Re: [OT] DNS problem



On Thursday 14 October 2010 08:06 in comp.os.linux.networking, somebody
identifying as sl@exabyte wrote...

What I mean is virus on my PC. Possible ? Thanks

Only if it runs Microsoft Windows. There are no viruses for GNU/Linux
in the wild.

Attempts at creating viruses for GNU/Linux have been undertaken in the
interest of science - read that as: "so as to find out whether
GNU/Linux could be a potential market for proprietary antivirus
software" - but all of those required the deliberate cooperation of the
root user to get the virus installed and have execute permission.

What *is* /always/ possible of course is that your machine has a rootkit
on it, which means that someone somewhere with bad intentions has
obtained access to your machine (and as the root user) and has replaced
several of your system binaries with modified binaries which hide the
specified malevolent processes from the user's view. Although not
trivial, it is generally possible to diagnose this through some
cleverness. For instance, the phony binaries will typically be much
larger than the bonafide ones.

There are also several things one can do in order to make it more
difficult for a cracker to get into the system. For starters, use
strong enough passwords, and deny root logins over ssh, forcing the use
of "su" or "sudo". In addition, do not grant "su" and "sudo" access to
every user of your system.

There is more you can do, but most users will object to these measures
because it implies a lot of work for those who regularly wish to update
packages on their systems and/or install new software, e.g. having
certain filesystems mounted read-only during normal operation -
e.g. "/boot", "/usr", "/usr/local", "/opt" - and either setting up a
read-only root filesystem - which is difficult, but not impossible - or
setting the "immutable" flag on directories containing executables and
libraries, and on those executables and libraries themselves - see
the /man/ page for "chattr" on that.

Do however not be alarmed by the above. Although rootkits do exist and
the above does take place on a regular basis, crackers generally don't
waste the time and the effort to install a rootkit on a regular
end-user workstation/PC on the internet. They generally target higher
profile machines - such as internet servers - and on such machines, the
sysadmins are often - not always, but all too often - very lax at
implementing proper security precautions out of sheer laziness.

--
*Aragorn*
(registered GNU/Linux user #223157)
.