[an error occurred while processing this directive]

  Linux Letter 19

The Linux Letter for May 8, 2000

Welcome to a very much delayed issue of The Letter! School takes its toll, and I haven't been able to churn anything out for a while. So hopefully the wait was worth it.

Unless you've been hiding under a rock for the past week, you know about the ILOVEYOU worm that cruised the Internet last week wreaking havoc on computers that run Microsoft Outlook as their email client. The worm, actually a Visual Basic script, deleted some files, renamed others and then attempted to send itself to every email address in the address book. Since some of the affected files were critical system files, this particular program caused a lot of trouble.

Every time one of these things pops up, virus awareness increases. Generally, there is a lot of barn door closing as IT departments scurry to install anti-virus software, or update the out-of-date software they already have. Obviously, it's too little too late.

And every time a virus hits the news, I get emails and phone calls asking about Linux's vulnerability to a virus. And my stock answer is, "Probably not."


On a properly administered system (and that's significant), important system programs are protected from malicious tampering. The daemons and other "low level" programs and scripts are generally protected from being changed by anyone other than root. And to be root, you need the password.

That's not to say that a user's files couldn't become infected. Alan Cox, a man who should certainly know a thing or two about Linux, says that a virus can be written for any operating system. But since Linux was designed as a multi-user operating system, security is very tight.

What Linux, like any other operating system, is vulnerable to is a worm. The ILOVEYOU worm, improperly called a virus, is such a thing. A worm is a self-propagating program. Classically, worms were designed to grow and consume resources of a computer or a network, but the term has lately come to apply to programs that simply replicate themselves across networks. 

The worm enters the system, perhaps disguised as an innocuous file attachment, as was ILOVEYOU. Then it runs and performs whatever task it was designed to do. But the important thing here is that under Linux, the only files that the program can affect are those that are owned by the user. And that's where smart system administration comes in.

You should never, NEVER log in as root. If you can absolutely help it at all, don't log in as root. Think of the root account as the fire alarm that evacuates a 100 story skyscraper. You'd better have an extremely good reason for using it.

If a program needs to be installed using root privileges, make sure that you know that it is safe. Compare file sizes, dates, checksums…anything that you can to make sure that you are convinced that what you are installing is what you mean to install. If you can't verify the integrity of a piece of software, then think twice about using it.

Guard your password. Make sure that the root password is a combination of numbers and upper and lowercase letters. It should be as random as possible and as long as possible.

Know your users. Examine your system logs. Look at what ports are open to the Internet. Your system can be as secure or as insecure as you desire. In the end, a little bit of common sense and a small dose of paranoia can go a long way toward preventing costly system downtime.


Hot Tip of the Week

OK, maybe it's been a little bit longer than a week since the last tip, but this one's appropriate.

You've finally decided to take control of how your system talks to the outside world. But you want to know just what ports are open. One way is to use the netstat command:

netstat -na

Stand back, though, because you'll probably get a flood of information that may not be all that easy to understand. Try this instead:

lsof | grep inet

The command sorts through all of the open devices and shows you only those connected to the Internet.

I use RedHat Linux, and under RedHat 6.2, you'll find netstat in /bin/. lsof lives under /usr/sbin.


Happy computing!

Drew Dunn


Get your free email account...  TODAY!!!


The Power


[an error occurred while processing this directive]