+1 on the OSSEC suggestion.
It's remarkable just how many little niggles OSSEC has helped me catch
that probably would have gone unnoticed in the logs otherwise. It
certainly can take some time to tweak its notifications but it's well
worth it.
Paul
On 02/17/2013 11:12 AM, Ash Palmer wrote:
Hello,
The method I deploy is a combination of OSSEC and
rkhunter. OSSEC is a Host Intrusion Detection System which in
some regards could be considered an Anti-Virus utility.
I find that OSSEC is very useful for a variety of reasons.
"OSSEC is an Open Source Host-based Intrusion Detection System
that performs log analysis, file integrity checking, policy
monitoring, rootkit detection, real-time alerting and active
response." -- http://www.ossec.net/
AV/ClamAV are deployed to check files that are exposed to
Windows machines such as Email or NFS but are rarely effective
in protecting Linux/UNIX machines from the uncommon and quickly
patched Linux Viruses in the wild.
This response and alert system may be enough to satisfy the
requesters of the Anti-Virus installation.
Food for thought,
--
Ash Palmer
On Sun, 17 Feb 2013 20:44:31 +0000 (GMT)
"[email protected]" <[email protected]> wrote:
Hi.
Would appreciate some views and comments here...
We're being pressured by our "Risk and Compliance" group to install
antivirus on our Unix (Solaris and AIX) and Linux (Red Hat / Centos)
servers. Historically we've not installed AV software on these
platforms because there haven't been viruses to worry about. I'm not
sure that has changed, but we need a better argument than "There are
no Unix/Linux viruses" apparently.
So, I'd be interested in hearing if:
a) you run AV software on your Unix/Linux servers
b) if not, have you had to argue it away?
c) if so, is this due to any external compliance issue?
We're not running servers under any external compliance (such as
PCI), so it's only internal policy we're dealing with.
If you think I'm wrong and I should be running AV software, I'd
appreciate that feedback as well, although I'd be really interested
in understanding why.
Thanks for any comments!
Julian
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
