On Wed, 2005-02-02 at 12:21, Tim Alberts wrote: > Is Linux vulnerable to SpyWare and if so, what are some tools to deal > with it? Any specific SpyWare tools, I don't mean hacking into iptables > manually. So far spyware for linux systems has not been as much of a problem as it is for windows. You may still want to flush the cookies you collect (or disable them entirely, your choice), that seems to be one type of spyware that allows them to track you. There are a couple of programs you may want to install. chkrootkit is a good one as well as rkhunter. These look for indications that your system has been hacked and one of the many different root kits have been installed on your system. Good to run periodically or if you suspect a problem. Another good one is tripwire. Tripwire generates a database that is used to look for changes on the system. Once you have it setup completely it will run a report nightly looking for changes to critical files both binaries and configuration files. If any changes are detected it will report them to you and you can investigate further. Takes some effort to setup correctly. I have setup a filter that marks the reports as read or not read depending on if they are clean or not. That way each morning I know immediately if something has changed on my system without having to even open up the report. Besides that use good passwords, don't login as root (use su - only when needed), use iptables, put a NAT/firewall between your LAN and the cable modem, and don't trust anyone. Remember: Paranoia is not just a state of mind, it is a life style. :) -- Scot L. Harris webid@xxxxxxxxxx The future is a myth created by insurance salesmen and high school counselors.
