Re: antivirus for webserver
Over about ten years of running web servers, small and large, I have had
one problem so far (rootkit). That was because I did not secure services
and left a port open.
On web servers, kill all services you don't need, secure what you do
need (please, get ssh off of port 22 and require certificates), and keep
And, install a good log summary program and read the results religiously.
Michael Loftis wrote:
> Don't forget about the box, make sure to keep it upgraded regularly as
> security updates come out. Also make sure to upgrade it to the latest
> distribution of Debian as those come out because older distributions
> only have limited security support, and are eventually dropped
> altogether from security. Running AV software on a Linux/Unix is
> generally done to try to find virii infecting windows machines being
> stored on your host.
> Also be careful when you're using third party php apps, or even writing
> your own, as those are usually the source of exploits/hacks on Linux
> webservers. If you can, turn off url_fopen at least, that helps a LOT.
> --On October 6, 2008 10:10:33 AM +0200 Laura Arjona Reina
> <firstname.lastname@example.org> wrote:
>> I have a debian etch webserver, it only has installed
>> It has no GUI.
>> Nobody sits or connects there to work, only administrators for backing up
>> and update the system.
>> I tried to secure it installing and configuring bastille.
>> Now the only open ports are 22 for ssh and 80 for apache.
>> We don't need any other service: no DNS, no email server, no ldap, just
>> The connections to mysql are closed from outside, only the webserver can
>> access mysql databases.
>> My question is if it is needed to install an antivirus for keeping the
>> webserver safe. And if it is needed, which antivirus could I use?
>> I thought about clamav but I read about problems keeping up-to-date the
>> software shipped with etch-stable.
>> Thank you
>> Laura Arjona
>> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact