Login at Kodi Home

Fellhahn · 2010-10-22, 17:35

First up my biggest thankyous to the XBMC development team who have produced a truly amazing product. My XBMC Live HTPC is the centerpiece of my living room media and I'm always very smug showing it off to visitors. They're always stunned at its capabilities, and that cost me next to nothing.

Secondly a thankyou to the XBMC forum community, I'm a first time poster but I've haunted these forums for some months, picking out help and tips.

Recently I've had a security scare with my home network, as part of which I was brought to wonder; how would I know if my media center was part of a botnet or otherwise afflicted with something malicious? The answer is I wouldn't know.

So now I'm on the hunt for an anti-malware package. I don't have an ubuntu desktop installed and would prefer to keep it that way, things are simple atm and work. So I need something that can be installed over command line, configured either by command line or over a web GUI, and that works.

If someone could provide a recommendation and point me towards a setup guide, I would be quite appreciative.

**gabbott** · 2010-10-22, 17:51

Honestly, on an ubuntu based machine being used as a HTPC, I don't see a need for anti-virus/anti-malware, how would it even get infected?

If it was windows based then maybe, but even then for its purpose, dont see much of a need.

alexpigment · 2010-10-22, 22:25

Not only is your risk extremely low with Linux (or Live), you kinda have to be doing something on the internet to get a virus or spyware, not just running XBMC.

The performance hit from running anti-virus/anti-spyware is a real tangible thing. Finding a valid reason to take that performance hit is going to be a problem.

hogfan · 2010-10-22, 22:34

If you really want AV software on it, I recommend ClamAV.

-hogfan

pssturges · 2010-10-22, 23:22

This thread has got me thinking. I've been running ubuntu on several machines for about 3 years now and never had a problem that I'm aware of. I have noticed a recent spike in my internet usage which is probably just my 4 teenagers on youtube

, but it would be nice to check if there is anything sinister going on. Rather than running a full av and taking the perforamnce hit, is there perhaps some sort of scanner that I can run every now and then?

Cheers

Phil

FishOil · (This post was last modified: 2011-04-26, 10:18 by FishOil.)

Here is a few good tools to start with. Not really AV protection.

rkhunter

Chkrootkit

http://linuxhelp.blogspot.com/2006/12/va...ts-in.html

Fellhahn · 2010-10-23, 07:34

Thanks for the links so far guys.

I'm aware that normally the threat level for this setup is very low, however the scare I've had involved my router firewall being left completely down (I know ><) accidentally after some trouble shooting a few weeks ago. The kind of trouble shooting you do late at night when your drunk with your mates around and Halo decides to stop working Tongue

I have several port passthroughs active aswell so I can access sickbeard/sabnzbd/winscp from my work office, you know to manage my media libraries when I should be working Tongue

Recently I've seen a massive spike in my peak download usage, and I can't tell where the data's going. The wireless network is WPA2 secured, 14 character non dicitonary pass key, MAC filtered, etc etc, so I'm reasonably confidant it's not a leeching neighbour.

So basically this large unaccounted for data spike is what got me worried. Since throwing the firewall back up the log is showing a rather crazy number of intrusion deflections, at least 1 every 3 seconds. These are coming ports such as 23, 135, from IPs located in such charming countries as the Czech Republic, Russia, China, Pakistan, to name a few.

**gsgleason** · 2010-10-24, 17:54

Fellhahn Wrote:Thanks for the links so far guys.

I'm aware that normally the threat level for this setup is very low, however the scare I've had involved my router firewall being left completely down (I know ><) accidentally after some trouble shooting a few weeks ago. The kind of trouble shooting you do late at night when your drunk with your mates around and Halo decides to stop working

I have several port passthroughs active aswell so I can access sickbeard/sabnzbd/winscp from my work office, you know to manage my media libraries when I should be working

Recently I've seen a massive spike in my peak download usage, and I can't tell where the data's going. The wireless network is WPA2 secured, 14 character non dicitonary pass key, MAC filtered, etc etc, so I'm reasonably confidant it's not a leeching neighbour.

So basically this large unaccounted for data spike is what got me worried. Since throwing the firewall back up the log is showing a rather crazy number of intrusion deflections, at least 1 every 3 seconds. These are coming ports such as 23, 135, from IPs located in such charming countries as the Czech Republic, Russia, China, Pakistan, to name a few.

Welcome to the internet. Any public facing service is going to be spammed by nonsense all the time. Do yourself a favor and make your firewall more restrictive to allow SSH only from certain IP sources, and tunnel any other tcp service via ssh.