Yes. Don't.
this post was submitted on 06 Aug 2023
84 points (92.9% liked)
Linux
47369 readers
1346 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
I wouldn’t recommend using anti-virus software. It usually creates a lot more overhead, plus it usually mimics existing solutions already in linux. The only viruses I have ever caught using an anti-virus software on Linux are the test viruses to see if all is working fine.
Anyway, here’s my 20+ enterprise experience recommendations with Linux :
- enable secure boot: will disable launching non-signed kernel modules (prevent root kits)
- enable firewall: and only allow ports you really need.
- SELinux: it is getting better, and it will prevent processes to access resources out of their scope. It can be problematic if you don’t know it (and it is complex to understand). But if it doesn’t hinder you, don’t touch it. I do not know AppArmor, but it is supposed to be similar.
- disable root over ssh: or only allow ssh keys, or disable ssh altogether if you do not need it.
- avoid using root: make sure you have a personal account set up with sudo rights to root WITH password.
- only use trusted software: package managers like
aptandrpmtend to have built in functionality to check the state and status of your installed software. Use trusted software repositories only. Often recommended by the distro maintainers. Stay away from use this script scripts unless you can read them and determine if they’re the real thing.
Adhering to these principles will get you a long way!
edit: added section about software sources courtesy of @dragnucs@lemmy.ml
And when in doubt, upload the file to virustotal.
Thank you for the advice!
Firewall on Linux is something I still don't understand, and explanations found on Internet have always confused me. Do you happen to know some good tutorial to share? Or maybe one doesn't need to do anything at all in distros like Ubuntu?
Regarding ssh: you only mean incoming ssh, right?
@bushvin@pathfinder.social @toikpi@feddit.uk @hevov@discuss.tchncs.de @ChonkaLoo@lemmy.world @HotBoxghost2743@lemmy.ml @c1177johuk@lemmy.world (I'm surely forgetting someone, sorry)
Thank you ALL for the great advice and guides! I'm writing from behind a laptop firewall now, and don't notice anything :) It was smoother than I expected. In the end I used UFW because it was already installed, but I'll take a look at firewalld too in some days! I don't have any incoming ssh connections (not a server), so I didn't need to worry about that :)
Really great people here at Lemmy :)
I don't think you need to configure your firewall. Firewalls are usualy used to block incomming connectings. Usualy a Firewall that blocks all incomming connections is already active on your modem/router. Adding exception to the modem/router Firewall usualy happen through port forwords.
ebtables and iptables can be very complex. And I failed my 1st RHCE exam because of them. But once you learn, you will never unlearn, as they are quite beautifully crafted. You just need to get into the mindset of the people who wrote the tools…
Look into firewalld
It has a rather simplified cli interface: firewall-cmd
The manpages will tell you a lot.
firewall-cmd —add-service=ssh
Will open the ports for your ssh daemon until you reload your firewall or reboot your system
firewall-cmd —permanent —add-service=ssh
Will open the ssh ports until you remove them
firewall-cmd —list-all
Will show you the current firewall config
Try nftables directly, it's simple and straightforward, scripting syntax is easy.
Another simpler frontend for iptables I think is well suited for desktop environemnts is ufw. It does what it's supposed to do and is extremely simple to use
load more comments
(1 replies)
Yes, usually you configure your endpoint firewall to block incoming traffic, while allowing all outgoing.
Unless you’re in a very secure zone, like DMZ’s.
load more comments
(1 replies)
You don't need one if you know what you are doing but there's ClamAV
Yeah, I think most of the times, if you don't run very sensitive enterprise grade machine there isn't much point to it.
Maybe run it once in a while if you really want to.
load more comments
(1 replies)
I don't understand why we keep telling new users that it is useless to use an antivirus on Linux. For people with computer knowledge, sure. However more widespread Linux adoption will mean more casual users will start using it. Most of them don't have the "common sense" that is often mentioned ; these users will eventually fall for scams that tell them to run programs attached in emails or random bash scripts from the internet. The possibility is small, but it's not zero, so why not protect against it?
Because snake oil is not helping, or a working substitute.
Security is a process, not a solution.
Security is a process, not a solution.
Well put!
load more comments
(11 replies)
Same thing happened on macOS. We used to say it’s immune because everything was written only for Windows. That stopped being true a long time ago and the majority of web servers have been running Linux for a decade. Doesn’t seem so crazy to me that someone would want to regularly scan their Linux boxes for bad code.
You should protect against it, but antiviruses are not the answer. It's more efficient to prevent breaches by building good security into software by design (and keeping your system up to date) than to play an endless game of catch-up enumerating pieces of malware after they're already circulating.
Windows tried this approach and it turned into a mess, antivirus companies turned into villains themselves and it still didn't fix the underlying problems. Eventually they came around to actually fixing security problems, and keeping Windows up to date, and offering a curated source of apps and so on.
You can still use scanning on Linux, but apply it efficiently on entry points, like attachments in your email client or your Downloads dir. Don't run a scanner all the time on all your processes and files, that's a gross waste of resources.
It also makes no sense for a properly secured modern system. Take for example Android, where a userspace antivirus can't work because userspace processes are isolated from each other, and a system level antivirus cannot be trusted because it needs to download signatures externally and can (and probably will) be a breach of privacy.
load more comments
(1 replies)
Schrödinger's Linux fanbase
Linux is so much better and easy to use for casual users. But in order to use it, you have to understand terminal, bash scripting, understand permissions, understand the difference between various flavors, etc
Most antivirus software are just root level tools to harvest your data, that pretend to help
I think clamav is a good antivirus
-
Do not run a root account for regular stuff. This is a lot less common now since most distros require you to create a non-root account during install and a lot of the systems annoy you if you're running as root, but you'd be surprised by the sheer number of people who use accounts with UID 0 daily. This may also be caused by """more experienced""" friends/family setting it up that way to try cutting corners regarding access rights, but the bottom line is: don't be that person. Use root when necessary only.
-
Get into the habit of not blindly running every command you see online or trying every trick you read/hear, at least not on your main system. Try to setup a VM (or multiple) for the purpose of trying stuff out or running something you're not sure what the impact might be.
-
Keep your system updated, from kernel to userland.
-
Get into the habit of reading news regarding exploits, malware and the responses for them. You don't need to become an infosec professional or even understand what they actually do. What is important is for you to learn what to avoid and when something really bad is discovered so you can update as soon as possible.
These 4 steps are arguably more important and create better results than any anti-virus could ever hope to do for you. They won't ever get to 100% security, but then again, nothing will.
Unless you are in a cooperate environment or very careless with the stuff you download and commands you run you shouldn't need one!
Currently I don't like any of the common AV solutions, ClamAV is the best we have and has great signature based antivirus, with many excellent third party virus signatures (I even use it on windows). however ClamAV has no heuristic based capabilities which means it's lacking quite a bit in that regard.
I really wish we had a decent hurestics based AV solution oriented to consumers but afaik none really exist that are any good.
The typical consumer Windows antivirus was designed to solve a different set of problems in a different environment and analysing files for signatures and behaviors against known threats was very valuable when so many people were running executables from unsafe sources intentionally or not. Even on Windows an antivirus has never been the best way to secure a machine. It was always the lowest common denominator solution that you put on everyone's machine because it was better than nothing.
Linux has been well served for a long time by the division or privileges between root and users and signed trusted distro sources. The linux desktop is trending towards containerized flatpak applications running in seperate namespaces with additonal protection via seccomp. Try and understand the protections Linux provides and how to best take advantage of them first and only reach for an antivirus if you still think it is needed.
Common sense. ClamAV exists, but I have no idea if it's worth it
ClamAV goated
If you’re looking for personal antivirus, you probably don’t need one. ClamAV is an option, but it is aimed at scanning emails rather than anything else. If you’re looking to protect your company or a network of computers, then Wazuh is a great choice.
Common Sense Antivirus(tm) is breddy gucci.
I've been running Linux for 20 years. Not once have I been in a situation that required an antivirus. The one time I've had a security breach it was not a virus but user error that left a door open. And even then, it was just ransomware, not a virus.
Yes, no antivirus. You don't need it. There are no viruses. Plus, the way Linux is setup it's not easy for a virus to do alot of damage.
Virustotal is great to scan anything you download that does not contain sensitive information, and ClamAV + TK will work locally to scan anything that contains sensitive information (e.g. documents sent by others) or things too big for Virustotal.
Like others are saying, there's less of a need for antivirus on Linux since there's less easy entry points (e.g package manager over downloading an installer) and less (but far from 0) malware made for Linux. But we all probably download app images or get documents related to job searches at some point and I personally prefer to scan almost file that I get from a remote computer.
Most is malware these days. Checkout Safing Portmaster and config blocking various outbound connections and pick a good DNS filter like AdGuard. Then if you get malware it won't be able to connect to CnC server.
view more: next ›