Permissions will go a long way in protecting against viruses. I use the
Apache web server, and have virtual domains running under user accounts
( e.g. /home/matthew/www ). The user is the owner of all files and
directories, and apache is the group of all files and directories within
the /home/mathew/www space, for example, so permissions are set to 750
for the web virtual directories:
matthew read, write, execute
apache read, execute
other none
Since the websites run under user Apache, there is hardly ever a need
for apache to have write permissions which would allow the apache user
to delete or overwrite files. There are a couple of instances where
apache is given write permission, so for those directories the
permissions is set to 770.
Its pretty easy to do, like:
chown -R matthew /home/matthew/www/*
chgrp -R apache /home/matthew/www/*
chmod -R 750 /home/matthew/www/*
If anyone gained access to the system as user matthew, they would only
be able to attack /home/matthew and its sub-directories.
If anyone gained access to the system as user apache, which is not
likely, since I have apache set to "no login", they would only be able
to read and write directories and files of the apache group.
The firewall also helps protect against viruses, as any user coming in
through an open port would need to get past a login to gain access to
the system.
For emails coming into the Linux network, it a good idea not to open any
attachments that are not trusted or to use something like the AVG email
antivirus software. If you do a search on "linux antivirus software",
you will find several other options regarding Linux antivirus software.
Regards,
LelandJ
Matthew Jarvis wrote:
> At home I am using the personal edition and it seems to work great...
>
> Here at work I want to have something on my server that deals with
> user traffic for websites, chat, etc.
>
> Matthew S. Jarvis
> IT Manager
> Bike Friday - "Performance that Packs."
> www.bikefriday.com
> 541/687-0487 x140
> mattj at bikefriday D.OT com
>
>
> Leland Jackson wrote:
>
>> Are you running linux or windows at home? It seems like I tried an
>> AVG anti virus program for Linux a couple of years ago.
>>
>> Regards,
>>
>> LelandJ
>>
>>
>> Matthew Jarvis wrote:
>>
>>> Anybody using this?
>>>
>>> I'm using the freebie email product at home and think it's great...
>>>
>>> Here at work I have a 7 system server farm (all running Linux), plus
>>> my Linux workstation and about 30 pc's running Win 98 thru XP.
>>>
>>> I have amavis/spamassasin running on the email server, but for these
>>> bozo's web browsing, chat, etc it's pretty much wide open...
>>>
>>> I'd kinda like to shore up the holes, ya know?
>>>
>>> Matthew S. Jarvis
>>> IT Manager
>>> Bike Friday - "Performance that Packs."
>>> www.bikefriday.com
>>> 541/687-0487 x140
>>> mattj@bikefriday.com
>>>
>>>
[excessive quoting removed by server]
©2006 Leland Jackson |
