Monday, 2 April 2012

Securing GNOME 3.2.1 openSUSE 12.1

Reactions: 
 In order to secure my GNOME 3 desktop I use a combination of following tools . This ensures that there is multilevel protection on my system. Prevention is always better than cure :-) . All the software described below are being used on openSUSE 12.1 / GNOME 3.2.1.
==>Clam Antivirus & Fireclam Addon(gecko based browser like Firefox and SeaMonkey)
==>AppArmor
==>Rootkit Hunter & chkrootkit
Clam Antivirus
Salient Features of Clam Antivirus are:-
==>ClamAV is an open source (GPL) Antivirus engine
==>It can detect Trojans, viruses, malware and other malicious threats.
==>It is the de facto standard for mail gateway scanning.
==>It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning
==>The core ClamAV library provides numerous file format detection mechanisms, file unpacking support, archive support, and multiple signature languages for detecting threats.
==>Tool for automatic signature updates.There is a scheduler for scheduling scans as well as option to schedule update the definitions.
==>The software can update virus signatures,GUI and Antivirus engine independently.
Installation:-
Clam Antivirus can be installed using the famous 1- Click Install on . Alternatively it can installed from this search page.
Usage:-
It can be found under Activities ( Windows Key ) ==> Applications ==> System Tools ==> ClamTk.
After hitting windows key one can type in "clamtk"  and GNOME 3 desktop will intuitively show clamtk GUI
It can also be launched using command "clamtk" through quick launch window (Alt + F2 )
Main Window After installation
The signatures can be updated using update window.The update menu can be located under help menu
The following screenshot is how the application looks after updation
Fireclam Addon
One can force automatically scan all the downloaded files using Fireclam Addon which can be installed onto a gecko based browser. After installation the addon will automatically invoke clamscan to scan the files being downloaded the  whenever files are downloaded through the browser
SeaMonkey showing Fireclam installed
Clamscan shown running in "gnome-system-monitor" when files are being downloaded
AppArmor 
==>AppArmor proactively protects the OS and Apps from threats by enforcing good behavior and preventing even unknown application flaws from being exploited.
==> AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor.
Installation:-
Here is the 1- Click install for installing AppArmor . Alternatively it can installed from this search page. After installing AppArmor one should restart the system to activate the software.
Usage:- 
To check the status of the profiles that have been installed you can run the command "aa-status" from "gnome-terminal".
Sample output for aa-status(shows whether profiles are AppArmor successfully installed or not)
linux-9p85:~> sudo /usr/sbin/aa-status
root's password:
apparmor module is loaded.
27 profiles are loaded.
27 profiles are in enforce mode.
   /bin/ping
...
   /usr/sbin/smbldap-useradd///etc/init.d/nscd
   /usr/{sbin/traceroute,bin/traceroute.db}
0 profiles are in complain mode.
3 processes have profiles defined.
3 processes are in enforce mode.
...
Create New Profiles:-
A good article demonstrating setting up of new / additional  AppArmor profiles here using YaST .One can also take a look at the  detailed article about it here in ubuntu forums.
rkhunter & chkrootkit
==>Rootkit Hunter and chkrootkit are very useful command line / CLI based tools which can be invoked through "gnome-terminal" and can detect a variety of malware.
==>Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers.
==>chkrootkit is a set of tools that detect rootkit (a program that hides the presence of attackers) symptoms on a system
Installation:- 
Here is the 1- Click install for installing rkhunter . Alternatively it can installed from this search page.
Here is the 1- Click install for installing chkrootkit . Alternatively it can installed from this search page.
Usage:-
rkhunter update
rkhunter can be updated using command "sudo rkhunter --update"
Sample rkhunter update process output:-
linux-9p85:~> sudo rkhunter --update
root's password:
[ Rootkit Hunter version 1.3.8 ]
Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ Updated ]
...
rkhunter scan
rkhunter can be used to check for rootkit using the command"sudo rkhunter -c"
Sample output for rkhunter usage:-
linux-9p85:~> sudo rkhunter -c
[ Rootkit Hunter version 1.3.8 ]
Checking system commands...
Checking for rootkits...
  Performing check of known rootkit files and directories
    55808 Trojan - Variant A                                 [ Not found ]
    ADM Worm                                                 [ Not found ]
    AjaKit Rootkit                                           [ Not found ]
...
chkrootkit scan
Sample output for chkrootkit usage:- 
linux-9p85:~> sudo /sbin/chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
.....

No comments:

Post a Comment

LinkWithin

Related Posts Plugin for WordPress, Blogger...