What is recommended for fighting threats on an Ubuntu system? [closed]












-1














I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.



I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:



Checking `tcpd'...                                          INFECTED


So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.






malware antivirus







share|improve this question













closed as too broad by Sergiy Kolodyazhnyy, muru, karel, Eric Carvalho, pomsky Dec 18 '18 at 15:25


Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.











  • 1




    Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2) tcpd is false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
    – Sergiy Kolodyazhnyy
    Dec 17 '18 at 23:33










  • Great, thanks for verifying tcpd isn't an issue and providing some links.
    – HR 8938 Cephei
    Dec 17 '18 at 23:41
















-1














I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.



I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:



Checking `tcpd'...                                          INFECTED


So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.






malware antivirus







share|improve this question













closed as too broad by Sergiy Kolodyazhnyy, muru, karel, Eric Carvalho, pomsky Dec 18 '18 at 15:25


Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.











  • 1




    Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2) tcpd is false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
    – Sergiy Kolodyazhnyy
    Dec 17 '18 at 23:33










  • Great, thanks for verifying tcpd isn't an issue and providing some links.
    – HR 8938 Cephei
    Dec 17 '18 at 23:41














-1












-1








-1







I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.



I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:



Checking `tcpd'...                                          INFECTED


So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.






malware antivirus







share|improve this question













I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.



I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:



Checking `tcpd'...                                          INFECTED


So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.






malware antivirus




malware antivirus






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 17 '18 at 23:13









HR 8938 Cephei

114




114




closed as too broad by Sergiy Kolodyazhnyy, muru, karel, Eric Carvalho, pomsky Dec 18 '18 at 15:25


Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.






closed as too broad by Sergiy Kolodyazhnyy, muru, karel, Eric Carvalho, pomsky Dec 18 '18 at 15:25


Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.










  • 1




    Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2) tcpd is false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
    – Sergiy Kolodyazhnyy
    Dec 17 '18 at 23:33










  • Great, thanks for verifying tcpd isn't an issue and providing some links.
    – HR 8938 Cephei
    Dec 17 '18 at 23:41














  • 1




    Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2) tcpd is false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
    – Sergiy Kolodyazhnyy
    Dec 17 '18 at 23:33










  • Great, thanks for verifying tcpd isn't an issue and providing some links.
    – HR 8938 Cephei
    Dec 17 '18 at 23:41








1




1




Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2) tcpd is false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
– Sergiy Kolodyazhnyy
Dec 17 '18 at 23:33




Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2) tcpd is false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
– Sergiy Kolodyazhnyy
Dec 17 '18 at 23:33












Great, thanks for verifying tcpd isn't an issue and providing some links.
– HR 8938 Cephei
Dec 17 '18 at 23:41




Great, thanks for verifying tcpd isn't an issue and providing some links.
– HR 8938 Cephei
Dec 17 '18 at 23:41










1 Answer
1






active

oldest

votes


















2














It appears that this is a common false-positive




In this Ubuntu Forums post, user kpatz tested this in a fresh
16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
comparing the md5sum from the package:



$ dpkg -S /usr/sbin/tcpd

tcpd: /usr/sbin/tcpd

$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)

usr/sbin/safe_finger: OK

usr/sbin/tcpd: OK

usr/sbin/tcpdchk: OK

usr/sbin/tcpdmatch: OK

usr/sbin/try-from: OK

usr/share/man/man8/safe_finger.8.gz: OK

usr/share/man/man8/tcpd.8.gz: OK

usr/share/man/man8/tcpdchk.8.gz: OK

usr/share/man/man8/tcpdmatch.8.gz: OK

usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).


[1]:
https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235




source



There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump






share|improve this answer






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    It appears that this is a common false-positive




    In this Ubuntu Forums post, user kpatz tested this in a fresh
    16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
    comparing the md5sum from the package:



    $ dpkg -S /usr/sbin/tcpd
    
tcpd: /usr/sbin/tcpd
    
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
    
usr/sbin/safe_finger: OK
    
usr/sbin/tcpd: OK
    
usr/sbin/tcpdchk: OK
    
usr/sbin/tcpdmatch: OK
    
usr/sbin/try-from: OK
    
usr/share/man/man8/safe_finger.8.gz: OK
    
usr/share/man/man8/tcpd.8.gz: OK
    
usr/share/man/man8/tcpdchk.8.gz: OK
    
usr/share/man/man8/tcpdmatch.8.gz: OK
    
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).


    [1]:
    https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235




    source



    There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump






    share|improve this answer




























      2














      It appears that this is a common false-positive




      In this Ubuntu Forums post, user kpatz tested this in a fresh
      16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
      comparing the md5sum from the package:



      $ dpkg -S /usr/sbin/tcpd
      
tcpd: /usr/sbin/tcpd
      
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
      
usr/sbin/safe_finger: OK
      
usr/sbin/tcpd: OK
      
usr/sbin/tcpdchk: OK
      
usr/sbin/tcpdmatch: OK
      
usr/sbin/try-from: OK
      
usr/share/man/man8/safe_finger.8.gz: OK
      
usr/share/man/man8/tcpd.8.gz: OK
      
usr/share/man/man8/tcpdchk.8.gz: OK
      
usr/share/man/man8/tcpdmatch.8.gz: OK
      
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).


      [1]:
      https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235




      source



      There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump






      share|improve this answer


























        2












        2








        2






        It appears that this is a common false-positive




        In this Ubuntu Forums post, user kpatz tested this in a fresh
        16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
        comparing the md5sum from the package:



        $ dpkg -S /usr/sbin/tcpd
        
tcpd: /usr/sbin/tcpd
        
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
        
usr/sbin/safe_finger: OK
        
usr/sbin/tcpd: OK
        
usr/sbin/tcpdchk: OK
        
usr/sbin/tcpdmatch: OK
        
usr/sbin/try-from: OK
        
usr/share/man/man8/safe_finger.8.gz: OK
        
usr/share/man/man8/tcpd.8.gz: OK
        
usr/share/man/man8/tcpdchk.8.gz: OK
        
usr/share/man/man8/tcpdmatch.8.gz: OK
        
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).


        [1]:
        https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235




        source



        There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump






        share|improve this answer














        It appears that this is a common false-positive




        In this Ubuntu Forums post, user kpatz tested this in a fresh
        16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
        comparing the md5sum from the package:



        $ dpkg -S /usr/sbin/tcpd
        
tcpd: /usr/sbin/tcpd
        
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
        
usr/sbin/safe_finger: OK
        
usr/sbin/tcpd: OK
        
usr/sbin/tcpdchk: OK
        
usr/sbin/tcpdmatch: OK
        
usr/sbin/try-from: OK
        
usr/share/man/man8/safe_finger.8.gz: OK
        
usr/share/man/man8/tcpd.8.gz: OK
        
usr/share/man/man8/tcpdchk.8.gz: OK
        
usr/share/man/man8/tcpdmatch.8.gz: OK
        
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).


        [1]:
        https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235




        source



        There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump







        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Dec 17 '18 at 23:34









        Sergiy Kolodyazhnyy

        69.4k9144306




        69.4k9144306










        answered Dec 17 '18 at 23:25









        SlidingHorn

        766




        766















            -

            Popular posts from this blog

            flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

            Image
            0 I recently upgraded an Ubuntu 16.04 virtual machine to 18.04. I regularly use this VM to run apt-mirror at school on their high-speed internet, then rsync these files to my rack-mount server at home for updating multiple computers at home without wasting the tiny amount of bandwidth I have there. Since updating I can't get apt-mirror to run on my VM. It keeps giving the error: flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror line 214 immediately followed by: apt-mirror is already running, exiting at /usr/bin/apt-mirror line 217 apt-mirror is NOT running, and does not have a cron job. I've tried rebooting, and even looked for the old-style lockfile to delete, but I guess that method is no longer used. Is there some way to force unlock this so I can run apt-mirror? UPDATE: So... I f
            Read more

            Mangá

            Image
              Nota:  Não confundir com Manga. Mangás e Animes Mangá Mangaká • Tankōbon Film comic La nouvelle manga Mangá original em inglês Anime História Animação influenciada por animes • Filler • OVA • Seiyū Públicos Kodomo • Shōjo • Shōnen Josei • Seinen Gêneros Mahō shōjo • Mecha • Harém Ecchi • Hentai ( Yaoi • Yuri Futanari • Shotacon • Lolicon Toddlercon ) Termos Bishōjo • Chibi • Fan service Gaiden • Kawaii • Kaitō • Light novel Mahō shōnen • Moe (antropomorfismo • Kemonomimi Nekomimi ) • Super deformed Omake • Tsundere • Yonkoma Listas Mangás • Animes • Ecchi • Mangaka • Estúdios • Revistas Fãs ( otaku ) Anime Music Video Convenções • Cosplay Dōjinshi • Fansub • Fandub • Fujoshi OS-tan • Scanlation Portal de Anime e mangá v d e O mangá (português brasileiro) ou manga (português europeu) [ 1 ] (em japonês: 漫画 , manga ? , lit. “história em quadrinhos”) , é a
            Read more

             ⁒  ․,‪⁊‑⁙ ⁖, ⁇‒※‌, †,⁖‗‌⁝    ‾‸⁘,‖⁔⁣,⁂‾
”‑,‥–,‬ ,⁀‹⁋‴⁑ ‒ ,‴⁋”‼ ⁨,‷⁔„ ‰′,‐‚ ‥‡‎“‷⁃⁨⁅⁣,⁔
⁇‘⁔⁡⁏⁌⁡‿‶‏⁨ ⁣⁕⁖⁨⁩⁥‽⁀  ‴‬⁜‟ ⁃‣‧⁕‮ …‍⁨‴ ⁩,⁚⁖‫ ,‵ ⁀,‮⁝‣‣ ⁑  ⁂– ․, ‾‽ ‏⁁“⁗‸ ‾… ‹‡⁌⁎‸‘ ‡⁏⁌‪ ‵⁛ ‎⁨ ―⁦⁤⁄⁕

            ⁉…‧ ⁩,“⁡‹⁃‽⁞•,⁠‚  ⁓⁎  ⁜ ‴ ⁥⁡⁎‭,‍‑⁁⁌⁦ ⁁‟⁙‥‒“⁈ ,‪⁧ ⁙‿⁇⁦,⁝‘ ⁎“⁘‫‪,‗‹‛‹⁒  ⁇⁄‗‒•“⁇   ‐ ⁂
‘‛, ‶⁦ ⁇ ​⁞‧ 
,⁏ …‹–⁗⁡⁘⁄ ‏‿‬‟″ ‏⁢⁦⁗⁚⁝‬⁢⁏,⁧″⁍′‖⁂※⁄‘– ‵⁡ ‭⁢⁚,⁅‧,‼‛⁗,⁡⁗“⁔⁃⁍‷⁏‗‱⁌‚  
•⁝ ‚‒ ‥‰  ′⁌, ⁄, ⁛—‭‑”⁂,⁑ ‡⁨‴⁖⁙…,‑, ,⁎,․‣‥  ‴‎⁎,″‛⁎‭‿ ⁤ ‷‾‼‖,⁠⁊‾,⁦“‗‑‌†,⁙,†⁝′ 
,―‚․‘, ⁢  ‿‌,⁀„‣,⁌,‭‖ ⁆“‪,―  ⁀ ⁃,
‷⁥,​,‟‗⁄⁉⁐⁗―
,‮⁢⁩⁆⁣‹‭⁅ ⁝‾‏‭⁖ ⁕⁄‷,†‟‒ ⁣‹,​…​,⁤⁂⁨‮⁎⁙–‟‼ ⁍‱‱,‽,‫‽‣ ⁒,⁨ ⁄ ⁝”„‿‑‎⁈‿
 ⁀‛‼‟ ⁑“,⁩​ ‒
–⁡…⁢ ⁂ ⁈⁎,‵‡,⁛,,‱⁧⁋,․‬⁄ “,⁄‴⁊  ‗―,‵⁙⁔—⁀ —  ⁀‬‬ ‒⁋‼⁀― ,⁌′ ‍‶ ’
            Read more