Closure of a previous question and new questions on system security apps...

Thu Jan 11 20:36:38 UTC 2007

Brian Lunergan wrote:
> Actually, my choice for the moment is Avast from Alwil.

Is there some reason why you want to run anti-virus software? Are you
forwarding mail for a Windows machine? There really isn't any point in
running anti-virus software unless you want to stop Windows viruses.

> Ok, bad terminology on my part. I am new in the neighbourhood, so please do bear 
> with me. I suspect the ones I'm looking ARE probably gui shells for the existing 
> components. Firestarter (I think that's the right name, although some posts seem 
> to suggest it's problematic in its functioning), Guarddog, and one other for 
> which the name escapes me at the moment.

Essentially all firewalls for Linux use iptables as a backend. I've used
firestarter before, and it hasn't seemed problematic to me, but I have
fundamental problems with firewalls that require the use of a GUI.

However, why do you want to run a firewall? There is essentially no
point in doing so unless you are planning on having open ports for some
reason, and even then, having a firewall is still often useless because
ports which shouldn't be open to the outside world usually are set to
only listen on the loopback interface. For all versions of Ubuntu before
Feisty, there are no ports that are open to the outside world.

> Hmm, since I'm not running a server setup it sounds like Bogofilter will be the 
> one to look into. Thanks for the idea.

> I was actually intending to counter a particular group of Linux supporters who 
> seem to place almost religious faith in the security of their chosen tool and 
> regard any suggestion such as I made as unneeded and approaching a sacrilegious 
> act against Linux (it's a product of man, folks, and not a gift from god so it 
> is by definition and belief an imperfect thing). If my imperfect turn of phrase 
> spread the net too far my apologies to those who have a more pragmatic and 
> thoughtful POV about the tools they use and might have been put out, miffed, or 
> offended by what I suggested then and above.

I think the reason that people respond in this way is because you are
forcing your views of security upon Linux, when security here is very
different and calls for different measures. Whereas Windows machines are
hit with viruses all the time, there isn't a single known virus in the
wild that affects Linux, so running anti-virus software to protect your
*Linux* system is useless (most AV software for Linux is designed to
protect *Windows* machines). Likewise, unlike Windows, firewalls are
usually useless for personal machines because there are no open ports to
block, and ports that are open are usually opened only to the local
machine (no firewall is needed to do this).

But in insisting upon these Windows-oriented security techniques, you
aren't actually making your system more secure, you're just wasting
resources. The attacks on Linux are different, and so the techniques
that you should be using for Linux are different:

* Make sure that security updates are enabled and are updated often.

* If you run SSH, use something like DenyHosts to block IP addresses
that repeatedly try to log into the system remotely. This happens very
often - my home server blocks at least 3 IPs a day.

* Consider using Bastille to increase the security of your configuration

* Look into IDS systems like Snort, to detect intrusion attempts. I
think that it would be safe to say that such a system is the equivalent
of an anti-virus system in Windows.

* Look into integrity checkers like Samhain or Tripwire, to detect
actual intrusions.

* Look into rkhunter and chkrootkit, to search for rootkits.

* Don't use obvious passwords (login attacks, as I mentioned previously,
are very common), and never send the passwords in clear text.

* Consider running logcheck to inform you of anomalies in your logs.

* Think about possibly upgrading to Edgy. If I recall correctly, Edgy
has better protection against memory exploits.

These are the sorts of things you should be doing to make your Linux
system more secure, rather than running anti-virus software or
configuring an irrelevant firewall. I'm sure that others here have more
suggestions.

Sincerely,
Constantine Evans