Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 17 subscribers
  • Views 7917 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Customer Feedback: What are your Linux security concerns

MarkToshack

Hello 

We are looking at the future of Linux security, not just an AV scanner, and are looking for your feedback on your security concerns with Linux.  

  • What do you use to protect your Linux servers (other tools as well as AV?)
    • What are their pros and cons? 
  • What are your generic security concerns with Linux? – not just AV, but other areas of ingress (eg docker)
  • Are there any particular security features you wish you could have to help with your Linux environment?
    • For instance certain alerts due to x y and z.

I will be able to share more details around the product in the coming months, but if any of you are interested in knowing more let me know. 

We are also providing an EAP of the product so if it something you would like to help us with please get in touch.   

Thanks 

Mark       



This thread was automatically locked due to age.
Parents
  • 0

    Hello Mark,

     

    I have some Linux Servers and i want to install Sophos Intercept X for Linux on ( RedHat5,6 and 7 ), but i have a few concerns before i install :  

     

    Main Concern: - If i run the installer will it update some dependencies with it along the way ?  because i have other apps that function only with those specific dependecies

    - and what are the dependecies for it to be installed ?

     

    Note: i am using Sophos Central for management and i downloaded the installer package from there .

    Thanks in advance.

     

    Anas

  • 0 in reply to anass Driraze

    Hello  

     

    This KBA details the system requirements for SAV for Linux, https://community.sophos.com/kb/en-us/16819

    in summary, we require customers to have: 

    • Library version: GNU C Library (Glibc) 2.11+
    • Kernel version: Kernel 2.6.32+

    And from the admin guide https://docs.sophos.com/esg/SAV-Linux/help/en-us/PDF/sav_linux_cg.pdf (section 9):

    When one of the Linux vendors supported by Sophos Anti-Virus releases an update to its Linux kernel, Sophos releases an update to the Sophos kernel interface module (Talpa) to support this. If you apply a Linux kernel update before you apply the matching Talpa update, Sophos Anti-Virus initiates a local compilation of Talpa. If this fails, Sophos Anti-Virus tries to use Fanotify as the interception method instead. If Fanotify is also unavailable, on-access scanning is stopped and an error is reported.

    So we will not update any of the other apps you have installed, you control your Linux environment. We just require you to have a certain level of Talpa and Glibc versions. 

    cheers 

    Mark 

    PS - we don't support RHEL 5 anymore, here is our retirement calendar https://community.sophos.com/kb/en-us/119018

  • 0 in reply to MarkToshack

    What do you use to protect your Linux servers (other tools as well as AV?): e.g. chkrootkit and Rootkit Hunter.

    Do not know if Sophos Antivirus for Linux detects rootkit software?

    What are their pros and cons? : They are open source programs but I do not know how many resources can be allocated for their development.

    What are your generic security concerns with Linux?: I am worried about the vulnerabilities discovered in processors (eg Intel AMT, Intel ME, Spectre & Meltdown). Another example for BMC "Pantsdown" vulnerability.

    Are there any particular security features you wish you could have to help with your Linux environment?: There are still many servers that do not have patches for these vulnerabilities and I think they are also administrators who do not know about them.

    Sophos Antivirus for Linux is an extremely useful product for me and together with SAV Dynamic Interface (SAVDI) forms an indispensable package for my servers. I noticed that SAVDI remained on version 2.6 for some time but I hope to continue developing.

    For my Linux distribution (Slackware) Sophos Antivirus for Linux is the only viable option for antivirus protection.

Reply
  • 0 in reply to MarkToshack

    What do you use to protect your Linux servers (other tools as well as AV?): e.g. chkrootkit and Rootkit Hunter.

    Do not know if Sophos Antivirus for Linux detects rootkit software?

    What are their pros and cons? : They are open source programs but I do not know how many resources can be allocated for their development.

    What are your generic security concerns with Linux?: I am worried about the vulnerabilities discovered in processors (eg Intel AMT, Intel ME, Spectre & Meltdown). Another example for BMC "Pantsdown" vulnerability.

    Are there any particular security features you wish you could have to help with your Linux environment?: There are still many servers that do not have patches for these vulnerabilities and I think they are also administrators who do not know about them.

    Sophos Antivirus for Linux is an extremely useful product for me and together with SAV Dynamic Interface (SAVDI) forms an indispensable package for my servers. I noticed that SAVDI remained on version 2.6 for some time but I hope to continue developing.

    For my Linux distribution (Slackware) Sophos Antivirus for Linux is the only viable option for antivirus protection.

Children
No Data
Unfiltered HTML