Virus under Linux and security

Linux is known as a secure system. In fact, everything depends on the circumstances. Absolute security is only available for a machine that is connected to any network and physically inaccessible …well lots of people asking me Is linux totally virus free ? or Do Linux require virus protection.. but there is some vulnerability present. 

Viruses under Linux
In 17 years, only a few reports of viruses that can affect network Linux have been reported with no virus spread.This relative immunity of GNU / Linux viruses is explained by the architecture of the operating system functional layers can not interact with each other only by very strict rules and by the existence of a system of files and users own architecture for all systems UNIX .Viruses encountered in everyday life including Windows are without any effect on Linux, either via email or your web browser.

There are viruses, worms and trojans (called malware) on Unix , although very little. Some malware (trojan-type) are very advanced. We call it a rootkit. They are rarely used and very little available. The majority are used as tools to test security by professionals, ie not to infect anyone, anywhere any how, but for test, audit, or contest.

  • Your mail client on GNU / Linux, whatever it is, will not be susceptible to viruses that you may encounter in your mailbox.
  • The GNU / Linux system is not sensitive either.
  • These viruses will not be active at home.
  • Unless you pass the infected attachment they can not be transmitted to your contacts by your machine their spread is stopped at home.

Regarding antivirus, Clam AntiVirus is it seems the better.It is very active and its database is updated at least once a day . This scanner free anti-virus running on Linux.Others exist, often specialize in mail servers, such as Kaspersky, more …

It is rather a solution for heterogeneous environments or the mail server is GNU / Linux and Windows clients. These are both less secure and more victims of attacks, it may entrust the task of anti-virus server, and save the resources of the client under another OS than Linux.
For rootkits read this guide Rootkits danger and prevention ,also you can use chkrootkit & rkhunter both free, open source… and very effective.

So in the case of home computers (network) under the GNU / Linux, you say that you are now much more quiet, and the worries of malware disappears almost completely (the almost. . zero risk does not exist, at least not for computers). So of course the solutions are even more secure.

GNU / Linux is secure by design:
The security of a GNU / Linux is ensured by many of the other things that a couple antivirus / firewall in Windows Classic.

Integrated into the kernel (unlike Windows),the firewall and nothing more. Note that software is available to simply write the rules for these linux firewalls.

Files rights
They are much more seriously taken into account in Windows and in the essence of the development kernel. Coupled with the architecture and the multi-accounts, it becomes very seriously.It is worth mentioning the module owner …

Applications and arranging for comparisons:
Example: checksum to verify the integrity of files. Or more advanced as tripwire, which enable a complete system checker before network connection, then checking-in regularly integrity of the system.
There is also opportunity for further strengthen the kernel with patches as SELinux (which is developed by the NSA), in applications on server high availability.

If you simply want a good security on the Internet and emails, your GNU / Linux raw apple has already safe enough if you do not get a web server running in permanently.

Welcome to GNU / Linux and remember that all documentation on this system is available and freely accessible. As a result, the security holes are quickly corrected.The source code is open, and that is a major asset in terms of safety as those who watch and may improve are far more than just the employees of any computer 

a single machine, physically accessible

We must prevent the Linux disk is put into slave no other bootable operating system (Linux is very well lit from Windows), no possibility to boot floppy or cdrom (like code access to the BIOS) prohibit the boot Linux.

To avoid a no-boot by adding a parameter to lilo (as name_of_kernel single), it is necessary to limit access. Just add the following lines to lilo.conf before the prompt:

password = against_the_password_and_clear

You will have to think to put this file read-only for root, and no rights for others (.00 chmod / etc / lilo.conf)! The boot goes on as usual without the password (this is important if we want only the machine restarts). As against if we want to pass parameters to the kernel during boot, Lilo asked the password.

If the potential attacker has physical access to the machine without control, the only absolute protection is encryption of the hard disk. You have all the necessary information on the page .You need to apply International crypto patch to the kernel, then recompile. The user who wants to encrypt data to create a directory for this purpose. You also need to modified versions of mount and losetup.Otherwise Linux will defend well enough in software … as long as you do not give your root password.

For a machine connected to a network
Avoid using the Internet as root. Ideally, use a dedicated account for this purpose. If one day a virus type I love you landed here, he could do damage on this account where nothing happens.

Attention to the functions of remote control (rlogin, telnet …), which should always be disabled (remove the maximum number of lines in / etc / inetd.conf). Same for finger, to know everything about a user, even if his account is not active (finger user @ host). Restart inetd after making changes.

To detect intrusion attempts, regularly read the file / var / log / messages and / var / log / syslog.

Never give a password identical to the login.Do not save passwords in / etc / passwd, but in / etc / shadow. (shadow passwords, the most often installed base now).Attention to protocols that exchange plaintext passwords (like telnet). All this can easily be intercepted by someone using tcpdump.The solution: encrypt the information exchanged by ssf, Install. Start ssfd.

As a general rule, avoid that other root than you are on the network (but it is rarely possible, to be sure: boot floppy disk, wild connection of a laptop …).Never run a DNS server on a machine directly connected to the Internet (to check if you have one: ps-aux | grep named).Skip to install a ftp server.Do not run the command xhost + (you can read what you type).

To monitor the network security of your machine, hit it with nessus . The installation and operating instructions are on the site. You must create a user-adduser nessus, nessus run a server as root (nessusd-D), then as a nessus.A machine connected to a network should always have been tested by nessus or equivalent.

I lost my root password

For any Linux administrator, losing the root password can be a nightmare, equivalent to the loss of control of the machinery concerned. I have been faced with this situation on machines I had installed and for which I had not noted the password .

The classic solution is to boot into single user mode (also called Linux single). The second is easy if you can boot the machine with a live distribution. The third solution is to mount the disk on another system.

Start in single user mode.

If you use LILO, you can access single user mode by typing linux single at the boot:.

  • Start the machine;
  • At the Lilo boot screen, type linux single
  • While doing so, you ask the system to boot in “Single User” (a very simple console only) by being automatically logged in as root without having to enter the password).
  • Change your root password with the passwd command
  • Now you have changed your root password.
    If the system still asks for the root password, You just have to try the method init or via a LiveCD …

If you are using GRUB (the screen that appears at startup to select the system to boot), you should be able to access the single-user mode by following the steps below:

  • If your Grub is in graphical mode, put it first in normal mode by typing the [escape] and by validating the message that proposes to leave the graphical mode.
  • In the GRUB screen, select the normal boot your system (with the arrow keys) and press [e] to edit it.
  • Also thanks to the arrows, get off at the kernel like kernel / boot / vmlinuz root = xxx-xxx ‘and press [e] to edit it.
  • The cursor is automatically placed at the end of the line. Add a space and type single at the end of the line, then [Enter] to confirm.
  • You return to the GRUB screen. Press the [b] to start the system in single user mode.
  • In doing so, you’ve asked the system to boot in “Single User” (a very simple console only) by being automatically logged in as root, without entering the password).
  • If the system still asks for the root password (!), You just have to try the method init (below) or via a LiveCD …
  • You can now change your root password, using the passwd command followed by your new password.
  • Now you have changed your root password.

The method init

Another code to go to boot, if the single does not work eg., Is to force booting on the shell:
In the same way as above, add init = / bin / bash:

  • According to linux with LILO
  • at the end of the line kernel with GRUB.

Once the code added, the system will start and leave you early on a prompt.code. Compared to the Single mode, much less things are initialized, mounted, and so on. You absolutely have to mount the partition you are interested in:
mount-o remount, rw / passwd and then follow your new password.
If it does not work, just type mount, which will display the partition where “/” is mounted. Let it be on / dev/sda2. Type:
mount-o remount, rw / dev/sda2
Note that other partitions are not installed, and you may need to mount them manually if you want to read a file on one of them. In this case have a look at / etc / fstab 😉

Starting with a distribution Live
Once the system is booting from the CD:

  1. Mount the root partition of the system that you have lost the root password, graphically or console:
  2. mount / dev / [partition_system] / mnt-o rw
  3. edit the file / mnt / etc / passwd:
  4. Delete the X between the two signs:
  5. : x: 506:509:: / home / : / bin / bash
  6. (if you do not use shadow passwords, the password is encrypted in place of x. Delete it.)
  7. Reboot. The root user has a password. Give it a fast! This shows you how easy it is to hack a machine accessible if necessary precautions were not taken …

Encrypt and authenticate its files and mails
GnuPG is GNU Privacy Guard. The two things encounter with the electronic documents are:

  • To know for sure that you’ve sent and if the document has not changed
  • And exchange letters that only the recipient can read.

To do this the program gpg (or gpa interface) allows you to generate a pair of keys, one private and one public, based on your identity and a pass phrase.Your private key is kept secret (but you must make backup copies), then your public key must be distributed as widely as possible.To authenticate a document, you use your private key and password. The document will be accompanied by a hash, a sort of synthesis between the key and the document. The recipient using your public key, verify that the document matches the hash which proves that it has been validated by your private key and has not been changed.To encrypt a document you use the public key of the recipient. It will use its private key and password to decrypt.

How to exchange public keys.

  • You give your physically corresponding fingerprint of your key. It must verify your identity.
  • You place your public key on a server. Your contact download and verification will benefit after the fingerprint for authentication.
  • Thus, all the people who know your correspondent and trust it can be sure of your identity.

All these manipulations are very simple with gpa.


Please enter your comment!
Please enter your name here