Deploy efficient anti-virus software on Linux servers

Linux's ability to resist viruses is well known. This is mainly due to its excellent technical design, which not only makes its operating system difficult to crash, but also makes it difficult to be abused. First of all, early users of Linux are generally professionals. even today, although their users surge, the typical users are still very good.

Linux's ability to resist viruses is well known. This is mainly due to its excellent technical design, which not only makes its operating system difficult to crash, but also makes it difficult to be abused. First of all, early Linux users are generally professionals. even today, although their users surge, typical users are still those who have a good computer background and are willing to assist others, linux experts prefer to encourage new users to support such a cultural spirit. Because of this, a kind of internalization tendency in Linux use groups is to avoid virus infection with security experience as much as possible. Second, being young is also one of the reasons why Linux is rarely attacked by viruses. In fact, all operating systems (including DOS and Windows) were rarely intruded by various viruses at the beginning of their production. After 27 years of development and improvement, Unix has become very solid, and Linux basically inherits its advantages. In Linux, if it is not a super user, it is difficult for programs that maliciously infect system files to succeed. With the wide application of Linux on servers, a variety of attacks against Linux are also prevalent.

 

1. virus classification in Linux

Linux has always been regarded as an enemy of Windows systems, because it is not only secure, stable, and cost-effective, but also seldom finds virus spreading. However, as more servers, workstations, and PCs use Linux software, computer virus makers are also starting to attack the system. For Linux systems, the security and permission control of servers and workstations are relatively powerful. this is mainly due to its excellent technical design, which not only makes its operating system hard to crash, it also makes it difficult to be abused. Of course, this does not mean that Linux is impeccable. viruses are essentially binary executable programs. Although server load balancer 1 (Slammer), Blast, Sobig, Mimail, and Laura (Win32.Xorala) viruses are not damaged on Linux servers, but it will spread to computers that access its Windows platform.

Virus classification on Linux:

1. executable file virus: an executable file virus is a virus that can be parasitic in a file and infected primarily with objects. Virus makers can easily infect ELF files regardless of their weapons, assembler, or C. In this regard, the virus is Lindose.

2. worm (worm): After the outbreak of the Morris worm in 1988. to distinguish between worms and viruses, Spafford defines the technical perspective of worms. "computer worms can run independently and spread a version of itself containing all the functions to another computer." On the Linux platform, worms are rampant, such as ramen, lion, and Slapper spreading by exploiting system vulnerabilities. these viruses are infected with a large number of Linux systems, causing huge losses.

3. script virus: Many viruses are generated in shell scripting language. This type of virus is easy to write, but it is equally destructive. We know that there are many. the script file ending with sh, and a shell script with just a dozen lines can traverse all the script files on the hard disk in a short time for infection.

4. backdoor program: In the broad definition of virus, backdoor programs are also included in the scope of virus. The backdoor that is active in Windows is also very active on Linux. From adding simple backdoors for system superuser accounts, to using system service loading, sharing library file injection, rootkit toolkit, and even loading kernel modules (LKM ), the backdoor technology on the Linux platform has developed very well and is concealed and difficult to remove. It is a headache for Linux administrators.

II. Linux server virus prevention policies

Based on the above introduction, we can see that computer viruses pose a small risk to Linux systems. However, for various reasons, in enterprise applications, Linux and Windows operating systems often coexist to form a heterogeneous network. Most servers use Linux and Unix, while Windows is used on the desktop. Therefore, Linux virus protection policies are divided into two parts:

1. protection policies for Linux itself (servers and computers using them as desktops.

The prevention of executable file viruses, worms, and script viruses can be basically prevented by installing the GPL virus detection and removal software. The server can use f-prot (http: // www.f-prot.com/) which works under the command line and can consume less system resources at runtime. Desktop users can choose that tkantivir (http://www.sebastian-geiges.de/tkantivir/) is written in Tcl/Tk and can run in any X-Windows environment, such as KDE or Gnome.

For backdoor guard, LIDS (http://www.lids.org/) and Chkrootkit (http://www.chkrootkit.org/) can be used, LIDS is the Linux kernel patch and system administrator tool (lidsadm), which enhances the Linus kernel. It can protect important files in the dev/directory. Chkrootkit can detect system logs and files, check whether malicious programs intrude into the system, and find signals associated with different malicious programs. The latest version of Chkrootkit0.45 can detect 59 types of sniffers, Trojans, worms, and rootkit.

In addition, most of the software running on Linux servers is open-source software, which is constantly being upgraded. stable versions and beta versions alternate. On www.apache.org and other websites, the latest ChangeLog has the words bug fix and security bug fix. Therefore, the Linux system administrator should pay attention to the bug fix and upgrade of related websites, and upgrade or add patches in a timely manner. Never be lucky. Otherwise, a Shell script may win your website. A famous saying goes: your server may always be taken over by hackers the next day.

2. virus prevention policies for Windows systems that use the Linux server backend.

Many enterprises use proxy servers to access the internet. many Windows systems are infected with viruses during HTTP web browsing and file downloads. Therefore, a virus filter can be mounted on the proxy server, virus detection is performed on the HTTP web pages browsed by users. if a user browses the web page and is infected with viruses, the proxy server blocks them and discards the requests with viruses, prevent insecure processes from spreading virus data to the client computer.

Squid is a very good proxy server software, but it does not have a special virus filtering function. You can consider using a Linux-based virus filtering proxy server-HAVP (http://www.server-side.de/) developed by Open Source enthusiasts in Germany /). The HAVP virus filtering proxy server software can be used independently or in tandem with Squid to enhance the virus filtering function of the Squid proxy server. Providing mail services is an important application in Linux servers. ClamAV (http://www.clamwin.com/) can be used, ClamAV full name is Clam AntiVirus, IT and Liunx emphasizes the concept of public program code, free authorization, etc, clamAV can detect more than 40,000 types of viruses, worms, and Trojans, and update the database at any time. a group of virus experts distributed around the world update and maintain the virus database 24 hours a day, anyone who finds a suspicious virus can contact them at any time and immediately update the virus code. in a very short time, the ClamAV email server is used on the network to complete the latest protection actions.

III. install and configure f-prot

System requirements: Hardware: Central Processor: compatible with Intel X86 processor Pentium 200 or above, 32 MB (recommended 64 MB) memory, 100 MB hard disk space, display memory 4 MB. Software: kernel version 2.2 or later, and perl version 5. More than 8.

F-prot official website: http://www.f-prot.com/..., is the famous Iceland F-Port anti-virus software, with instant virus scanning, regular virus scanning, custom virus scanning and other functions. This is an easy-to-use tool to defend against transient pathogens. it protects your data by detecting and moving viruses. It can detect 64000 unusual and harmful computer pests. In addition to access and require scanning, this tool also includes an update feature to automatically obtain the latest virus code program. Any new virus can be directly added to the detection database and detoxification database. Updates and virus scans can be performed automatically. F-prot free version for Home Edition, Linux version free, windows charges,: Linux version: http://www.f-prot.com/downl ..., you must enter the basic information before downloading the SDK. after downloading the SDK, no serial number is required during installation. F-prot is mainly used for file servers (NFS and Samba) and mail servers (sendmail, postfix, and Qmail ).

1. software download

# Wget http://files.f-prot.com/fil...

2. software installation and upgrade

After the software is installed, it is automatically connected to the official website for upgrade. the operations are as follows:

# Rpm-ivh fp-linux-ws.rpm
Preparing... ######################################## ### [100%]
1: fp-linux-ws ################################### ####### [1, 100%]
***************************************
* F-Prot Antivirus Updater *
***************************************

Theres a new version:
"Application/Script viruses and Trojans" signatures on the web.
Starting to download...
Download completed.

Preparing to install Application/Script viruses and Trojans signatures.
Application/Script viruses and Trojans signatures have successfully been installed.

Preparing to install Document/Office/Macro viruses signatures.
Document/Office/Macro viruses signatures have successfully been installed.

**********************************
* Update completed successfully .*
**********************************
The default package is installed in the/usr/local/f-prot directory.

3. view the f-prot manual page

& N