|
|||
Openbsd and Antivirus
Hy All,
I searched for this topic a bit and found no posts or very old ones here and on the net there are just a few results. So i thought that i ask One of my friends who is a IT security specialist suggested that dispite BSD not having may instances of viruses its a good idea to install an antivirus to the system. It bugged me a little so i was thinking. I have a server that runs samba gets files from another network that has 99% windows computers, only a handful have access to the machine. My server is just a relay not a storage. The problem is what if the server that gets the data is MS and MS virus is in the file..... The network is secure and the windows machines have antivirus (windows defender at worst case) on them, but still am a bit worried, about security and ransomware. So what would you suggest? What antivirus are you using when you must have one (on BSD)? What other methods would you suggest beside or instead? BR SimpL |
|
|||
I am not an expert on Security by no means, so take this tidbit with disclaimer.
I maintained internet facing servers for some time hosting my own (static) business websites. Used OpenBSD's base server and attempted to make sensible PF.conf configurations. Used Clamav (clamscan, freshclam) to search / update virus's Experienced "No" observable issues over the course of approx 7 yrs. I also configured PF.conf to limit traffic from specific sites or countries to reduce the usual pesky problems. U seem to control that by accepting traffic from known limited sources. A good review of your logs, and IP traffic is advised. Your level of expertise will determine the value of the statement "no observable issues" in your own set-up, configuration. Many people here can help to secure or scan your traffic far better than I Good Luck Last edited by frcc; 29th April 2021 at 12:58 PM. Reason: clarify |
|
|||
My personal stuff does not run AV. Pretty much everything that gets installed is from the OpenBSD packages so I'm not too worried. Web browsers are always suspicious but pledge and unveil are there and browsers are a known risk always anyway. Treat them as such.
For work servers, we're required to have AV. So there I run ClamAV and do a weekly scan in root's crontab. These servers download nothing, don't have web browsers or mail clients and don't have any users other than sysadmins but host data from Windows/Mac/Linux so the risk is really to those systems. |
|
|||
Can files from Windows und Mac infect Openbsd?
|
|
|||
Depends what the files are. Executables won't run on OpenBSD. But something emedded in a supported format could. Like running javascript in a web browser or email client. A PDF exploit in a cross platform reader (though then it depends how they leverage that exploit). Or exploit in an image being processed by ImageMagic.
Something in an interpreted language like python or a shell script could work across platforms. Usually you have to really target a system to get further than a crash, though, unless you're targeting a specific cross-platform application like a web server. |
|
|||
Normally not. As TronDD already stated it depends on the file etc.
Normally a windows virus wont run on the BSD because it has better user security and limitation then windows. Most ransomware and viruses use the vulnerabilities from windows to get admin access or other access to run files and services. If you run and maintain a good security in BSD (run most instances that access files etc and are not OS related not as root) like have nobody user run the samba and other server daemons then there "should" be no problem. The problem is when you have a hole or create a hole that is required by some client and that hole gets you in trouble. This is what im trying to prevent that a hole of a problem to create problems in the future or some other things that get the best of my servers Thank you all for sharing your experiences about this. It helps a ton! |
|
|||
You should never run third party programs as nobody user, or any program at all. It's a security risk. Create your own non-privileged users to do the task.
|
|
|||
Quote:
Could you elaborate on this? |
|
||||
I'll jump in with a guess. Unprivildeged daemons should normally run as their own identified userids. On OpenBSD, these are userids that begin with an underscore character, and a $HOME set to /var/empty.
The user and group "nobody" are reserved for access controls when no ownership is to be defined, such as in certain NFS mounts. See the usage discussion in the exports(5) man page. |
|
|||
Let's say you run all your server daemons as nobody. If one daemon got compromised by attacker, then the attacker will get access to all the other daemons run as the same user - nobody in this case.
Quote:
Last edited by bsdun; 13th May 2021 at 03:09 PM. |
|
|||
bsdun, jggimi: Thy for clarifying
I only run 1 instance on 1 server usually with nobody and that is that servers use "main" program (VPN server VPN process, Samba or other etc. if its needed) so there is no 2 programs ran as nobody on the same machine. So if nobody gets hacked on one then Im toast on that machine anyway But yes your right i should give it a "nobody" user like vpnuser/lowprivuser/nouser that i create with 0 priv to run the daemon..... That way its separate and identifiable easily. I think i read the nobody "hardening" for vpn somewhere and thought it was a nice touch and used it, based on my previous experiences with nobody/nogroup usage. Not the best method but its not bad if there is 1 process that u run with it, and not all. |
|
|||
Quote:
Those pdf files can be indeed dangerous. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Antivirus update affects medical computers. | shep | News | 4 | 28th April 2010 04:10 PM |
antivirus gateway | milo974 | OpenBSD Security | 9 | 14th September 2008 04:02 AM |