Tips to Secure Linux from Backdoor

[Innis]

Open source is very present in the computer world is a free area where software are developed by enthusiasts and are distributed free. In this area, free does not mean bad quality but something quite contrary to that. Many free software compete with commercial software edited by multinational big budget to start with LINUX or WINDOWS.

Today open source software are adopted my most of the new IT sectors. But this area is also not a risk free. There is a regular fear of risk involved in using those stuffs. The discussion on on viruses infection on Linux is still not full final. Much of what you read is simply wrong. More and more experts today comes out with new security holes that are vulnerable to systems. And many of them seem to have little knowledge of UNIX.

This is probably because most viruses are targeting Windows systems and therefore most antivirus are designed for Windows systems. It is quiet right to say that there are certainly very few viruses which are made for Linux . Access restrictions in this environment is set for the same reason. For example, when a user runs a file that contains a virus, the virus has the same privileges like the user, under normal conditions, there are very few privileges. So the virus cannot spread to other systems.

But if a user with all permissions launches a virus, it could infect the entire system and travel to other systems also. Remember also that the number of viruses for Windows is much higher because the UNIX operating systems are much less common on private computers. If more people were using UNIX at home, then obviously there would be more viruses for these systems. The rise in favor of the operating system GNU / Linux has certainly proven. A one of the most common virus I found is Linux.Slapper.Worm.

Back door is equivalent to a virus. It is the one whose key is in the flower pot or under the doormat. A backdoor escapes to internal control rules.

How to Detect a Backdoor

A backdoor is nothing but a hidden door . knockd is a tool to trigger actions on certain events such as networks with direct application to reveal access to a server based on a sequence packet networks. Knockd allows for example to change the rules of the firewall server to allow the calling IP to connect to the SSH server is inaccessible by default. To do so, the appellant shall send the client a sequence of packets knock ip agreed in advance. So just be aware about such applications.

To detect these backdoors, there are not many solutions:

Scan with a IP sniffer IP, tje networking streams generated by the application to the outside location, which incidentally will be effective only if the third party accesses the system for monitoring network operations.

Analyze the inner workings of a software. To do this, it is necessary to read the source code which requires specific knowledge in computer programming. In reality the source code is released as open source and for other software, called as owners, the analysis will be preceded by a phase of reverse engineering that is to say decompilation to obtain a reconstructed source code, this practice is not only complex but more contrary to the contractual provisions of user licenses (EULA).

Note that for applications in web mode, Saas, ASP like in webmail messaging, office suites Google or Microsoft, social networks, file sharing and data, none of these controls operations. Moreover, the software and data are assigned mostly hosted on servers located in other countries without the same guarantees of protection. The outsourcing of the IT function and its applications at a price, that of dependency.

Antivirus

For an antivirus support you can use ClamAV. It is an anti-virus free, under GPL. It allows you to find viruses on Linux and Windows partitions.
Scan a folder or a partition from the command line. It works in the background. It is particularly suited for scanning e-mail on the mail servers. The main archive formats are supported in this. Rapid developments. The virus database is enriched by users Available on many Linux Live CD like Knoppix. Klamav is a free GUI for ClamAV to scan for viruses like the anti-virus business.

Installation :

ClamAV comes with most distributions of GNU / Linux binary form. The examples that follow for Fedora 8. They must be adapted according to the distribution used : # Yum install clamav clamav-update. Clamscan supports almost all formats of files on a system including archives (rar, zip, tar, deb jar, arj), e-mail, html, etc. Klamav manager is a virus that uses ClamAV. Its interface is nice and usable under Gnome and KDE. Before starting to install and use Klamav must have ClamAV installed, configured and running . It is also possible to launch Klamav by selecting it under Gnome or KDE

This command will install the following parts :

• clamav
• clamav-data
• clamav-filesystem
• clamav-lib

[Luis234]

Backdoor is only not the threat to Linux. There are more viruses. Like a Shell Script, perl, Macro, ELF, etc. Linux viruses are very likely in the near future more and more sophisticated and exploit the local root exploits to gain root privileges, because they then have complete access to the system. This is especially dangerous when infected programs such as ls, or a virus automatically load kernel modules. The virus is then to be memory resident in the situation on different ways to each file is then accessed to infect.The malware is no longer only in a local system is able to infect, but may also spread via networks. Networks will also play in another way, a role in Linux viruses. Win32.Hybris, a worm which has achieved wide circulation on Windows systems use a technique with which the author update the virus on the Internet is to convey it with new features. A Linux virus could also download new features, or download new exploits to gain more control.

[kraal]

There are preventive measure for Linux also. If possible, refer to programs only from trusted sources. Programs should be based only in the source code, as expected, is the source code will exist only a few viruses can exploit that. Anyone who downloads its distribution over the Internet should make sure that he uses an original server, or server to serve as an official mirror. On multi-user systems there should be strict file permissions option. This must be compulsory especially in critical areas, such as / sbin, / bin and / etc. Although the least-reliable Linux virus scanners detect viruses already, but you should install a virus scanner in any case, the largest being ported to Linux, are not open source but freeware. A cron script should ensure these are always the newest databases installed. Security programs under Windows are vital, but operate to a large extent window-dressing: virus scanners and firewalls attempt by symbols or message window to attract attention, so that the user feels well protected.

[Ernesto4]

Under Linux a virus scanner for lack of superfluous viruses. While there are virus scanners for Linux, but these serve only to examine files or emails to Windows viruses. It is better if you have a better personal firewall. It blocks access from the Internet to services that run for some reason on the computer. The Ubuntu default installation provides only the Internet to no services, so there's nothing that would block what to do. On the contrary: even a firewall is only a piece of software and can even contain security vulnerabilities. All the better if you can do without them. It blocks unwanted access to the Internet for programs that you have intentionally or unintentionally (viruses, trojans) installed on his computer. In the software can be installed on the Ubuntu sources, as there are not spywares on the orignal sources.

[Enriqueta]

If you can understand how UNIX works, then you can easily figure out that only allow a few bugs can give the root access to the program which are dangerous. There are some rootkits and the design eliminates a lot of damage. One would have to root surf the Internet and to become infected. It is true that there are few Linux viruses, and the few that exist. There are often bugs that could allow a sneak to the root access, so much for the work as a user. Viruses in Linux would not effect much till your root password is not affected at all. Therefore a virus could change nothing on the Linux system itself. So you should never work as root when you are online.