Re: Antivirus in Debian?
On Sat, Mar 29, 2003 at 10:21:15AM -0900, Andy wrote: > Is there a package for tripwire? Use integrit instead. -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system pgp0.pgp Description: PGP signature
Re: Antivirus in Debian?
On Sat, Mar 29, 2003 at 09:14:18AM -0500, Jason Healy wrote: > What are you talking about? The default in Mac OS X is actually to > ship with the root account completely disabled (`su` won't get you > anywhere). There is no way that the default user is root: Ah, OK. Please tell me that it expects the user to put in a password and won't accept easy to guess ones... -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system pgp0.pgp Description: PGP signature
Re: Antivirus in Debian?
Osamu Aoki wrote: > On Sat, Mar 29, 2003 at 10:21:15AM -0900, Andy wrote: > > > * run program like tripwire > > Is there a package for tripwire? > > I searched the packages directory at debian.org and couldn't find anything. > > It is in non-us and in unstable. Check BTS why this is so. I use and recommend AIDE. It is free software. Having used both tripwire and aide I like aide better. A win-win situation. apt-cache show aide Bob pgp0.pgp Description: PGP signature
Re: Antivirus in Debian?
On Sat, Mar 29, 2003 at 10:21:15AM -0900, Andy wrote: > > 1) Debian system itself > > * Update your system constantly with security fixes > > * configure system by following harden-doc package instruction or its > >latest information at > >http://www.debian.org/doc/manuals/securing-debian-howto/ > > * close port and unused services. > > * run program like tripwire > > Is there a package for tripwire? > > I searched the packages directory at debian.org and couldn't find anything. It is in non-us and in unstable. Check BTS why this is so. [EMAIL PROTECTED]:exim$ apt-cache search tripwire bsign - Corruption & intrusion detection using embedded hashes integrit - A file integrity verification program like tripwire tripwire - A file and directory integrity checker. [EMAIL PROTECTED]:exim$ apt-cache policy bsign integrit tripwire bsign: Installed: (none) Candidate: 0.4.4 Version Table: 0.4.4 0 800 http://ftp.us.debian.org testing/main Packages 50 http://ftp.us.debian.org unstable/main Packages integrit: Installed: (none) Candidate: 3.02.00-1 Version Table: 3.02.00-1 0 800 http://ftp.us.debian.org testing/main Packages 50 http://ftp.us.debian.org unstable/main Packages tripwire: Installed: (none) Candidate: 2.3.1.2-6 Version Table: 2.3.1.2-6 0 50 http://non-us.debian.org unstable/non-US/main Packages -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki <[EMAIL PROTECTED]> Cupertino CA USA, GPG-key: A8061F32 .''`. Debian Reference: post-installation user's guide for non-developers : :' : http://qref.sf.net and http://people.debian.org/~osamu `. `' "Our Priorities are Our Users and Free Software" --- Social Contract -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
> 1) Debian system itself > * Update your system constantly with security fixes > * configure system by following harden-doc package instruction or its >latest information at >http://www.debian.org/doc/manuals/securing-debian-howto/ > * close port and unused services. > * run program like tripwire Is there a package for tripwire? I searched the packages directory at debian.org and couldn't find anything. Andy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
At 1048925984s since epoch (03/29/03 06:19:44 -0500 UTC), Paul Johnson wrote: > Considering the default user for OSX is root and most end users don't > realise the ramifications, I'm hoping OSX and Linux never, ever ship > with binary compatability with each other. Not because I have risky > habits, but rather because the last thing this list (or any other > Linux forum) needs are lusers bitching that they were running as root > and got themselves tagged by some foriegn bug. What are you talking about? The default in Mac OS X is actually to ship with the root account completely disabled (`su` won't get you anywhere). There is no way that the default user is root: http://developer.apple.com/qa/qa2001/qa1013.html The first user on the system can admin the box via sudo, but that's probably no different than what you've done for yourself on your linux box. The only thing risky about Mac OS X is that you might get yourself a virus that asks you for your password, and then excecutes a command via sudo to get root. However, if you're in the habit of blindly typing in your password whenever you're prompted, it doesn't really matter what platform you're on; you're going to get hosed one way or another. Plus, just like in linux, you can create user accounts that don't have sudo access. For example, all the other users of my OS X box don't have admin rights, so the worst they can do is nuke the files in their home directory. If you really want security, just create yourself a non-admin account and use that for everyday use. No matter what happens, the only files in danger will be the ones you own. Jason -- Jason Healy http://www.logn.net/ pgp0.pgp Description: PGP signature
Re: Antivirus in Debian?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Mar 28, 2003 at 10:14:00PM -0600, Michael Heironimus wrote: > Well, it's not necessarily a bad idea, but unless you're serving files > to Windows machines or acting as a mail server there isn't much point. My view is I'm not capable of catching the Windows virus of the week, so it's not worth the wasted processor time on dealing with it. My windows-based users know of this policy and have been advised that they're on thier own in securing the impossible. > Almost every virus or worm that a UNIX-based antivirus package scans for > is actually for Windows, since probably 99% of the virus/worm code out > there is for DOS/Windows or MS Office macros. Considering the default user for OSX is root and most end users don't realise the ramifications, I'm hoping OSX and Linux never, ever ship with binary compatability with each other. Not because I have risky habits, but rather because the last thing this list (or any other Linux forum) needs are lusers bitching that they were running as root and got themselves tagged by some foriegn bug. - -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hYFQJ5vLSqVpK2kRAldvAJoChroc6dyO+XJzPTbLbPGBB85z2gCgmbYb QPYo4Z2iXPl0ezTKqe/Gqr0= =DPno -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Mar 28, 2003 at 10:07:24PM -0600, Dan Hunt wrote: > Most virus writers > want to infect "MS Windows" rather than free operating systems like > Debian GNU/Linux. It should be noted that this is because Windows allows for far more damage to the system than is possible under unix (unless you're dumb enough to run as root for tasks that do not require it). If you just use your regular user, the absolute most you're out is any files you own or have write access to. Oooh, major damage there... I'll just rm -rf ~ and [restore from my known-good backup|start from scratch]. - -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hYAVJ5vLSqVpK2kRArs8AJ4rUCo3Fg7Wpn8B4Y/b5FBF+Ra8zwCfeQWW ibaUbW6EYP67QvuietDRv6U= =HM5k -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Mar 29, 2003 at 12:10:47AM -0300, Santiago Hirschfeld wrote: > I'm running Woody in my home computer, and i was wondering if it is a good > idea to install an antivirus, if it is...what should i use? should i use it > to scan mails and files? can someone give me some hints? In unix, it's more trouble than it's worth. Windows viruses cannot run in Linux. I would recommend getting chkrootkit and logcheck to help make sure nobody managed installed malicous code and to email you about possible crack attempts against your system (don't freak out unless logcheck sends you an Attack Alert). Keep yourself patched (if you use stable, go hit http://security.debian.org/ for details and what to add to your /etc/apt/sources.list if it's not already there, if you run testing or unstable, do a dist-upgrade regularly). - -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hX8QJ5vLSqVpK2kRAm/fAJkBH36WJ9ipf/2a8sopYMG75vBE/gCfb1+3 bUooLn8TdTfdAWVDmUOa1W0= =zBat -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Mar 28, 2003 at 10:07:24PM -0600, Dan Hunt waxed eloquent and said: > On Sat, Mar 29, 2003 at 12:10:47AM -0300, Santiago Hirschfeld wrote: > > Hi, > > > > I'm running Woody in my home computer, and i was wondering if it is a good > > idea to install an antivirus, if it is...what should i use? should i use it > > to scan mails and files? can someone give me some hints? > > > I am happy to report that I have been running debian for almost a year > in my home computer without a single virus. ;-) > Other things can cause larger problems. I have been running a Debian workstation on a LAN (server hosts a web site and also acts as a mail server) from August 2000. There are two Windows boxes on the LAN. No viruses at all - the server runs Debian and exim's system filter has caught them all. The two Windows boxes have anti-virus software installed but nothing has ever got through the Debian server - yet. Sam - -- Sam Varghese http://www.gnubies.com The years teach much which the days never knew. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hUEjZyXhknb+33gRAiljAJ4pcudy2nnm9+BcGKKuAWG0LBy4IgCeM7v5 EJOn0HXOa37bFmDoGYf9nKk= =VpTk -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
On Sat, Mar 29, 2003 at 12:10:47AM -0300, Santiago Hirschfeld wrote: > Hi, > > I'm running Woody in my home computer, and i was wondering if it is a good > idea to install an antivirus, if it is...what should i use? should i use it > to scan mails and files? can someone give me some hints? You have few front to fight virus. (antivirus has few aspects.) 1) Debian system itself * Update your system constantly with security fixes * configure system by following harden-doc package instruction or its latest information at http://www.debian.org/doc/manuals/securing-debian-howto/ * close port and unused services. * run program like tripwire 2) Prevent windows machine to get virus * run simple filter on mail server to remove executable attachment http://www.debian.org/doc/manuals/reference/examples/exim.filter * protect LAN by setting up firewall -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki <[EMAIL PROTECTED]> Cupertino CA USA, GPG-key: A8061F32 .''`. Debian Reference: post-installation user's guide for non-developers : :' : http://qref.sf.net and http://people.debian.org/~osamu `. `' "Our Priorities are Our Users and Free Software" --- Social Contract -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
On Sat, 29 Mar 2003, Santiago Hirschfeld wrote: > Hi, > > I'm running Woody in my home computer, and i was wondering if it is a good > idea to install an antivirus, if it is...what should i use? should i use it > to scan mails and files? can someone give me some hints? if other windoze boxes talks thru woody to the world... you need to worry about it... and spam too http://www.linux-sec.net/Mail/AntiSpam http://www.linux-sec.net/Mail/AntiVirus if no windoze... than oytu have other tings you worry about that is more important the spam and viruses c ya alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
On Sat, Mar 29, 2003 at 12:10:47AM -0300, Santiago Hirschfeld wrote: > I'm running Woody in my home computer, and i was wondering if it is a good > idea to install an antivirus, if it is...what should i use? should i use it > to scan mails and files? can someone give me some hints? Well, it's not necessarily a bad idea, but unless you're serving files to Windows machines or acting as a mail server there isn't much point. Almost every virus or worm that a UNIX-based antivirus package scans for is actually for Windows, since probably 99% of the virus/worm code out there is for DOS/Windows or MS Office macros. -- Michael Heironimus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Antivirus in Debian?
On Sat, Mar 29, 2003 at 12:10:47AM -0300, Santiago Hirschfeld wrote: > Hi, > > I'm running Woody in my home computer, and i was wondering if it is a good > idea to install an antivirus, if it is...what should i use? should i use it > to scan mails and files? can someone give me some hints? > I am happy to report that I have been running debian for almost a year in my home computer without a single virus. ;-) Other things can cause larger problems. You would be well advised to protect your system from intruders or other malicious activities. Unlike my computer at work, ( Win 98 ) I need not worry about attachments to email running amok. Most virus writers want to infect "MS Windows" rather than free operating systems like Debian GNU/Linux. Your Woody machine is like a "tank", properly secured it can take you where you want to go, but don't leave the doors open and the engine running. Please check the Debian Documentation for tips on Securing Debian. Welcome Aboard! Dan Hunt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]