On Mon, 2005-03-14 at 16:36, Dotan Cohen wrote: > Does linux really need antivirus? I have been googleing this for close > to an hour and came to the conclusion that this is only nessacary for > linux IF there is a mailserver delivering mail to a windows box, for > the protection of the windows box. > > Any comments from those more experienced than myself? Virus protection by the Windows definition is not really needed except if you are running an email server for windows clients. Both the server and the clients should run virus software in that case. Clamav is one package that can run on Linux for this purpose. Linux is not as susceptible to virus type problems since most services don't run with root (administrator in the windows world) privileges. But don't take that to mean that linux is invulnerable. There have been worms that have compromised systems. The difference is that the damage is usually limited and quickly corrected. But it is always best to do as much as possible to protect your systems. To protect Linux itself you have a variety of tools that are available. First use iptables, that is the firewall supplied with FC. You can get a variety or frontends that make managing iptables easier. chkrootkit or rkhunter are packages that will examine a linux system for signs that a rootkit has been installed. tripwire is used to take a snapshot of your systems files and then periodically compares that snapshot to the running system. If someone changes something on your system tripwire will let you know what was changed. A good intrusion detection system. snort is a good network intrusion detection system. It can be used to detect unusual network activity and take measures to block IP addresses where suspicious activity originated. This is a some what complex package to deploy however. selinux is another item recently added that adds a finer control over access permissions to the file systems. Think of this as an even better ACL system. (IMHO the original permissions scheme under Unix/Linux was better than what Windows ever had and selinux improves on that) Then there is best practice. This means using good passwords, physically securing your systems, turning off unused services, using secure connections such as ssh, scp, and VPNs, and a host of other things. So don't take linux security for granted. There is lots that needs to be done to keep a system from being compromised. -- Response brought to you by AutoReponder 0.1 a product of Magic-8-ball productions. (version 0.2 will feature correct answers!)