What is recommended for fighting threats on an Ubuntu system? [closed]
I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.
I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:
Checking `tcpd'... INFECTED
So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.
malware antivirus
asked Dec 17 '18 at 23:13
HR 8938 Cephei
114
closed as too broad by Sergiy Kolodyazhnyy, muru, karel, Eric Carvalho, pomsky Dec 18 '18 at 15:25
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.
I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:
Checking `tcpd'... INFECTED
So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.
malware antivirus
asked Dec 17 '18 at 23:13
HR 8938 Cephei
114
closed as too broad by Sergiy Kolodyazhnyy, muru, karel, Eric Carvalho, pomsky Dec 18 '18 at 15:25
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
1
Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2)tcpdis false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
– Sergiy Kolodyazhnyy
Dec 17 '18 at 23:33
Great, thanks for verifying tcpd isn't an issue and providing some links.
– HR 8938 Cephei
Dec 17 '18 at 23:41
add a comment |
I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.
I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:
Checking `tcpd'... INFECTED
So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.
malware antivirus
asked Dec 17 '18 at 23:13
HR 8938 Cephei
114
I'm fairly new to GNU/Linux and I've recently migrated to Ubuntu because I've heard and read it's one of the best distros to try when you're learning Linux. However, I'm looking for something to minimize threats in Ubuntu. I've read and been told from multiple sources that you don't need to worry about viruses on Linux but my recent encounter leads me to believe otherwise.
I haven't had Ubuntu for long but I've already managed to get a rootkit on my system. I've verified this from running sudo chkrootkit:
Checking `tcpd'... INFECTED
So what do you suggest to make sure my system is secure in the Linux environment? Should I just install an anti virus software of my choice or is there a better option(s) in Linux? I would be willing to learn some programs rather than just taking the anti virus software route that does everything for you.
malware antivirus
malware antivirus
asked Dec 17 '18 at 23:13
HR 8938 Cephei
114
asked Dec 17 '18 at 23:13
HR 8938 Cephei
114
asked Dec 17 '18 at 23:13
HR 8938 Cephei
114
asked Dec 17 '18 at 23:13
HR 8938 Cephei
114
asked Dec 17 '18 at 23:13
HR 8938 Cephei
114
114
closed as too broad by Sergiy Kolodyazhnyy, muru, karel, Eric Carvalho, pomsky Dec 18 '18 at 15:25
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as too broad by Sergiy Kolodyazhnyy, muru, karel, Eric Carvalho, pomsky Dec 18 '18 at 15:25
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
1
Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2)tcpdis false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
– Sergiy Kolodyazhnyy
Dec 17 '18 at 23:33
Great, thanks for verifying tcpd isn't an issue and providing some links.
– HR 8938 Cephei
Dec 17 '18 at 23:41
add a comment |
1
Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2)tcpdis false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.
– Sergiy Kolodyazhnyy
Dec 17 '18 at 23:33
Great, thanks for verifying tcpd isn't an issue and providing some links.
– HR 8938 Cephei
Dec 17 '18 at 23:41
1
1
Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2)
tcpd is false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.– Sergiy Kolodyazhnyy
Dec 17 '18 at 23:33
Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2)
tcpd is false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.– Sergiy Kolodyazhnyy
Dec 17 '18 at 23:33
Great, thanks for verifying tcpd isn't an issue and providing some links.
– HR 8938 Cephei
Dec 17 '18 at 23:41
Great, thanks for verifying tcpd isn't an issue and providing some links.
– HR 8938 Cephei
Dec 17 '18 at 23:41
add a comment |
1 Answer
1
active
oldest
votes
It appears that this is a common false-positive
In this Ubuntu Forums post, user kpatz tested this in a fresh
16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
comparing the md5sum from the package:
$ dpkg -S /usr/sbin/tcpd
tcpd: /usr/sbin/tcpd
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
usr/sbin/safe_finger: OK
usr/sbin/tcpd: OK
usr/sbin/tcpdchk: OK
usr/sbin/tcpdmatch: OK
usr/sbin/try-from: OK
usr/share/man/man8/safe_finger.8.gz: OK
usr/share/man/man8/tcpd.8.gz: OK
usr/share/man/man8/tcpdchk.8.gz: OK
usr/share/man/man8/tcpdmatch.8.gz: OK
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).
[1]:
https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235
source
There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump
edited Dec 17 '18 at 23:34
Sergiy Kolodyazhnyy
69.4k9144306
answered Dec 17 '18 at 23:25
SlidingHorn
766
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
It appears that this is a common false-positive
In this Ubuntu Forums post, user kpatz tested this in a fresh
16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
comparing the md5sum from the package:
$ dpkg -S /usr/sbin/tcpd
tcpd: /usr/sbin/tcpd
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
usr/sbin/safe_finger: OK
usr/sbin/tcpd: OK
usr/sbin/tcpdchk: OK
usr/sbin/tcpdmatch: OK
usr/sbin/try-from: OK
usr/share/man/man8/safe_finger.8.gz: OK
usr/share/man/man8/tcpd.8.gz: OK
usr/share/man/man8/tcpdchk.8.gz: OK
usr/share/man/man8/tcpdmatch.8.gz: OK
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).
[1]:
https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235
source
There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump
edited Dec 17 '18 at 23:34
Sergiy Kolodyazhnyy
69.4k9144306
answered Dec 17 '18 at 23:25
SlidingHorn
766
add a comment |
It appears that this is a common false-positive
In this Ubuntu Forums post, user kpatz tested this in a fresh
16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
comparing the md5sum from the package:
$ dpkg -S /usr/sbin/tcpd
tcpd: /usr/sbin/tcpd
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
usr/sbin/safe_finger: OK
usr/sbin/tcpd: OK
usr/sbin/tcpdchk: OK
usr/sbin/tcpdmatch: OK
usr/sbin/try-from: OK
usr/share/man/man8/safe_finger.8.gz: OK
usr/share/man/man8/tcpd.8.gz: OK
usr/share/man/man8/tcpdchk.8.gz: OK
usr/share/man/man8/tcpdmatch.8.gz: OK
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).
[1]:
https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235
source
There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump
edited Dec 17 '18 at 23:34
Sergiy Kolodyazhnyy
69.4k9144306
answered Dec 17 '18 at 23:25
SlidingHorn
766
add a comment |
It appears that this is a common false-positive
In this Ubuntu Forums post, user kpatz tested this in a fresh
16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
comparing the md5sum from the package:
$ dpkg -S /usr/sbin/tcpd
tcpd: /usr/sbin/tcpd
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
usr/sbin/safe_finger: OK
usr/sbin/tcpd: OK
usr/sbin/tcpdchk: OK
usr/sbin/tcpdmatch: OK
usr/sbin/try-from: OK
usr/share/man/man8/safe_finger.8.gz: OK
usr/share/man/man8/tcpd.8.gz: OK
usr/share/man/man8/tcpdchk.8.gz: OK
usr/share/man/man8/tcpdmatch.8.gz: OK
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).
[1]:
https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235
source
There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump
edited Dec 17 '18 at 23:34
Sergiy Kolodyazhnyy
69.4k9144306
answered Dec 17 '18 at 23:25
SlidingHorn
766
It appears that this is a common false-positive
In this Ubuntu Forums post, user kpatz tested this in a fresh
16.10 VM and chkrootkit still complained, making this a false positive. You can always check if a file has been tampered by
comparing the md5sum from the package:
$ dpkg -S /usr/sbin/tcpd
tcpd: /usr/sbin/tcpd
$ (cd /; md5sum -c /var/lib/dpkg/info/tcpd.md5sums)
usr/sbin/safe_finger: OK
usr/sbin/tcpd: OK
usr/sbin/tcpdchk: OK
usr/sbin/tcpdmatch: OK
usr/sbin/try-from: OK
usr/share/man/man8/safe_finger.8.gz: OK
usr/share/man/man8/tcpd.8.gz: OK
usr/share/man/man8/tcpdchk.8.gz: OK
usr/share/man/man8/tcpdmatch.8.gz: OK
usr/share/man/man8/try-from.8.gz: OK Of course, the md5sums file itself maybe tampered, (and so could `md5sum` itself and so on...).
[1]:
https://ubuntuforums.org/showthread.php?t=2346505&p=13583235#post13583235
source
There may be a slight difference, as in 18.04, instances of tcpd above will be replaced with tcpdump
edited Dec 17 '18 at 23:34
Sergiy Kolodyazhnyy
69.4k9144306
answered Dec 17 '18 at 23:25
SlidingHorn
766
edited Dec 17 '18 at 23:34
Sergiy Kolodyazhnyy
69.4k9144306
edited Dec 17 '18 at 23:34
Sergiy Kolodyazhnyy
69.4k9144306
edited Dec 17 '18 at 23:34
Sergiy Kolodyazhnyy
69.4k9144306
69.4k9144306
answered Dec 17 '18 at 23:25
SlidingHorn
766
answered Dec 17 '18 at 23:25
SlidingHorn
766
answered Dec 17 '18 at 23:25
SlidingHorn
766
766
add a comment |
add a comment |
1
Three points: 1) minimizing threats strategy will depend on what sort of threats you expect and who is your adversary - that's what security professionals call "threat model". 2)
tcpdis false positive, so you're safe from that 3) Read on hardening Ubuntu , securing, antivirus on Ubuntu, and whatever else is linked to those questions. Plenty of information.– Sergiy Kolodyazhnyy
Dec 17 '18 at 23:33
Great, thanks for verifying tcpd isn't an issue and providing some links.
– HR 8938 Cephei
Dec 17 '18 at 23:41