On Sun 23 Aug 2009 01:01:40 AM IST , Amit Sharma <amitsharm...@gmail.com> wrote: > Vivek Kapoor wrote: >> What's the purpose of Antivirus and "Antispyware" on your >> RHEL/Fedora/CentOS box? To protect your Linux box? >> > My company is on 99.9% Wind--s. They have one or 2 Linux box and wants > me to put Antivirus and Antispyware on it. They know Linux does not need > them but still want these softwares to be there.
There are a few basic points you need to follow if you need to make your Linux box secure. The AV wouldn't help much as it'll be scanning for W32 viruses only afaik. The below would make much more sense if the machine is internet facing. - Keep your system updated. This would also include the applications hosted on it. For e.g. I had an experience with an application which had a security flaw. The flaw was fixed by the developers but the application was not updated. An attacker gained an entry to the system and uploaded executables into /tmp directory and tried executing them. Good thing was, the /tmp directory had noexec bit set, so those executables never executed and the system was safe. Especially true for PHP applications. - Harden the system. Make the files such as telnet, netcat non-executable by unprivileged users. Mount /tmp and /home with noexec parameter. Search google on how to harden a system. - The most common attacks are rootkit attacks. Install applications such as rkhunter and/or chkrootkit and mail the reports to yourself. This will be your version of "Antispyware". - Install Logwatch and mail reports to yourself. Review them regularly. - Put a firewall. Expose only the services that need to be shared such as web server. By default, these days Linux systems don't open any service by default, so you should be fairly secure with the default setup. The rest of the folks in your org who "know" that your box doesn't need AV etc. but still want it installed are commonplace. They've been burnt in the past with their exposure to Windoze, and they assume that the entire world works the M$ way. For them Linux would be a blackbox, which scares them, so they would try to apply their default practices on it to control it. You cannot do anything about them - they prefer to keep their eyes closed. -- Best Regards Vivek Kapoor http://exain.com _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
