- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Virus checking on unix
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2004 11:45 AM
тАО11-16-2004 11:45 AM
RP2450 and RP2470 machines - running ux11.0 and ux 11.11 v1
Anyone suggest where Imight get an official stand from hp on the necessity or not for running virus scans on HP unix machines. If there is a way, please suggest a location where I might get info on how to scan for and protect the machines.
Thanks
maria
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2004 11:57 AM
тАО11-16-2004 11:57 AM
SolutionAlmost all viruses are designed to corrupt Windows machines. Far more targets, much greater havoc.
Anti virus software is of little utility on HP-UX. It would not necessarily detect a script written to use up all the cpu by spawning unlimited copies of itself.
Sendmail gleefully transmits viruss meant for Windows machines to Windows users with no ill effect on the HP-UX or Linux server they pass through.
On that point, I would say if you opened up selected directories to CIFS/samba and used a symmantec product, you could scan an HP-UX system for virus.
The way our organization protects Unix is thus. All unix email is relayed via a smtp relay server. Also a symanntec product. All viruses too or from are eliminated at that stage.
Summary: No real business need for anti-virus software on Unix. There are open source solutions you can compile if in spite of this logic you wish to proceed.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2004 12:00 PM
тАО11-16-2004 12:00 PM
Re: Virus checking on unix
Should read: Unix's official stand as repeated by me.
Sorry.
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2004 12:33 PM
тАО11-16-2004 12:33 PM
Re: Virus checking on unix
You'd be better off looking at products like HIDS that actually monitor certain functions of your system. The way unix systems are attacked are in a variety of ways, one being where system files or passwords might be compromised. Once the files have been infultrated, they can launch a further attack on your system by gaining control and then attempting to do further damage. Have a look at the offerings, you'll see they do a number of things. We are evaluating it now (HIDS) and once you work out what to monitor it gets easier.
There is no official stand, however HP will say to protect your system(s) by deploying tools like HIDS, Bastille etc. Many are free. Here are some links.
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5083AA
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
Regards
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-16-2004 07:20 PM
тАО11-16-2004 07:20 PM
Re: Virus checking on unix
First time when I find virus on my linux server I can't believe but it was.
YES there are virus for Unix.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 08:00 AM
тАО11-17-2004 08:00 AM
Re: Virus checking on unix
How did the virus present itself?
Maria
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 09:46 AM
тАО11-17-2004 09:46 AM
Re: Virus checking on unix
Sample output from the sophos cron job:
Sweeping /u01 filesystem
SWEEP virus detection utility
Version 3.80, April 2004 [HP-UX/HP-PA]
Includes detection for 89009 viruses, trojans and worms
Copyright (c) 1989,2004 Sophos Plc, www.sophos.com
System time 23:10:03, System date 16 November 2004
Command line qualifiers are: -nsc -nb --no-reset-atime --no-follow-symlinks
Quick Sweeping
23039 files swept in 4 minutes and 16 seconds.
No viruses were discovered.
End of Sweep.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 09:53 AM
тАО11-17-2004 09:53 AM
Re: Virus checking on unix
Maria
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 11:02 AM
тАО11-17-2004 11:02 AM
Re: Virus checking on unix
The most common threats (I don't call them viruses) are trojan horses on the system. You get a consultant (or a disgruntled employee) that worked on your system as root, leaves couple of suid-root programs in some unnoticiable places that simply spawn a shell , add couple of user logins. Anytime he/she could get into the box as long as it has network connectivity, use those suid programs to gain root access. Or that person could replace your /usr/bin/ls with a small script of their choice. They could also connect to some of the open ports like sendmail etc., run some malicious code to overflow the buffers and make the OS to give out shell. Viruses like Blaster worm simply sit on windoz boxes in the environment and do a continous polling of ports like RPCD and make them to crash. Or someone can put a sniffer on the wire connecting to your machine and watch the cleartext traffic containing secure information.
You will need to strenghthen the security on the systems by
1. Closing all the ports/services that are not necessary.
2. Encrypt the communication as much as possible using ssh, hardware encryption etc.,
3. Pay atmost attention to security patches. Subscribe to HP's bulletin and act on the security patches as soon as you can. People first try 'widely known' attacks first.
4. Have some tools like eSM, Cops, Satan, Bastille etc., t o report and fix the issues.
5. Minimize the number of users that have access to the system. No sharing of root passwords.
6. Implement strict account measures like password aging, expiry etc.,
HP can only be a carrier of viruses. So, you can store PC files containing viruses and distribute them to other systems. If you are running applications such as Samba, mail etc., that get/put files on PC, then you may want to run virus scans for those files as indicated in the previous threads.
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-17-2004 11:09 AM
тАО11-17-2004 11:09 AM
Re: Virus checking on unix
She states contrary to what I said that Viruses do exist for HP-UX.
So. I was wrong.
Big enough to admit it.
Still the premise that most viruses are aimed at Windows boxes, a more target rich environment is true.
If I pick up any tips as I read the book, I'll let you know. Book is probably worth having.
http://www.amazon.com/exec/obidos/tg/detail/-/0130330620/qid=1100736575/sr=1-1/ref=sr_1_1/102-7832521-3745723?v=glance&s=books
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com