Antivirus
Bart Silverstrim
bsilver at chrononomicon.com
Tue Jun 17 14:08:59 UTC 2008
Clayton wrote:
>> I would sooner advocate only using an AV if you're setting up a mail or
>> file server in a cross-platform environment and saying that a "good
>> Linux configuration" would have some mechanism for using MD5 hashes on
>> your system taken and compared at regular intervals.
>>
>> What I'm missing is a configuration that will take MD5 hashes, find
>> differences, and compare them to your update logs on an Ubuntu system so
>> it doesn't give you false alarms about altered files when you already
>> authorized them via the update manager or installed them with
>> apt-get/Synaptic.
>
>
> You might be looking for something like AppArmor....
> https://wiki.ubuntu.com/AppArmor
> http://en.opensuse.org/AppArmor
> http://developer.novell.com/wiki/index.php/Apparmor_FAQ
Close...
I think the pieces are coming together for a decent monitoring/zero day
preventative, but they aren't quite stitched together cohesively for the
type of application I had in mind.
Typical of Linux though. Bits and pieces float around until someone
comes along with another tool to bind the ideas and integrate them.
Apparmor, bastille, SELinux, VM technologies, Tripwire-like hashes,
apt-get updates and logs, the iptables firewall...
More information about the ubuntu-users
mailing list