christopher_lees at iprimus.com.au
Mon Dec 14 10:20:55 GMT 2009
On Mon, 2009-12-14 at 02:59 +0000, Paul wrote:
> Just a quick follow-up from our previous discussions about viruses on
> Linux. This is why we still need to be careful:
> * http://digitizor.com/2009/12/10/ubuntu-malware-for-ddos-attack-found-in-screensaver/
> * http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html
> Backups and common sense are your most valuable allies!
Actually, the openness of Linux is also useful in detecting threats from
Debian packages. You can open Debian packages in File Roller / other
archive manager. Then you can see the preinst, postinst and prerm
scripts and you can have a look at where the package will put files.
Then if it's all okay, you can install the package.
I'm thinking of writing a program to help audit the control scripts and
where files get placed; you know, raising a warning if anything get put
into your init scripts or Upstart and raising a warning if "wget" or
"rm" get used inside the control scripts.
Anyone else interested in this?
More information about the ubuntu-au