HACK-PROOF 9.10 Anti-Virus & Firewall [KARMIC KOALA BIBLE #19]

Here's the ideal start to find out about the options available to safeguard your Ubuntu PC & data, using antivirus & firewall softwares, plus iptables.

This section of the Karmic Koala Bible weighs the basic firewall & anti-virus options for sole Linux PCs & network clients. It analyses security concerns, linking to some of the finest reference about iptables and the overall topic.

(OK, let's be frank .. it's dull as s-h-1-t .. but if you have any doubt then do skim through it, and I'll try to make it as painless as possible.)

Thing is, I can't bring myself to write up a guide like this, where effectively you're putting your business, to whatever extent, in my hands, without a word of caution. Bad Karma!

Yes, Linux is safe, strikes me. Essentially it is, with a system where you as 'root', else a priviledged Super User, would have to execute a virus or port-opener, to compromise things.

Then again, you know what? I've done that very thing in my silly-sod past, and who knows what clever hack-tactic may ensnare my inquisitive nature once again. Times change, knowledge develops, viruses evolve and ports may somehow be prised.

There are three trains of thought on this subject:-

• Don't bother, the Linux permissions system is second-to-none, the rest is common sense
• Use a Firewall to secure the ports, and don't 'sudo execute' dodgy files
• Use an anti-virus to help prevent the spread of any Windows-borne viruses to the Windows community, there's a fine fellow

I have sympathy with each. But ..

• Don't bother: Never say never. At least, be aware.
• Firewall: Well, I tend to agree with that. Then again, if you're behind, say, a decent router with a bundled firewall, you're sorted anyhow at no direct resource cost. And then again, again, you've already got Linux' in-built iptables, which is a configurable firewall. So why not just tighten that ruleset?
• Windows anti-virus: If that's to protect the less aware Windows community then, bottom line, I'd say that lot needs to Google up (and for crying out loud stop wasting their wad on Symantic!) If it's to protect your Samba-networked Windows machines, you probably know the deal already. Aren't I mean?

Fact is, different setups require different strategies, and a post such as this cannot provide anything other than a roundup of the options and a few pointers. Talking of which ..

Here are some options:-

Configure iptables

We're a little in the deep end here, to be honest. But like anything, it gets much simpler (just down the page, I promise) so take heart (as well as an aspirin.)

Installed by default, iptables can be tuned to your needs to provide super-strong defence, but the ruleset syntax requires some time to get to grips with. Some reference:-

• Ubuntu kicks us off well with their Iptables how-to.
• Scribd presents a flash animation introduction.
• LinuxHomeNetworking do a great job of making this subject seem like something you actually might consider wanting to read about. OK, very vaguely. Hats off!
• The Linux 2.4 Packet Filtering how-to provides a solid guide that doesn't, quite, make ones toes curl.
• Oskar Andreasson is rightly recognised as a brilliant mind on the subject but his regularly updating Iptables Tutorial is somewhat of a choker to read, and best left 'till some understanding has been built up already. Nonetheless, this is the ultimate iptables guide, hands-down, from a guy that probably eats sudoku for breakfast, (if he didn't invent it, along with quantums, rockets and maybe China.)

Hmmn, let's apply the brakes a little. For the uninitiated, there is a better way!

UFW (Uncomplicated Firewall) Bundled with Ubuntu Jaunty

Not only does that sound appealing, but you've already got it, installed by default. It's just disabled until enacted.

Once enabled, you can input commands from the Terminal to create bespoke rules for the iptables, which as you may have gathered is rather easier than setting out the iptables ruleset directly. To make life even more uncomplicato - in fact pretty darn simple - there's a GUI called GUFW that can sit on top, effectively working as an iptables' dummy guide. Coupled with a little reading from above, playing with GUFW is a great way to gain fundamental understanding, fast.

I'm not gonna give you all the commands, because Ubuntu already did and these guides are terrific:-

• UbuntuFirewall gives a general idea with a feature run-down and instructions for basic usage
• Ubuntu Docs Firewall page expands on that in comprehensive, practically enjoyable detail and yes I realise I sound sad, as well as outlining a variety of alternative firewall solutions
• The UFW Manual outlines all possible commands, with example usage

And for UFW's GUI, GUFW, check out:-

• GUFW - the official site
• UbuntuGeek's undeniably uncomplicated setup guide (he's always good value.)

GUFW has a download link. Ignore that and, instead, type, imaginatively enough:-

sudo aptitude install gufw

And run it by typing the uniquely uncomplicated:-

gufw

Or, if you like, use the utterly uncomplicated menu:-

System > Configuration > Firewall Configuration

By contrast to ubergeek chessmaster Oskar Andreasson's scary iptable doctorate thesis, GUFW running on UFW really is for human beings, or more regular ones anyhow, with barely a whiff of intimidation. And the beauty, of course, is that the ABC knowledge of the one leads to a sincere interest in the geek alphabet soup of the other. Isn't that romantic?

Firewall with Firestarter

Not dissimilar to UFW, and again with its user-friendly GUI, Firestarter hooks into your pre-existing iptables.

While the tiniest bit more demanding, again Firestarter is pretty easy to use and there's a mighty simple manual to help. In fact, even if you go another route, but are a newbie and want some kind of iptable security solution, read that manual because it really is the Sesame Street of iptables.

To install it:-

sudo aptitude install firestarter

And to run its wizard:-

sudo firestarter

When you're done configuring the wizard, a console will open and you can play with that too, for instance to start or stop the thing or see what ports are open. When you quit the Firestarter console and the panel icon disappears, it's firewall remains up, unseen. Even if you specifically stop the Firestarter firewall which, having configured and started it, you have to do from within the console or from the command line, you still have your iptables to protect you.

Anti-virus Protection

If you share via a Samba network, and think your colleagues may, shall we say, be a little Windozed (yeah, let's face it, I mean, er, not entirely savvy), this option may prove valuable.

Look up AVG for Linux, for one.

And ClamAV is popular with Ubuntans (even if it does sound like an STD.) To install that:-

sudo nano /etc/apt/sources.list

.. and add the repository:-

deb http://ppa.launchpad.net/ubuntu-clamav/ppa/ubuntu karmic main

.. save that file, then add this key:-

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xf80220d0e695a455e651ac4d8ab767895adc2037 

Lastly, get it:-

sudo aptitude update && sudo aptitude upgrade

And that really is quite enough about that. I mean, God's teeth! Are you still reading this? Well, I say, your stamina is estimable. Personally, I was asleep at the wheel.

Then again, I hope that's handy, not off-putting.