tools
hydra - can discover passwords by brute force |
john - the john the ripper tool |
Antivirus Programs ‹↑›
While Linux is not prone to viruses, it is useful to have anti virus
programs in order to disinfect usb memory sticks which you may use
in other peoples computers (running Microsoft Operating Systems)
These notes were synthesised from a 'linux format' magazine
article. Clam is one of the more prominent open-source antivirus
programs for Linux.
Installing Clam ‹↑›
The Ubuntu 'launchpad' is a little bit like the sourceforge site.
That is, designed to foster coding collaboration.
put a launchpad ubuntu ppa in /etc/apt/sources.list
ppa:ubuntu-clamav/ppa
put a ppa in sources.list for the 'karmic' ubuntus version
deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu karmic main
a bash command to append the correct line to the sources.list file
sudo echo "
deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu karmic main
" >> /etc/apt/sources.list
,,,
view the config file
less /etc/apt/sources.list
Doing this allows us to get the latest version of clamav for ubuntu
(rather than just the version supplied with the standard ubuntu
installation). 'Ppa' means an application from one of ubuntus
'partners'. (Partner prefered application?). It means that the application
has not been thouroughly tested with a distribution of Ubuntu Linux
but that it will probably work.
get the keys for the server
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5ADC2037
Configuring Clam ‹↑›
An anti virus program is only as good as the virus signature database
apon which it relies. This database needs to be updated regularly since
people are constantly inventing new virus.
view the list of manual pages for the clamav antivirus scanner
apropos clam
get the latest virus definitions
sudo freshclam
get all the virus signatures in the virus db
sigtool --list-sigs
But what is this for exactly, I wonder
get the clamtk gui frontend for clam and gnome
sudo apt-get install clamtk
The clamtk application is extremely basic and doesnt provide many of the
options available from the command line. For kde the clam graphical user
interface is called 'clamav-kde', or Klamav
get the clamav daemon
clamav-daemon
check if the clam daemon is running, should give 3 results
ps ax | grep clamd
start the daemon
sudo clamd
check the version of the daemon
clamdscan -V
Scanning With Clam ‹↑›
After installing and configuring you can now, finally, scan some
files and folders, to see if they contain any viruses.
scan a whole folder tree
clamscan -r /path/tree
scan just the contents of 1 folder (not subfolders)
clamscan /media/Lexar
scan a folder tree and ring the bell when finished with output
clamscan -r --bell -i /media/Lexar
scan the 'lexar' usb memory stick and print verbose messages
clamscan -rv /media/Lexar
mail the result of a scan to yourself
clamscan -r -i /path/ | mail me@me.com
Dealing With The Infected Files ‹↑›
scan a memory stick an move all the infected files to the 'bad' folder
clamscan -r --move=bad /media/usbstick
scan and automatically remove infected files, a bit dangerous
clamscan -r --bell --remove -i /path/
This line above may be dangerous because 'false positives' are
a definite possibility.
Scheduling Clamav ‹↑›
It is too easy to forget to run an antivirus, so it is better to
schedule it to run automatically at a certain time or on an event.
schedule a virus scan for 3am one off
at 3:00 tomorrow
at> clamscan -i ~ | ~/test.txt
schedule it with cron on the hour every hour everyday
export EDITOR=vim
crontab -e
append "0 * * * * sh /path/script.sh
schedule it without sending any mail
append "0 * * * * sh /path/script.sh > /dev/null 2>&1
schedule a virus signature update once a day
append "0 3 * * * sh /path/script.sh > /dev/null 2>&1
other security tools
SELinux - harden the box |
AppArmor |
chrootkit = check for rootkits |
AVG - a free antivirus |
Firewalls ‹↑›
A firewall is an application which examines tcp/ip packets arriving at
and leaving a computer and allows or disallows those packets to
continue depending upon a set of rules. A firewall does not have to
run on a separate computer. Since the Internet is the main source of
security problems for any computer, the firewall software has a great
importance in any security set-up.
Iptables ‹↑›
Iptables is the traditional unix/linux internet firewall system. It has
the reputation of being difficult to understand and master but
flexible and powerful.
Handheld Devices For Security Auditing ‹↑›
- www: sharp
- zaurus
The Sharp Zaurus is a hand-held pda installed with linux along
with a number of network security auditing tools
- www: iPAQ
-
DOCUMENT-NOTES: