Linux virus (Linux/Rst-B) can make intruders to gain access to systems

A six-year old Linux virus is still in circulation, and Sophos suspects the high uptime exhibited by servers (compared with the typical home or office Windows PC that spends much of the day switched off or asleep) makes them valuable to bot-herders as central control points.

Sophos has created a detection tool specifically for this virus, and encourages administrators to use it and then forward any infected files to SophosLabs for analysis.

"If you don't find Linux/Rst-B on your system, it's good news but obviously doesn't mean that you are not infected with something else, said Billy McCourt, SophosLabs UK.

"I'd encourage you to at least do regular on-demand scans on your Linux box but ideally run an on-access scanner."

A previous analysis by McCourt suggested that Rst-B infections are not being used by intruders to gain access to systems, rather they occur as a side-effect of already-infected hacking tools being downloaded onto servers once a foothold has been gained.

"The number of malware in existence is around 350,000, and while only a teeny number of these target Linux, it seems as though hackers are taking advantage of this false sense of security," said Carole Theriault, senior security consultant at Sophos.

Sophos sells an on-access scanner for Linux. Alternatives include the AVG and Avast products for Linux, as well as software that works with the popular ClamAV to provide on-access scanning.

Read more

How-To ping IPV6 ip address

Regular ping command only works with IPv4 address. Use ping6 command to send ICMP ECHO_REQUEST to network hosts from a host or gateway.

Type the command as follows:
$ ping6 localhost
$ ping6 host.domain.com
$ ping6 IPv6-address
$ ping6 2001:db8::1428:57ab

Read ping6 man page for more information:
$ man ping6

Read more

Good place to have Linux Tattoo

Read more

Run parallel OS by using VitrualBox on OpenSuse

1) Make sure kernel-source and kernel-syms packages are installed (if not, install it from your OpenSuse installation CD), you can check using following command

poison:~ # rpm -qa | grep kernel
kernel-default-2.6.18.2-34
kernel-source-2.6.18.2-34
linux-kernel-headers-2.6.18.2-3
kernel-syms-2.6.18.2-34

2) Download and Install following rpm –> (OpneSuse) get it from here
poison:~ # rpm -ivh Xalan-c-1.10-10.i586.rpm
poison:~ # rpm -ivh Xerces-c-2.7.0-11.i586.rpm

3) Now download and install VirtualBox rpm –> here
poison:~ # rpm -ivh VirtualBox-1.3.8_openSUSE102-2.i586.rpm

4) Now add users to group vboxusers who are going to use the virtualbox using yast tool.

5) Setup the Networking via Host Bridging
Download : http://prdownloads.sourceforge.net/user-mode-linux/uml_utilities_20040406.tar.bz2

# tar xvf uml_utilities_20040406.tar.bz2
# cd tools/
# make
# make install

Do the following setup

# tunctl -t tap0 -u tux
# ifconfig tap0 0.0.0.0 up
# brctl addbr br0
# brctl addif br0 eth0 tap0
# dhcpcd br0
# ifconfig br0 up
# ifconfig eth0 0.0.0.0

6) Start the virtualbox GUI, Applications -> System -> VirtualBox

Here you can see my OpenSuse 10.2 box is running Ubuntu in virtual Box

Read more

Postfix + ClamAV + MailScanner in OpenSuse

1) Install the anti virus software (Clamav) –> (here)

rpm -ivh clamav-db-0.88.2-1.i386.rpm
rpm -ivh clamav-devel-0.88.2-1.i386.rpm
rpm -ivh clamav-server-0.88.2-1.i386.rpmrpm -ivh clamav-0.88.2-1.i386.rpm
/etc/init.d/clamd start

2. Once the anti-virus is install then we need to install the MailScanner software the RPM along with the source files can be found at http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml
Now get ready to install the mailscanner, this is going to take a long time.

gzip -d MailScanner-4.46.2-2.rpm.tar.gz
tar -xvf MailScanner-4.46.2-2.rpm.tar
cd MailScanner-4.46.2-2
./install.sh

3. In your MailScanner.conf file in /etc/MailScanner, there are 5 settings you need to change. The settings are:

Run As User = postfixRun As Group = postfixIncoming Queue Dir = /var/spool/postfix/holdOutgoing Queue Dir = /var/spool/postfix/incomingMTA = postfix

4. You will need to ensure that the user “postfix” can write to

/var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine
chown postfix:postfix /var/spool/MailScanner/incoming
chown postfix:postfix /var/spool/MailScanner/quarantine

5. Edit file MailScanner.conf

Virus Scanners = clamav

6. Edit virus.scanners.conf

clamav /usr/lib/MailScanner/clamav-wrapper /var/lib/clamav

7. Now we need to edit the postfix main.cf file, go all the way to the bottom of the file and add the following

header_checks = regexp:/etc/postfix/header_checks

8. In the file /etc/postfix/header_checks add this line:

/^Received:/ HOLD

9. Set the servers to run on startup and then start them

chkconfig MailScanner on
chkconfig postfix on
chkconfig clamd on
/etc/init.d/Mailscanner start
/etc/init.d/postfix start
/etc/init.d/clamd start

Read more