Along those lines, SELinux/AppArmor are good tools to help lock down attack vectors. They are a way of further securing your system from remote code injection exploits. For instance, I had an old box running SELinux that prevented Apache processes from editing anything outside of /var/www, and anything that wasn't in /var/www/cgi-bin wouldn't execute at all. People could upload things to the site, sure. But that'd put the file in /var/www/sitename, so it would never be able to execute (which was limited to cgi-bin).
Things like that can help. Altering the ports can help, too. Change the SSH port, which will dodge a lot of attacks that aren't specifically targeted at you. At the end of the day, however, every machine is hackable. If you have physical access to a box, it's really trivial to get access. So, I'd suggest the following: * Secure it as much as you want. * Keep REGULAR backups off-site (or at least on a different machine). A computer's operating environment can be rebuilt easily, especially if you keep good documentation of how you set it up. Your data cannot be rebuilt. (So, backup data, but not application files. For instance, if I'm using WordPress, backup wp-content/uploads, but nothing else). SQL backups are nice, too. If you have the space, make full image backups. I used to have an awesome backup script that would save my whole web server's state with a single command: http://fsdev.net/articles/Redmine-Install-Guide.html#backups So I guess what I'm trying to say is that security is good, but it's also not a replacement for backups. If you have both, you should be fairly well covered. On Sat, May 21, 2011 at 1:14 PM, Bill Oliver <[email protected]> wrote: > > I think you need to be a bit more specific. Are you using your linux box to > download Windows software or relay emails read on Windows boxes? > > Clam-AV primarily scans emails and such for Windows malware on linux boxes > that act as relays. > > It should also be noted that the term "virus" has both a specific and > general meaning. In the specific meaning of self-replicating code that > inserts itself onto the disk, viruses are not really a significant problem > in for a linux user who doesn't do everything as root. The last time I > looked, no linux virus has been successful in the wild. > > In the more general term as a synonym for any kind of malware, linux is > quite liable for intrusion. If you want to "harden" your linux box, a > simple anti-virus software really won't do the trick (just as it really > doesn't do the trick in Windows). > > Instead of relying on one magical piece of software, you will need to > develop a policy of good hygeine and perform due diligence. > > In linux, there are a few things that you just have to watch for: > > 1) People will log on when you don't want them to. You need to install a > personal firewall and some intrusion detection. Further you need to > "harden" your machine and use real passwords -- and change your passwords > periodically. > > 2) People will change files on your computer when you aren't watching. You > need to install a tripwire. > > 3) People will use your computer to connect to places when you aren't > watching -- you need to install some communication surveillance. > > 3) People will install rootkits that tripwires and intrusion detection kits > won't see. You need to install a root kit detector (and you need to > configure it as soon as you do a clean installation). > > 4) You need to monitor your log files religiously. > > 5) Make lots of backups that will allow you to roll back to a state prior to > an intrusion. > > > Of course, one of the best things about linux is that it lends itself to > periodic cleansing. Every few months a new exciting distro or upgrade comes > along. Many people just upgrade, but I always wipe the disk and do a clean > install. That way I know that even if I suffered an intrusion, at least > four times a year I'm squeaky clean. In contrast, linux is also so stable > that you often don't have to do that. I know one person who has been > running the same version of Mandriva linux for five years -- because, well, > it just works. > > billo > > > > > On Sat, 21 May 2011, Dos-Man 64 wrote: > >> I didnt need antivirus software before because my linux box wasn't >> connected to the internet. >> >> I just bought one of those little usb wifi gadgets on ebay. The damn >> thing actually works, but I had to switch to ubuntu because dreamlinux >> didn't recognize it. >> >> Should I download CLAM, or what? Is everyone here using antivirus >> software? >> >> -- >> You received this message because you are subscribed to the Linux Users >> Group. >> To post a message, send email to [email protected] >> To unsubscribe, send email to [email protected] >> For more options, visit our group at >> http://groups.google.com/group/linuxusersgroup >> Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules >> or http://cdn.fsdev.net/List-Rules.pdf) >> > > -- > You received this message because you are subscribed to the Linux Users > Group. > To post a message, send email to [email protected] > To unsubscribe, send email to [email protected] > For more options, visit our group at > http://groups.google.com/group/linuxusersgroup > Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules or > http://cdn.fsdev.net/List-Rules.pdf) > -- Registered Linux Addict #431495 For Faith and Family! | John 3:16! fsdev.net | 0x5f3759df.org | chrismiller.at -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup Please remember to abide by our list rules (http://tinyurl.com/LUG-Rules or http://cdn.fsdev.net/List-Rules.pdf)
