Control Program Access To Internet
Is there are program/firewall that would allow me to control what programs/commands can access the internet? Sort of like ZoneAlarm for Windows.
I keep hearing about scripts that replace the ls (or other) command so that it accesses the internet like adware. I would like to be able to configure a system to (for example) only allow firefox, evolution, gaim, and some other programs to access the internet.
I know that I could use IPTABLES to allow only certain destination ports (like 80,110, etc), but that would not necessarily block the spyware.
Any tips or pointers or program name or links for further reading would be greatly appreciated.
Re: Control Program Access To Internet
There is a program to check for rootkits (what you describe above) called chkrootkit (at http://www.chkrootkit.org) that you can run. Running programs like tripwire can also help you see when files have been altered. If you run an unpriveleged user as described above, you should be fairly secure from these sorts of things, barring unpatched vulnerabilities.
Originally Posted by helpmhost
Using iptables as you describe above could help, or if you're really paranoid about what's going back and forth over the wire, you could install an IDS system like Snort that will alert you to suspicious traffic.
Another thing that may help more than any of the above and is easy to do is not to install any software that you have not verified through checksums from an independent trusted source. If you download rpms from a mirror, get the checksum for the software from redhat's secure repository (or some other verifiably trusted source) and compare it to your download from the mirror. This is one way to avoid software that has been trojaned. It's a good habit to get into.