[OpenIndiana-discuss] Anti-Virus strategy

Michelle Knight michelle at msknight.com
Wed Dec 26 19:03:41 UTC 2012 

Thank you both for your advice.

I neglected to tell you exactly what role OI is being used for, which
could help you target your advice.

The OI machine is a simple text server installation; no frills. It has
two "admin" users on board, namely "root" and the irregular user name
that I use when installing. This is what I ssh to the box with when I
need to do rare admin work (which I why I keep forgetting commands;
this thing is like a tank!)

All other user names are used for file access only via the CIFS share
and have no other privs on the system.

Therefore, the usual "home" areas aren't written to or used on a
regular basis.

There is one large ZFS dataset published with CIFS and most areas are
read-only. Only some select areas are read-write by a very few
"data users" only. The rest are read only and have to be written to by
opening an SFTP session.

The chances of someone getting at the system itself is remote; but if
the worst happens, the system is so straightforward I can have it
rebuilt in less than an hour.

You're talking in things that I don't completely understand. Obviously
as I used to be an assembler programmer, I know what you're saying,
(make, compile, etc.) but not how to achieve it in OI. I never really
learned C, so I do need a bit of babying. Particularly when they go
wrong; I never know which libraries have what in them. I just don't do
it on a regular basis.

First question is that as the machine is used on this basis, is
intrusion detection going to delivery me any serious benefit? I'm not
using it for browsing, etc. and very limited services are running,
basically the only thing extra than what comes out of the box is CIFS
for the ZFS share.

Secondly, Clam as a daemon sounds a good step forward, but I'm not sure
how to get its reports. Currently, the client produces a report of the
scan and puts it to a separate web server; which is my home page.
Whenever I open a browser I get an hourly report of the ZFS status and
a link to the last anti-virus scan. How do I get the daemon to plug in
to this kind of reporting please?

Thanks again,

Michelle.

More information about the OpenIndiana-discuss mailing list