Referring to post previously on Red Hat release schedule, the following are the steps required to compile the AP module for the real time protection to work. Refer to instruction, on Symantec KB, "Guide to building AutoProtect kernel modules for Symantec AntiVirus for Linux 1.0".
The functionality of SAVFL has not been extensively tested, use it at your own risk. I take no responsibility for shooting yourself in the foot.
Assumption
- SAVFL uses JAVA for LiveUpdate, the latest available JAVA is build version 7 update 45, and need to be install prior to installation of SAVFL.
- 32 bit libraries on x86_64 OS have to be installed for SAVFL to work, to install these libraries, execute the following command with root privileges:
- yum install glibc.i686 libgcc.i686 libX11.i686
Steps verified on following kernels:
- 2.6.32-431.el6.i686 (Base)
- 2.6.32-431.1.2.el6.i686.rpm (latest)
- 2.6.32-431.el6.x86_64 (Base)
- 2.6.32-431.1.2.el6. x86_64 (latest)
Building the modules
Note: The build will need to be done with root privileges and perquisite completed. This guide was created using SAVFL 1.0.14.- In the same directory as ap-kernelmodule-1.0.9-13.tar.gz,
uncompress the file
tar xvzf ap-kernelmodule-1.0.14-13.tar.gz –C /tmp - Change into the uncompressed directory
cd /tmp/ap-kernelmodule-1.0.14-13/ - Run the build command
./build.sh - After the build completes, you should see "Congratulations, build was successful!", if you do not see this please review the output of the build command for any error messages. If the build was successful, continue.
- Change into the directory with the newly built AutoProtect kernel
modules
cd bin.ira - Move the newly built AutoProtect kernel modules into the
autoprotect directory
mv * /opt/Symantec/autoprotect/ - Restart the autoprotect and rtvscand services
/etc/init.d/autoprotect restart
/etc/init.d/rtvscand restart - Check that AutoProtect is enabled
/opt/Symantec/symantec_antivirus/sav info -a
X86
- 2.6.32-431.el6 - https://www.dropbox.com/s/qs28lcj8jofcz3l/2.6.32-431.el6.tgz
- 2.6.32-431.1.2.el6 - https://www.dropbox.com/s/bwd06xmi1kv5u87/2.6.32-431.1.2.el6.tgz
- 2.6.32-431.1.2.el6.x86_64 - https://www.dropbox.com/s/u4tn3qfugo4v2zh/2.6.32-431.1.2.el6.x86_64.tgz
Additional note
Need to find out if the error messages below will cause any issue.[root@localhost ap-kernelmodule-1.0.14-13]# ./build.sh
Kernel release is not set, build the kernel modules for the current kernel release(2.6.32-431.1.2.el6.i686)
Kernel headers/makefiles directory is not set, use the default /usr/src/kernels/2.6.32-431.1.2.el6.i686
/tmp/ap-kernelmodule-1.0.14-13/symev /tmp/ap-kernelmodule-1.0.14-13
rm -f *.o *.ko *.mod.c .*.cmd modules.order Module.symvers* Module.markers Modules.symvers *.ko.unsigned Makefile.xen
rm -rf .tmp_versions* .build-*
/tmp/ap-kernelmodule-1.0.14-13
/tmp/ap-kernelmodule-1.0.14-13/symap /tmp/ap-kernelmodule-1.0.14-13
rm -f *.o *.ko *.mod.c .*.cmd modules.order Module.symvers* Module.markers Modules.symvers *.ko.unsigned Makefile.xen symap_test
rm -rf ../symev/.tmp_versions* .build-*
/tmp/ap-kernelmodule-1.0.14-13
/tmp/ap-kernelmodule-1.0.14-13/symev /tmp/ap-kernelmodule-1.0.14-13
make -C /usr/src/kernels/2.6.32-431.1.2.el6.i686 M=/tmp/ap-kernelmodule-1.0.14-13/symev MODVERDIR=/tmp/ap-kernelmodule-1.0.14-13/symev/../symev/.tmp_versions-custom-2.6.32-431.1.2.el6-i686 modules
make[1]: Entering directory `/usr/src/kernels/2.6.32-431.1.2.el6.i686'
CC [M] /tmp/ap-kernelmodule-1.0.14-13/symev/symev.o
/tmp/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_fname_event’:
/tmp/ap-kernelmodule-1.0.14-13/symev/symev.c:808: warning: initialization from incompatible pointer type
/tmp/ap-kernelmodule-1.0.14-13/symev/symev.c:828: warning: passing argument 1 of ‘putname’ from incompatible pointer type
include/linux/fs.h:2170: note: expected ‘struct filename *’ but argument is of type ‘char *’
/tmp/ap-kernelmodule-1.0.14-13/symev/symev.c:839: warning: passing argument 1 of ‘putname’ from incompatible pointer type
include/linux/fs.h:2170: note: expected ‘struct filename *’ but argument is of type ‘char *’
CC [M] /tmp/ap-kernelmodule-1.0.14-13/symev/syscalls.o
CC [M] /tmp/ap-kernelmodule-1.0.14-13/symev/fileops.o
CC [M] /tmp/ap-kernelmodule-1.0.14-13/symev/hnfs.o
CC [M] /tmp/ap-kernelmodule-1.0.14-13/symev/utils.o
LD [M] /tmp/ap-kernelmodule-1.0.14-13/symev/symev-custom-2.6.32-431.1.2.el6-i686.o
Building modules, stage 2.
MODPOST 1 modules
CC /tmp/ap-kernelmodule-1.0.14-13/symev/symev-custom-2.6.32-431.1.2.el6-i686.mod.o
LD [M] /tmp/ap-kernelmodule-1.0.14-13/symev/symev-custom-2.6.32-431.1.2.el6-i686.ko.unsigned
NO SIGN [M] /tmp/ap-kernelmodule-1.0.14-13/symev/symev-custom-2.6.32-431.1.2.el6-i686.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.32-431.1.2.el6.i686'
cp symev-custom-2.6.32-431.1.2.el6-i686.ko ../bin.ira/symev-custom-2.6.32-431.1.2.el6-i686.ko
cp /tmp/ap-kernelmodule-1.0.14-13/symev/Module.symvers Module.symvers-custom-2.6.32-431.1.2.el6-i686
/tmp/ap-kernelmodule-1.0.14-13
/tmp/ap-kernelmodule-1.0.14-13/symap /tmp/ap-kernelmodule-1.0.14-13
cp ../symev/Module.symvers-custom-2.6.32-431.1.2.el6-i686 Module.symvers
make -C /usr/src/kernels/2.6.32-431.1.2.el6.i686 M=/tmp/ap-kernelmodule-1.0.14-13/symap MODVERDIR=/tmp/ap-kernelmodule-1.0.14-13/symap/../symev/.tmp_versions-custom-2.6.32-431.1.2.el6-i686 modules
make[1]: Entering directory `/usr/src/kernels/2.6.32-431.1.2.el6.i686'
CC [M] /tmp/ap-kernelmodule-1.0.14-13/symap/linuxmod.o
LD [M] /tmp/ap-kernelmodule-1.0.14-13/symap/symap-custom-2.6.32-431.1.2.el6-i686.o
Building modules, stage 2.
MODPOST 1 modules
CC /tmp/ap-kernelmodule-1.0.14-13/symap/symap-custom-2.6.32-431.1.2.el6-i686.mod.o
LD [M] /tmp/ap-kernelmodule-1.0.14-13/symap/symap-custom-2.6.32-431.1.2.el6-i686.ko.unsigned
NO SIGN [M] /tmp/ap-kernelmodule-1.0.14-13/symap/symap-custom-2.6.32-431.1.2.el6-i686.ko
make[1]: Leaving directory `/usr/src/kernels/2.6.32-431.1.2.el6.i686'
cp symap-custom-2.6.32-431.1.2.el6-i686.ko ../bin.ira/symap-custom-2.6.32-431.1.2.el6-i686.ko
/tmp/ap-kernelmodule-1.0.14-13
Congratulations, build was successful!
No comments:
Post a Comment