[Koha] Linux anti-virus software and other security issues

LAURENT Henri-Damien henridamien.laurent at biblibre.com
Tue Jun 28 08:17:18 NZST 2011 

Le 27/06/2011 19:43, Buster a écrit :
> 
> Hello, all.
> 
> We have selected Koha for our ILS and plan to run it in a virtual
> machine on a Windows server. The contract goes before our City Council
> tomorrow night. It is on the consent agenda, which means it will be
> voted on along with a slew of other measures. There is no debate, just
> up or down vote, unless a councilman has a concern.
> 
> A councilman has a concern.
> 
> He is the former head of our IT department, is a Windows guy, and
> dislikes and distrusts anything Linux. His specific concern is security.
> Namely, he is worried someone can hack into our system and steal patron
> information. He is also concerned about mal-ware in general and wants us
> to install antivirus software on it.
> 
> So I guess my questions are, how do I answer the patron information
> concern, and how do I answer the malware concern? 

About the malware concern, I think that the concern can be outcome with
some hardened configuration for mysql as well as http using mod_security
is a solution for that.... And there are many project for system
auditing... But This sounds rather to me an echo of the FUD we usually
hear on Linux system. The risk under Linux resides in the same problems
as with Windows, lack of mastering and sustained auditing. There are
tools, like nagios, rsyslog, and even some IDS, for that.
And if you need some more information, I think that some more efficient
system administrator on this list or in any support company can provide
some expertise on that topic.

> How do the rest of you
> handle Linux security concerns? What antivirus software do you use and
> from whence do you get it?
You may use clamav as antivirus software, which is Free Software, or, if
you prefer some proprietary software,  avast
http://www.avast.com/fr-ch/linux-unix-edition or Panda
http://www.pandasecurity.com/, or eset, kaspersky, Sophos...

> 
> Please explain it to me in a way even a Windows guy with zero
> understanding of Linux will understand it.

> 
> Thanks in advance,
> Jim Maroon
Hope that helps.
-- 
Henri-Damien LAURENT

More information about the Koha mailing list