[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virus on linux?



On Tue, Dec 01, 2009 at 08:12:22AM +0000, Avi Greenbury wrote:
> abdelkader belahcene wrote:
> > Hi,
> > I am asking if there is a virus on my machine how to detect it.
> 
> ClamAV[0] is the standard linux anti-virus scanner. For rootkit [1]
> detection/fixing, look at chkrootkit[2] and rkhunter[3].
> 
> > the command ps aux  gives all  running processes, all really all? or
> > it may be a hidden process running on background.
> 
> Most. 
> Rootkits are generally hidden, and 'infection' from a rootkit provides
> the possibility that ps has been replaced with one designed to not
> show all processes.
> 
> > Until now, I considered that a virus doen't affect a system if you
> > work as simple user, and can't damage system without root permission,
> > am I right,  or virus can get root privileges ??
> 
> Depending on how the system's configured, it's often possible to do
> damage without being root.
> That aside, the frequency of security patches implies that there are
> generally vulnerabilities in any given server setup, some of which can
> lead to privilege escalation.
> 
> > another thing on linux, the program can't run if it not executable,
> > it must have the "x" permission, if we copy a file normally it looses
> > the x permission.
> > This is what I believe up now, am I right??
> 
> Mostly. It's quite possible to run a non-executable file through an
> interpreter (where the interpreter [perl, bash, php, etc.] accepts the
> non-executable file as an argument).
> 
Don't forget about the *.desktop files that several desktop environments
use to launch programs from their deskop.  They can execute files
without the "x" permission set.  Although I think one of the major DE's
fixed that security hole (but I can't remember which).

-Rob


Reply to: