Enhance Linux Desktop Security

Source: Internet
Author: User

Enhance Linux Desktop Security
Introduction

Malicious attacks on computers are becoming increasingly popular. The GNU/Linux virus exists despite the much fewer viruses used to attack the GNU/Linux system than the Windows system. In addition, the number of other types of malware (as well as the number of pure attacks) that can infect Linux computers is also growing. Wirenet.1 recently attacked computers running Linux and Mac OS X. The malware steals passwords and other information stored in Internet browsers, email clients, and instant messaging tools on computers.

Enhances Linux Desktop Security using easy-to-use tools to maintain system security [graphic]

How Security rumors spread

Windows is the main target when malicious attackers focus on pranks, because the system is easy to use and many inexperienced users purchase them. Some attacks are motivated to bring a negative image to Microsoft. Microsoft is considered to be a company that does not support open-source communities. These attacks have contributed to rumors that Windows is vulnerable to security in the computing field.

Platform-independent environments (such as OpenOffice.org, Perl, and Firefox) are not spared. For example, Dropper. MsPMs-a malicious Java archive (JAR) file was found on machines running Windows, Mac OS X, and Linux.

Some malicious packages are specially written for GNU/Linux.RootkitIs a collection of tools that allow attackers to gain access to the root (Administrator) account on a computer. It is part of a series of malware similar to the Trojan password. These malicious software packages have different names, such as tOrn and ARK.

Defense against malware

Many factors determine the security of the system, but the most important is the system configuration method. This article describes the configuration of GNU/Linux desktops. Perform some steps to correctly configure your computer system to ensure computer security. Start with anti-virus protection.

Install anti-virus software ClamAV

ClamAV is an open-source (GPL) Anti-Virus engine designed to detect trojans, viruses, malware, and other malicious threats. When installing the program, you can specify whether to manually run the program or connect it to the background process for continuous running. For the desktop, it is ideal to run the program in the form of a later process, because in this case, you can still choose to perform a manual scan.

To install ClamAV as a running background process, perform the following steps:

  1. Open the computer and log on.
  2. On the menu bar, click Applications> Accessories> Terminal.
  3. After starting the terminal, enter the following command:
    sudo apt-get install clamav-daemon
  4. Enter your password when prompted.

    In this case,clamav-freshclamIs the update package of the ClamAV application.

  5. Now you will see a message reminding you how much disk space you need to use when installing the software. EnterYTo start installation.

    The installation process takes only two minutes. After the installation is complete, you will see an alert stating that your virus database isXDays ago, you should use the following steps to update it.

  6. At the prompt, run the commandsudo freshclam.

RunfreshclamUpdate the virus definition to the latest version. Keeping definitions up-to-date is important because ClamAV recognizes malware.

Virus DefinitionIt is a code pattern exclusive to malware programs. The anti-virus scanner compares the content of your file with the code pattern in the virus-defined database. If a matching value is found, the program will remind you that there is an infected file on your computer and prevent code execution in the file.

If the definition of a specific part of a malware is not in your virus definition database, the anti-virus scanner cannot know that it is a malicious code, so it will continue to run, and bear the damage caused by executing it. Update your definition regularly to provide the most comprehensive protection.

Start ClamAVClamTk: GUI of your anti-virus application

If you do not like working from a terminal, you can choose to install a GUI named ClamTk for ClamAV. This GUI can be easily installed using the Add/Remove Applications tool in Ubuntu. After the installation is complete, click Applications> System Tools> Virus plugin to run it.

After updating the virus definition, you can start ClamAV. To manually scan your main folder, go to the terminal prompt and enterclamscan. CompleteclamscanCommand, you will see a report about how many directories and files are scanned and how many infected files are found.

To run ClamAV in the form of a later process, go to the terminal prompt and enterclamdscan.clamdscanCommand to create a user named ClamAV. Then, you can add this user to a group that owns the files you want to scan.

Use rkhunter to defend against rootkit

The most dangerous malware for GNU/Linux users may be rootkit. Rootkit Hunter (rkhunter) AndchkrootkitThe program scans suspicious files on the desktop. Attackers may install these files to gain control of your computer.

To installrkhunter(Find and delete one of the best rootkit programs), perform the following steps:

  1. To navigate back to the Terminal, click Applications> Accessories> Terminal.
  2. In the terminal shell, enter the following command:
    sudo aptitude install rkhunter
  3. EnterYStart installation.

rkhunterAfter installation, you can run it to check for attack damages on the desktop. Go to the terminal prompt and entersudo rkhunter --check.

IfrkhunterRun properly, and you will see a word next to it.OKOrWarningDirectory List. After startup,rkhunterMultiple types of scans are performed. After a scan is completed, press Enter to start the next scan. Scan types include:

  • Directory
  • Attack damage on the desktop
  • Ports commonly used for backdoor access
  • Start files, groups and accounts, system configuration files, and file systems
  • Applications

After all scans are completed,rkhunterA report is provided for you and a log file is created using the results.

Like ClamAV, you need to update it regularlyrkhunterSo that it can detect the latest vulnerabilities and attack damages:

  1. Input from Terminalsudo rkhunter --update.
  2. Enter your password when prompted.
Use Tiger to scan your system

In terms of security, benchmarking is one of the most important tasks you can do. From here, you can determine whether any content has been tampered with, because the tampering will modify the baseline content. If you install an Office suite, you will also modify the benchmark, but you can approve this addition. If a malware is installed on your machine, a benchmark check will also detect the malware.

Most people do not know how to manually create baselines for their computer configurations. However, a program named Tiger will review the computer system and check whether any content has been modified. If the content is modified, the software provides an error code.

To install Tiger on the Ubuntu Desktop, open the terminal first. Run the following command from here:

 sudo aptitude -y install tiger

This command places Tiger software on your machine. Now you need to run it.

Runsudo tigerCreate a security issue report and save it to/var/log/tiger. The file name often contains the Host Name of the computer, followed by the date and time, suchsecurity.report.hostname.121220-8:46. The file name will be provided to you when the report is complete.

To view the report, runsudo geditIt also contains/var/log/tiger and file name. In this example, the command is:

 sudo gedit /var/log/tiger/security.report.hostname.121220-8:46

The report then provides the error code for the problem it finds. You can search for the meaning of each error code online.

For more details, please continue to read the highlights on the next page:

  • 1
  • 2
  • Next Page
[Content navigation]
Page 1: GNU/Linux Desktop Security Overview 1 Page 2: GNU/Linux Desktop Security Overview 2

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.