Using OpenJDK with Symantec Endpoint Protection for Linux

Haven't got the chance to update since the release of SEPFL 12.1.5. Running into problem where requirement for Oracle Java. In additional you will also require to install JCE in order for it to work.

There is a workaround on using OpenJDK available from the YUM depository. Below are the following packages required:

• java-1.7.0-openjdk-devel-1.7.0.79-2.5.5.3.el6_6.x86_64
• java-1.7.0-openjdk-javadoc-1.7.0.71-2.5.3.1.el6.noarch
• java-1.7.0-openjdk-1.7.0.79-2.5.5.3.el6_6.x86_64

 You will need to modify the install.sh on the following line after installing the above packages. Change line 282 to return 0 instead of 1.

After which you can run the install again.

Symantec Endpoint Protection for Linux beta

Symantec has launch the beta and it's available for sign up on Symbeta.

This will be managed by the SEP manager.

RHEL 6.2 Kernel 2.6.32-431.11.2.el6.x86_64

Just tested this kernel as well.

RHEL 6.2 Kernel 2.6.32-220.4.2.el6.x86_64

Just tested the above kernel and it is working fine with the beta.

Cent OS Linux Releases and compatibility with SAVFL MR14

Place holder

For those that are keen to keep track of the latest releases, RH has a KB article that list out the latest kernel and release schedule.

I would potentially try to use this page to list out the testing I've done with SAVFL MR14 with these following kernels and include additional information under the SYMC Support column on the level of support and testing done when I've time.

Keys under the SYMC Supported column:

• UO - UnOfficial Support, work out of the box
• MRxx - Official Support by one of the Maintenance Release number denote by xx, work out of the box
• CR - Unofficial support, Compilation Required for AP

It's a little weird that some of the SAVFL support listed when I correlate information on their System requirement is missing for a particular kernel. For example, MR12 and MR14 support RHEL 5U7 and is not listed for MR13. Probably due to documentation error.

Red Hat Enterprise Linux 6

Release/Update	GA Date	redhat-release Errata Date*	Kernel Version	SYMC Supported
RHEL 6 Update 6	TBA	TBA	TBA	TBA
RHEL 6 Update 5	2013-11-21	2013-11-20 RHSA-2013:1645-2	2.6.32-431	TBA
RHEL 6 Update 4	2013-02-21	2013-02-21 RHSA-2013-0496	2.6.32-358	UO
RHEL 6 Update 3	2012-06-20	2012-06-19 RHSA-2012-0862	2.6.32-279	MR14
RHEL 6 Update 2	2011-12-06	2011-12-06 RHEA-2011:1743	2.6.32-220	MR14/13
RHEL 6 Update 1	2011-05-19	2011-05-19 RHEA-2011:0540	2.6.32-131.0.15	MR13/12/11
RHEL 6 GA	2010-11-09	-	2.6.32-71	MR13/11

Codename: Santiago (based on a mix of Fedora 12, Fedora 13, and several modifications)

Red Hat Enterprise Linux 5

Release/Update	GA Date	redhat-release Errata Date*	Kernel Version	SYMC Supported
RHEL 5 Update 11	TBA	TBA	TBA	TBA
RHEL 5 Update 10	2013-10-01	2013-09-30 RHEA-2013-1311	2.6.18-371	CR
RHEL 5 Update 9	2013-01-07	2013-01-07 RHEA-2013-0021	2.6.18-348	TBA
RHEL 5 Update 8	2012-02-20	2012-02-20 RHEA-2012:0315	2.6.18-308	MR14
RHEL 5 Update 7	2011-07-21	2011-07-20 RHEA-2011:0977	2.6.18-274	MR14/12
RHEL 5 Update 6	2011-01-13	2011-01-12 RHEA-2011:0020	2.6.18-238	TBA
RHEL 5 Update 5	2010-03-30	2010-03-30 RHEA-2010:0207	2.6.18-194	MR10
RHEL 5 Update 4	2009-09-02	2009-09-02 RHEA-2009:1400	2.6.18-164	MR9
RHEL 5 Update 3	2009-01-20	2009-01-20 RHEA-2009:0133	2.6.18-128	MR8
RHEL 5 Update 2	2008-05-21	2008-05-20 RHEA-2008:0436	2.6.18-92	MR6
RHEL 5 Update 1	2007-11-07	2007-11-07 RHEA-2007:0854	2.6.18-53	MR4
RHEL 5 GA	2007-03-15	-	2.6.18-8	MR4

Codename: Tikanga (based on Fedora Core 6)

RHEL Kernel 2.6.32-431

In my previous post, when compiling RHEL 6.5, there was a couple of warning, just realise that RHEL6.4 will also upgrade to 2.6.32-431.1.2.el6 and will need recompile the Auto Protect to work.

Just be aware.

How to compile Auto Protect module for Red Hat 6.5 and probably applies for others

17th Jul Update: Use SEPFL for RHEL6.5 or Kernel 2.6.431 support.

Referring to post previously on Red Hat release schedule, the following are the steps required to compile the AP module for the real time protection to work. Refer to instruction, on Symantec KB, "Guide to building AutoProtect kernel modules for Symantec AntiVirus for Linux 1.0".

The functionality of SAVFL has not been extensively tested, use it at your own risk. I take no responsibility for shooting yourself in the foot.

Assumption

1. SAVFL uses JAVA for LiveUpdate, the latest available JAVA is build version 7 update 45, and need to be install prior to installation of SAVFL.
2. 32 bit libraries on x86_64 OS have to be installed for SAVFL to work, to install these libraries, execute the following command with root privileges:
1. yum install glibc.i686 libgcc.i686 libX11.i686

Steps verified on following kernels:

• 2.6.32-431.el6.i686 (Base)
• 2.6.32-431.1.2.el6.i686.rpm (latest)
• 2.6.32-431.el6.x86_64 (Base)
• 2.6.32-431.1.2.el6. x86_64 (latest)

Building the modules

Note: The build will need to be done with root privileges and perquisite completed. This guide was created using SAVFL 1.0.14.

1. In the same directory as ap-kernelmodule-1.0.9-13.tar.gz, uncompress the file
   tar xvzf ap-kernelmodule-1.0.14-13.tar.gz –C /tmp
2. Change into the uncompressed directory
   cd /tmp/ap-kernelmodule-1.0.14-13/
3. Run the build command
   ./build.sh
4. After the build completes, you should see "Congratulations, build was successful!", if you do not see this please review the output of the build command for any error messages. If the build was successful, continue.
5. Change into the directory with the newly built AutoProtect kernel modules
   cd bin.ira
6. Move the newly built AutoProtect kernel modules into the autoprotect directory
   mv * /opt/Symantec/autoprotect/
7. Restart the autoprotect and rtvscand services
   /etc/init.d/autoprotect restart
   /etc/init.d/rtvscand restart
8. Check that AutoProtect is enabled
   /opt/Symantec/symantec_antivirus/sav info -a

  For those that are unable to compile on your own, I've made available the pre-compiled modules.

X86

• 2.6.32-431.el6 - https://www.dropbox.com/s/qs28lcj8jofcz3l/2.6.32-431.el6.tgz
• 2.6.32-431.1.2.el6 - https://www.dropbox.com/s/bwd06xmi1kv5u87/2.6.32-431.1.2.el6.tgz

x86_64 

• 2.6.32-431.el6.x86_64 - https://www.dropbox.com/s/7vvlaq38ogk2iu6/2.6.32-431.el6.x86_64.tgz

• 2.6.32-431.1.2.el6.x86_64 - https://www.dropbox.com/s/u4tn3qfugo4v2zh/2.6.32-431.1.2.el6.x86_64.tgz

Additional note

Need to find out if the error messages below will cause any issue.

[root@localhost ap-kernelmodule-1.0.14-13]# ./build.sh
Kernel release is not set, build the kernel modules for the current kernel release(2.6.32-431.1.2.el6.i686)
Kernel headers/makefiles directory is not set, use the default /usr/src/kernels/2.6.32-431.1.2.el6.i686
/tmp/ap-kernelmodule-1.0.14-13/symev /tmp/ap-kernelmodule-1.0.14-13
rm -f *.o *.ko *.mod.c .*.cmd modules.order Module.symvers* Module.markers Modules.symvers *.ko.unsigned Makefile.xen
rm -rf .tmp_versions* .build-*
/tmp/ap-kernelmodule-1.0.14-13
/tmp/ap-kernelmodule-1.0.14-13/symap /tmp/ap-kernelmodule-1.0.14-13
rm -f *.o *.ko *.mod.c .*.cmd modules.order Module.symvers* Module.markers Modules.symvers *.ko.unsigned Makefile.xen symap_test
rm -rf ../symev/.tmp_versions* .build-*
/tmp/ap-kernelmodule-1.0.14-13
/tmp/ap-kernelmodule-1.0.14-13/symev /tmp/ap-kernelmodule-1.0.14-13
make -C /usr/src/kernels/2.6.32-431.1.2.el6.i686 M=/tmp/ap-kernelmodule-1.0.14-13/symev MODVERDIR=/tmp/ap-kernelmodule-1.0.14-13/symev/../symev/.tmp_versions-custom-2.6.32-431.1.2.el6-i686 modules
make[1]: Entering directory `/usr/src/kernels/2.6.32-431.1.2.el6.i686'
  CC [M]  /tmp/ap-kernelmodule-1.0.14-13/symev/symev.o
/tmp/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_fname_event’:
/tmp/ap-kernelmodule-1.0.14-13/symev/symev.c:808: warning: initialization from incompatible pointer type
/tmp/ap-kernelmodule-1.0.14-13/symev/symev.c:828: warning: passing argument 1 of ‘putname’ from incompatible pointer type
include/linux/fs.h:2170: note: expected ‘struct filename *’ but argument is of type ‘char *’
/tmp/ap-kernelmodule-1.0.14-13/symev/symev.c:839: warning: passing argument 1 of ‘putname’ from incompatible pointer type
include/linux/fs.h:2170: note: expected ‘struct filename *’ but argument is of type ‘char *’
  CC [M]  /tmp/ap-kernelmodule-1.0.14-13/symev/syscalls.o
  CC [M]  /tmp/ap-kernelmodule-1.0.14-13/symev/fileops.o
  CC [M]  /tmp/ap-kernelmodule-1.0.14-13/symev/hnfs.o
  CC [M]  /tmp/ap-kernelmodule-1.0.14-13/symev/utils.o
  LD [M]  /tmp/ap-kernelmodule-1.0.14-13/symev/symev-custom-2.6.32-431.1.2.el6-i686.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/ap-kernelmodule-1.0.14-13/symev/symev-custom-2.6.32-431.1.2.el6-i686.mod.o
  LD [M]  /tmp/ap-kernelmodule-1.0.14-13/symev/symev-custom-2.6.32-431.1.2.el6-i686.ko.unsigned
  NO SIGN [M] /tmp/ap-kernelmodule-1.0.14-13/symev/symev-custom-2.6.32-431.1.2.el6-i686.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.32-431.1.2.el6.i686'
cp symev-custom-2.6.32-431.1.2.el6-i686.ko ../bin.ira/symev-custom-2.6.32-431.1.2.el6-i686.ko
cp /tmp/ap-kernelmodule-1.0.14-13/symev/Module.symvers Module.symvers-custom-2.6.32-431.1.2.el6-i686
/tmp/ap-kernelmodule-1.0.14-13
/tmp/ap-kernelmodule-1.0.14-13/symap /tmp/ap-kernelmodule-1.0.14-13
cp ../symev/Module.symvers-custom-2.6.32-431.1.2.el6-i686 Module.symvers
make -C /usr/src/kernels/2.6.32-431.1.2.el6.i686 M=/tmp/ap-kernelmodule-1.0.14-13/symap MODVERDIR=/tmp/ap-kernelmodule-1.0.14-13/symap/../symev/.tmp_versions-custom-2.6.32-431.1.2.el6-i686 modules
make[1]: Entering directory `/usr/src/kernels/2.6.32-431.1.2.el6.i686'
  CC [M]  /tmp/ap-kernelmodule-1.0.14-13/symap/linuxmod.o
  LD [M]  /tmp/ap-kernelmodule-1.0.14-13/symap/symap-custom-2.6.32-431.1.2.el6-i686.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /tmp/ap-kernelmodule-1.0.14-13/symap/symap-custom-2.6.32-431.1.2.el6-i686.mod.o
  LD [M]  /tmp/ap-kernelmodule-1.0.14-13/symap/symap-custom-2.6.32-431.1.2.el6-i686.ko.unsigned
  NO SIGN [M] /tmp/ap-kernelmodule-1.0.14-13/symap/symap-custom-2.6.32-431.1.2.el6-i686.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.32-431.1.2.el6.i686'
cp symap-custom-2.6.32-431.1.2.el6-i686.ko ../bin.ira/symap-custom-2.6.32-431.1.2.el6-i686.ko
/tmp/ap-kernelmodule-1.0.14-13

Congratulations, build was successful!