux's strength came in the
> fact that we tend to move stuff around and customize things so that nothing
> is where is ought to be. :D  By example, ask anyone who has SSH pointed out
> to the web and still on port 22.  If they have checked there access logs it
> will be full of, hopefully, failed log-in attempts (hundreds daily) as the
> bots know to check port 22 and will try common pw looking for the lazy
> admin.  I changed my ports as a first line basic defense.  In short don't be
> what they expect.  If memory serves root kits were the bigger threat for
> Linux. However, no matter the OS the best defense against threats still
> resides between the chair and keyboard.
>
> My 2 bits,
> Fred
>
>
>
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[George N. White III]

On 11 July 2017 at 21:33, William  wrote:

> Good evening,
>
> A few years ago, I found a web site "https://www.av-test.org; when trying
> to find comparisons of windows-7 anti-virus software.  I more recently
> re-visited that site, and found an article on Linux and anti-virus software
> for Linux.  It's here:
> "https://www.av-test.org/en/news/news-single-view/linux-16-
> security-packages-against-windows-and-linux-malware-put-to-the-test/".
>
> I have a few questions for this list:
> 1. How independent and objective is the group doing these tests,
> comparisons, and evaluations?  This is important for knowing just how much
> weight to give what they say.
>

The group may be independent and objective, but running tests with known
malware samples is easy to do and not particularly helpful.  What is more
important than %detection of some collection of known malware is the track
record of
the vendor -- do they detect new variants of old malware?  How quickly do
they distribute database updates?  Do the tests include 3rd party AV
database updates (ClamAV has a number of 3rd party databases providers)?  A
good reviewer
will consider more than just results from simple testing.


> 2. If you've had any experience with any of the anti-virus packages
> reported on in that article, especially those that received high scores for
> workstations, what is your review of that/those packages?
>

I use clamav (
http://blog.clamav.net/2011/03/top-5-misconceptions-about-clamav.html) to
scan shared drives that have files transferred from Windows.  Clamav has
low %detection in the av-test.org  table.  My
employer deploys McAfee on Windows desktops.   ClamAV has detected malware
in email attachments.A colleague was at a high-level meeting including
military brass where documents were being exchanged via a USB stick.I
expect most participants were using Windows laptops with name-brand
commercial AV, but it was clamav running on my colleague's mac that
detected a virus on the USB stick.  The virus may have used measures to
hide its presence from Windows that weren't effective on macos.


>
> I do see that this article is nearly 2 years old.  And I do realize that
> nothing gives me 100% protection or detection.
>

The more recent test of MacOS AV products may be more informative,
particularly if you are dealing with files shared across platforms.  If you
already have AV on Windows you might want to run something different on
linux.  Malware developers
test against the mainstream AV software but probably ignore AV products
that aren't commonly used on Windows.

Other testing organizations: https://www.av-comparatives.org
https://www.icsalabs.com/ https://www.nsslabs.com/



-- 
George N. White III 
Head of St. Margarets Bay, Nova Scotia
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Dave Ihnat]

On Wed, Jul 12, 2017 at 08:19:27AM +0200, Sylvia Sánchez wrote:
> Linux has no viruses. Why would anyone want an anti-virus then?

I would like to point out, in the gentlest of manners, that is absolutely
untrue.  In fact, one of the earliest known bits of effective malware, the
Morris worm, attacked Unix systems.  (Of course you know that Linux is a
lineal descendant of Unix--in fact, there is less difference between Linux
and, say, BSD Unix than there was between various Unix variants in the late
'80s.)

ALL software has bugs and vulnerabilities.  Unix and Linux tend to have
fewer successfully exploited ones than Windows for numerous reasons, some
historical--Unixoid systems have had the concepts of multi-user support and
separated privileged access baked in from the get-go, while it evolved into
Windows--some demographic--most Unixoid systems are installed and
maintained by professionals or, if not pros, people who are generally more
technologically savvy than the majority of the millions of Windows users,
making the Unix/Linux systems "harder" targets--and some sheer volume;
there are one hellova lot of Windows systems, ranging all the way back to
Windows 2000 and even earlier, still available for attack.

Finally, as others have pointed out, it's a multi-OS world out here, and
many Unix/Linux systems are being used as hypervisors for guest operating
systems--most assuredly including Windows--or, probably more often, as
servers for Windows networks.

Sincerely,
--
Dave Ihnat
dih...@dminet.com
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Ian Chapman]

On 12/07/17 14:19, Sylvia Sánchez wrote:


Good morning,

Linux has no viruses. Why would anyone want an anti-virus then?  It is 
possible to install security tools of course, but those come with your 
distribution, you don't need to look up for external stuff.




As stated elsewhere, Linux certainly has malware. However, as Linux is 
often used to provide services to other systems, (e.g. mail, file 
serving, web serving and so on) it also makes sense for AV software to 
be installed which can detect viruses targeted at other operating systems.


--
Ian Chapman.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[fred roller]

On Wed, Jul 12, 2017 at 2:19 AM, Sylvia Sánchez  wrote:

>
> Good morning,
>
> Linux has no viruses. Why would anyone want an anti-virus then?  It is
> possible to install security tools of course, but those come with your
> distribution, you don't need to look up for external stuff.
>
>
Wrong. Viruses (Now accepted and not viri) for Linux exist.  Tho I can no
longer cite the information, when I was working with the systems the
monthly output of new virus for Linux vs. Windows was in the neighborhood
of 1,000 vs. 10,000 respectively.  Viruses tended to need predictable
systems and predictable user habits to be most effective for which Windows
is painfully predictable with admin access out of the box.  Linux's
strength came in the fact that we tend to move stuff around and customize
things so that nothing is where is ought to be. :D  By example, ask anyone
who has SSH pointed out to the web and still on port 22.  If they have
checked there access logs it will be full of, hopefully, failed log-in
attempts (hundreds daily) as the bots know to check port 22 and will try
common pw looking for the lazy admin.  I changed my ports as a first line
basic defense.  In short don't be what they expect.  If memory serves root
kits were the bigger threat for Linux. However, no matter the OS the best
defense against threats still resides between the chair and keyboard.

My 2 bits,
Fred
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Ed Greshko]

On 07/12/17 14:19, Sylvia Sánchez wrote:
> Linux has no viruses. Why would anyone want an anti-virus then?  It is 
> possible to
> install security tools of course, but those come with your distribution, you 
> don't
> need to look up for external stuff.
>
Some people run Windows along side Linux and they do so while sharing file 
systems
via samba, nfs, or other methods.  Thus, they may wish to have the Linux side, 
using
open source software, checking for virus in the event someone using Windows 
either
doesn't have a virus scanner installed or doesn't keep their virus definitions
updated as well as they should.

Additionally, some people run mail servers on their systems and serve a 
community of
users that would like incoming emails to be scanned for infected emails prior to
delivery.  The clamav package for example, along with its milter, provides this
functionality.

-- 
Fedora Users List - The place to go to speculate endlessly




signature.asc
Description: OpenPGP digital signature
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Re: Linux anti-virus any good?

[Sylvia Sánchez]

Good morning,

Linux has no viruses. Why would anyone want an anti-virus then?  It is
possible to install security tools of course, but those come with your
distribution, you don't need to look up for external stuff.

Hope this helps,
Sylvia


On 12 July 2017 at 02:33, William  wrote:

> Good evening,
>
> A few years ago, I found a web site "https://www.av-test.org; when trying
> to find comparisons of windows-7 anti-virus software.  I more recently
> re-visited that site, and found an article on Linux and anti-virus software
> for Linux.  It's here:
> "https://www.av-test.org/en/news/news-single-view/linux-16-
> security-packages-against-windows-and-linux-malware-put-to-the-test/".
>
> I have a few questions for this list:
> 1. How independent and objective is the group doing these tests,
> comparisons, and evaluations?  This is important for knowing just how much
> weight to give what they say.
> 2. If you've had any experience with any of the anti-virus packages
> reported on in that article, especially those that received high scores for
> workstations, what is your review of that/those packages?
>
> I do see that this article is nearly 2 years old.  And I do realize that
> nothing gives me 100% protection or detection.
>
> thanks,
> Bill.
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
>
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org