Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 17 subscribers
  • Views 7915 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Customer Feedback: What are your Linux security concerns

MarkToshack

Hello 

We are looking at the future of Linux security, not just an AV scanner, and are looking for your feedback on your security concerns with Linux.  

  • What do you use to protect your Linux servers (other tools as well as AV?)
    • What are their pros and cons? 
  • What are your generic security concerns with Linux? – not just AV, but other areas of ingress (eg docker)
  • Are there any particular security features you wish you could have to help with your Linux environment?
    • For instance certain alerts due to x y and z.

I will be able to share more details around the product in the coming months, but if any of you are interested in knowing more let me know. 

We are also providing an EAP of the product so if it something you would like to help us with please get in touch.   

Thanks 

Mark       



This thread was automatically locked due to age.
  • 0

    I have a LINUX Ubuntu Standalone Home machine.

    I am looking for Antivirus and Internet protection.

    The Linux machine is connected via WiFi or Ethernet to AT&T Uverse Router.

    AMD Ryzen 3 Processor (Intel Compatible).

    This is what I found -

    Sophos Antivirus for Linux (2018)

     
    Download:
     
    How to Install (User Manual):
  • +1 in reply to JerryL

    Hello  

    As you have stated we do have a Antivirus product for Linux - please feel free to download that an run on your Ubuntu machine! 

    What I am after is feedback from Linux admins around their security concerns and issues within their environment. Feedback will help drive a new Linux Security product we are developing. 

    thanks

    Mark 

  • 0

    Hello Mark,

     

    I have some Linux Servers and i want to install Sophos Intercept X for Linux on ( RedHat5,6 and 7 ), but i have a few concerns before i install :  

     

    Main Concern: - If i run the installer will it update some dependencies with it along the way ?  because i have other apps that function only with those specific dependecies

    - and what are the dependecies for it to be installed ?

     

    Note: i am using Sophos Central for management and i downloaded the installer package from there .

    Thanks in advance.

     

    Anas

  • 0 in reply to anass Driraze

    Hello  

     

    This KBA details the system requirements for SAV for Linux, https://community.sophos.com/kb/en-us/16819

    in summary, we require customers to have: 

    • Library version: GNU C Library (Glibc) 2.11+
    • Kernel version: Kernel 2.6.32+

    And from the admin guide https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_cg.pdf (section 9):

    When one of the Linux vendors supported by Sophos Anti-Virus releases an update to its Linux kernel, Sophos releases an update to the Sophos kernel interface module (Talpa) to support this. If you apply a Linux kernel update before you apply the matching Talpa update, Sophos Anti-Virus initiates a local compilation of Talpa. If this fails, Sophos Anti-Virus tries to use Fanotify as the interception method instead. If Fanotify is also unavailable, on-access scanning is stopped and an error is reported.

    So we will not update any of the other apps you have installed, you control your Linux environment. We just require you to have a certain level of Talpa and Glibc versions. 

    cheers 

    Mark 

    PS - we don't support RHEL 5 anymore, here is our retirement calendar https://community.sophos.com/kb/en-us/119018

  • 0 in reply to MarkToshack

    What do you use to protect your Linux servers (other tools as well as AV?): e.g. chkrootkit and Rootkit Hunter.

    Do not know if Sophos Antivirus for Linux detects rootkit software?

    What are their pros and cons? : They are open source programs but I do not know how many resources can be allocated for their development.

    What are your generic security concerns with Linux?: I am worried about the vulnerabilities discovered in processors (eg Intel AMT, Intel ME, Spectre & Meltdown). Another example for BMC "Pantsdown" vulnerability.

    Are there any particular security features you wish you could have to help with your Linux environment?: There are still many servers that do not have patches for these vulnerabilities and I think they are also administrators who do not know about them.

    Sophos Antivirus for Linux is an extremely useful product for me and together with SAV Dynamic Interface (SAVDI) forms an indispensable package for my servers. I noticed that SAVDI remained on version 2.6 for some time but I hope to continue developing.

    For my Linux distribution (Slackware) Sophos Antivirus for Linux is the only viable option for antivirus protection.

  • 0

    I know we are late to respond but,

     

    Current concerns are proper file delete and/or quarantine on linux product which aren't currently there.  Right now just locks file in place and need to manually run the delete.

    The anti-ransomware/crypto protections

    Possible API for 3rd party integration for reporting and control.

  • 0

    I like having lockdown on our windows servers.  I wish that feature existed for linux servers as well.

  • 0 in reply to Adam Forsyth

    Hi  

    The following operating systems are supported by Server Lockdown as of now:

    • Windows 2008
    • Windows 2008 R2
    • Windows 2012
    • Windows 2012 R2
    • Windows 2016
      • Windows 2016 is supported from version 7.1.0.
      • SecureBoot is not supported with Server Lockdown as it prevents the installation of the Lockdown driver.
        • SecureBoot is supported from version 7.1.2
      • Control Flow Guard does not impact the functionality of SLD
      • Device Guard Application Control will run alongside SLD, Device Guard will block applications before SLD
    • Windows 2019
      • Windows 2019 is supported from version 7.1.1

    You may raise a feature request here or vote for the same if it already exists. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0

    Hi,

     

    Linux has some procedures already in place to haden security. What I would want to see from Sophos is:

    • Simple firewalling setup, complying with company's policy and sinchronized security
    • Traffic inspection
    • Heartbeat
Unfiltered HTML