02-01-2003 03:01 PM
Solved! Go to Solution.
02-01-2003 03:24 PM
There is nothing called virus on the UNIX systems. But there are programs called "trojen horses" that could damage the OS. So, it is essential that you keep your system secure. You have to tighten the system in all possible ways. The following document can help you in securing the system.
Regular auditing for logins, su attempts is very necessary. root's password must be kept secret and strict password policies are to be implemented.
Following is a simple example what will happen if the system is not secured. Say .profile of root is with world-wide permissions. So an ordinary user can modify the profile and keep the following entry
Then he will keep a small script called ll in /somewhere that reads
echo "myuser hostname" >> /.rhosts
Next time when root logs in and executes ll, there will be no difference for root. However, the user will get added to the .rhosts file of root and could do anything on the system.
02-01-2003 03:28 PM
Though Unix systems won't get infected by viruses,they can be carriers of virus. For ex., if your unix server is a mail server and is accessed by PC clients, there is a possibility of virus being introduced into the mailboxes through PCs. They may not affect UNIX but can spread to other PCs depending on how they are accessed.
So, there are anti-viral softwares available depending on the software you use.
02-01-2003 03:43 PM
02-01-2003 03:54 PM
Try this documentation as provided by HP.
If it doesn't work, then go to itrc.hp.com, click on search knowledge database, change the criteria to "select by Doc.ID", enter KBRC00008034 and then click search.
02-01-2003 06:22 PM
It is pretty useless however, since mostly you'll just zap mail attachments on their way to PC's that should be protected anyway.
Bastille would be helpful, it hardens security.
Here is a link to an anti virus thread.
There are links to a pulic domain gnu type virus checking software for Linux.
Owner of ISN Corporation
02-02-2003 09:37 AM
Can HP-UX be attacked by a virus?
document description: Can HP-UX be attacked by a virus?
document id: KBRC00008034
You may provide feedback on this document
Can HP-UX be attacked by a virus?
DocId: KBRC00008034 Updated: 9/24/01 4:36:00 AM
Can HP-UX be attacked by a virus? Is there anti-virus HP-UX software?
"Trojans" for UNIX, can exist and would very easy to script. For example: a
script that calls /sbin/rm -f /* executed by root will delete the files under /
(exception would be /sbin and /sbin/rm and the shell because they are in use).
While some people consider trojans a virus, they are not.
A virus has certain characteristics which would define them as a virus. First,
a virus is usually memory resident. This means that the virus sits in memory
and looks for keys to attack files. Usually the dos extension to the file
name, for example .exe files and .com files. Next, a virus must be at least a
nuisance, like writing "hacked by chinese" in the case of CodeRed. It also
causes an unwanted change to an attacked file. A program that sat in memory and
wrote ficticous message to files would be a virus. A virus must also spread
itself in one way or another.
Because the virus usually needs a trigger (like the .bat, .exe or some other
executable) a UNIX virus is much more difficult to create. Since /usr/bin/rm is
an executable not denoted by rm.exe, the virus would not be able to tell by
name what is an executable to infect and spread, and what is not. /etc/hosts
would look the same to a virus as /etc/ping. A virus would have to be huge to
sit in memory and be able to stat all files, run magic, check bits, etc...
to know how to spread.
Next, in UNIX the kernel is memory resident. When the system boots the kernel,
it is read only. The kernel sits in memory until system shutdown. If a virus
was to infect the kernel, it would not be effective until the system was
rebooted with the bad kernel. In Win/XXXX the kernel sits on a disk, and is
The next problem with running a virus in UNIX is that the virus can only run at
the access level of the user who executes the program. For example: if johndoe
executes the program, the program can only affect johndoe's processes and
files. Anything owned by root, and bettysue would be unaffected. The virus
could only do wide spread system damage if the super-user root executed the
virus. This severely limits the ability of a virus in UNIX. Windows NT and
2000 also have multi-leveled access for processes, but the implementation is
very easy to bypass.
In SunOS and Linux, the virus scanning software that is available is NOT for
UNIX/Linux protection, but Microsoft Windows protection. The software is made
to scan data shared to and from Windows boxes.
The best defense in UNIX to the Virus threat is common sense, built in UNIX
functionality, and basic security measures.
Based on this information, viruses do not pose a threat to a Unix system, where
as anyone with root access does. Limit or do not give out root access.
unix, hpux, virus, virii, anti-viral
You may provide feedback here
To help us improve our content, please provide feedback and any additional comments below. If you have a problem or a question that needs immediate attention, please submit a call or contact your HP Response Center instead.