On Tue, Dec 01, 2009 at 08:12:22AM +0000, Avi Greenbury wrote: > abdelkader belahcene wrote: > > Hi, > > I am asking if there is a virus on my machine how to detect it. > > ClamAV[0] is the standard linux anti-virus scanner. For rootkit [1] > detection/fixing, look at chkrootkit[2] and rkhunter[3]. > > > the command ps aux gives all running processes, all really all? or > > it may be a hidden process running on background. > > Most. > Rootkits are generally hidden, and 'infection' from a rootkit provides > the possibility that ps has been replaced with one designed to not > show all processes. > > > Until now, I considered that a virus doen't affect a system if you > > work as simple user, and can't damage system without root permission, > > am I right, or virus can get root privileges ?? > > Depending on how the system's configured, it's often possible to do > damage without being root. > That aside, the frequency of security patches implies that there are > generally vulnerabilities in any given server setup, some of which can > lead to privilege escalation. > > > another thing on linux, the program can't run if it not executable, > > it must have the "x" permission, if we copy a file normally it looses > > the x permission. > > This is what I believe up now, am I right?? > > Mostly. It's quite possible to run a non-executable file through an > interpreter (where the interpreter [perl, bash, php, etc.] accepts the > non-executable file as an argument). > Don't forget about the *.desktop files that several desktop environments use to launch programs from their deskop. They can execute files without the "x" permission set. Although I think one of the major DE's fixed that security hole (but I can't remember which).
-Rob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
