[TriLUG] establishing linux {antivirus, anti-spyware, firewall} compliance to Windows-centric management

[matt at noway2.thruhere.net]

>> P-2b. Some version of antivirus software installed, running, configured,
>> and patched with the latest virus definition files.  The software must
>> perform a complete system scan at least once a week.
>
> Would anyone care to recommend a low-overhead antivirus "solution"?
>
On the email servers that connect to Windoze machines, I use Clam.  There
are others, e.g. AVG, that also make Linux versions.  You can set them to
run weekly with a cron task.  Requirement met.

>> P-2c. Some version of anti-spyware software installed, running,
>> configured, and patched with the latest pattern files.  The software
>> must perform a complete system scan at least once a week.
>
> Would anyone care to recommend a low-overhead anti-spyware "solution"?

I would recommend a HIDS, such as Ossec or Samhain coupled with a simple
utility like Aide that will tell you if system files have been modified
(i.e. you have spyware).

>> P-2d. Some version of a host-based firewall installed, running,
>> configured and patched with a rule set which conforms to industry best
>> practices.
>
> Would anyone care to recommend a low-overhead firewall and rule set?
>
All incoming ports blocked by default.  Can't get much simpler than that.

> Any further advice regarding how (or how not) to deal with this sort of
> situation (Windows admins seeking Windows-based approval of your Linux
> system) would also be appreciated.
>
Doesn't DHS (or even NSA) have recommendations on Linux?  If so, I would
point those out.