To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Pre-installation checklist for F-Secure Linux Security version 9.x

Peter
Peter Posts: 127 Threat Terminator
in Business Suite

 

Some distributions and Linux installations may require certain workarounds to be applied before the product can be installed. This file describes the most common configurations where that might be needed.

 

The general idea is that during installation you must have compiler and kernel source installed because real-time anti-virus and IDS features depend on a kernel driver which is compiled during installation to fit the running kernel.


All 64-bit Distributions

 

Some 64-bit distributions don't install 32-bit compatibility libraries by default. Be sure that these libraries are installed. Compatibility library package naming varies so check exact package name from distributions documentation. On 64-bit Ubuntu and Debian you should install ia32-libs.

 

Distributions using prelink (like Asianux)

Some distributions, like Asianux, run prelink periodically from cron to reduce startup time of binaries using dynamic libraries. Prelinking modifies binaries and dynamic libraries on the disk. This conflicts with the purpose of Linux Security's Integrity Checker feature, whose sole purpose is to detect modifications to system files.

We recommend you disable automatic prelink runs from cron. On Asianux, this can be done by editing /etc/sysconfig/prelink and changing the line:

 

PRELINKING=yes

to:

 

PRELINKING=no

Then run /etc/cron.daily/prelink. Now you can install F-Secure Linux Security and operate it normally.

If you have already installed F-Secure Linux Security, you should do this:

 

  1. Turn on software installation mode by running /opt/f-secure/fsav/bin/fsims on. In software installation mode Linux Security allow modifications to system files.
  2. Edit /etc/sysconfig/prelink as described above and run /etc/cron.daily/prelink.
  3. Turn off software installation mode by running /opt/f-secure/fsav/bin/fsims off.

When Linux Security software installation mode is turned off, the state of system files is stored in the Integrity Checker baseline, which is signed by interactively asking the administrator to enter a passphrase.

You can still use prelinking but you will have to turn on Linux Security software installation mode before prelinking and turn software installation mode off when prelinking is finished. This allows prelink to make the changes in system files in a controlled way. For example:

 

# /opt/f-secure/fsav/bin/fsims on
# prelink -a
# /opt/f-secure/fsav/bin/fsims off

Please note that this operation cannot easily be automated: Turning software installation mode off creates a new baseline and signs it by interactively asking administrator to enter a passphrase.

 

Red Hat Enterprise Linux, MIRACLE LINUX, Asianux, CentOS

 

 

Red Hat EL 4 / MIRACLE LINUX 4 (Asianux 2.0) / CentOS 4

The following steps are required to install FSAV Linux Security on a computer running Red Hat Enterprise Linux 4 AS, MIRACLE LINUX 4, Asianux 2.0 or CentOS 4:

The following additional rpms are needed (compared to default installation):

 

  • gcc
  • glibc-devel
  • glibc-headers
  • glibc-kernheaders

At least ONE of the following rpm packages are needed:

 

  • kernel-devel
  • kernel-hugemem-devel
  • kernel-smp-devel

(see which kernel is in use with command: uname -r)

For the 'F-Icon' System Tray applet to work these rpm packages are required:

 

  • kdelibs
  • compat-libstdc++

Install the rpms from system CDs with command rpm -ivh , or use "Applications->System Settings->Add/Remove Applications" or up2date in Red Hat.

Now you can install F-Secure Linux Client/Server Security normally

 

Red Hat EL 5 / Red Hat EL 6 / Asianux 3.0 / CentOS 5 / CentOS 6

Make sure that the following packages are installed, using, for example, yum(8), the search tab in Applications -> Add/Remove Software (RHEL 5), System -> Administration -> Add/Remove Software (CentOS/RHEL 6), or the rpm command:

 

  • gcc
  • glibc-devel
  • glibc-headers
  • kernel-devel
  • make
  • perl
  • patch

Running the following command as root will ensure the necessary packages are installed and up-to-date:

 

yum install gcc glibc-devel glibc-headers kernel-devel make perl patch pam.i686 zlib.i686<BR />

 

Packages pam.i686 and zlib.i686 are required on 64-bit Redhat EL 6 and Centos 6 platforms.

 

Note, if you encounter the following error during installation: 

"error: protected multilib versions”: pam-<version>.el6.i686 != pam-<version>.el6.x86_64", execute the following command before retrying pam.i686 installation:

 

yum update

 

Debian 5 / Debian 6

 

sudo apt-get install rpm make gcc linux-headers-`uname -r` patch

 

Additionally, on 64-bit platforms:

 

sudo apt-get install ia32-libs

 

 

Ubuntu 8.04

sudo apt-get install rpm libc6-dev patch linux-libc-dev

 

Ubuntu 8.04 Server, Ubuntu 10.04, Ubuntu 10.10

sudo apt-get install rpm libc6-dev patch linux-libc-dev make gcc

 

SUSE

These instructions has been tested and should work on (at least) the following SUSE versions: 9.1, 9.2, 9.3, 10.0, 10.1.

Make sure packages "kernel-source", "make", "patch" and "gcc" are installed through YaST or other means. The FSAV installer will warn you during installation if it cannot find the necessary components.

 

 

Turbolinux

The following steps are required to install the product on a computer running Turbolinux 10 or 11.

You need to install the Turbolinux package groups Development tools and _Kernel recompile kit_ in order to be able to compile the Dazuko kernel module. Use the following list if you want to install individual packages:

 

  • gcc
  • cpp
  • glibc-devel
  • kernel-headers
  • kernel-source

Sometimes Turbolinux kernel sources are not configured and they cannot be used to compile kernel drivers. Use the following commands:

cd /usr/src/linux-2.major.minor
./SetupKernelSource.sh architecture
make oldconfig

where major.minor is the kernel version. architecture is either i686, i686smp64G, x86_64, on Turbolinux11, and is either i586, i586smp, i586smp64G, x86_64, x86_64smp on Turbolinux10.

 

Known problems and solutions

 

WebUI login does not work on 64-bit Ubuntu 10.04

Because 64-bit Ubuntu 10.04 does not ship the 32-bit versions of PAM modules anymore, WebUI login will not work. As a workaround, please copy /lib/security/pam_unix.so from a 32-bit Ubuntu 10.04 to /lib32/security/pam_unix.so on the 64-bit computer. If you do not have a 32-bit Ubuntu 10.04 installation available, you can run the following commands:



# wget http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5.4_i386.deb
# dpkg -x http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5.4_i386.deb tmp
# cp tmp/lib/security/pam_unix.so /lib32/security

 

Note that the actual package name might be different if there has been upgrades to the package. Also note that you will not get security updates automatically to the PAM module installed like this.

 

Initializing the product

 

If some depending packages were missing before the product was installed, execute the following command to properly initialize all F-Secure modules after installing the packages:

 

/etc/init.d/fsma restart

 

In case the Linux Security kernel interceptor could not be compiled, execute:

 

/opt/f-secure/fsav/bin/fsav-compile-drivers

 

(fsav-compile-drivers also executes "fsma restart").

 

Change history

 

24 Aug 2012: Added Debian 5 / 6

01 Nov 2011: Red Hat EL 3 / MIRACLE LINUX 3 (Asianux 1.0) / Debian 4.0 and Ubuntu 6.06 /  Ubuntu 7.10 removed as relevant Linux Security releases are no longer supported

01 Dec 2011: Added new section "Known problems".

08 Feb 2012: Added missing packages for RHEL 6/CENTOS 6 64-bit. Edited Known problems to include solution for running "fsma restart" and fsav-compile-drivers

09 March 2012: a minimal RHEL/Centos installation needs make, patch, perl to properly compile the  redirfs driver. 

Comments

  • Peter
    Peter Posts: 127 Threat Terminator

    The purpose of this article on the F-Secure Community is to replace the similar Knowledgebase article we currently have available. The original article in Knowledgebase shall be edited to provide a link to this URL.

    Feel free to post feedback, corrections and suggestions to the article via this thread. We'll try and include the changes as soon as possible...

  • OJ
    OJ Posts: 9 Security Scout

    In RHEL6, 64-bit:

     

    18:10:43 RPM package manager is installed
    18:10:46 The system has a working RPM package manager
    18:10:46 Trying to determine if rpm needs --nodeps
    bash-4.1.2-8.el6.x86_64
    18:10:46 Making sure the product is running
    18:10:46 Checking fsav
    18:10:46 Could not find a previous installation, continuing with normal install.
    18:10:47 Kernel: Linux 2.6.32-220.el6.x86_64
    18:10:47 Distribution: Red Hat Enterprise Linux Server 6.2 (Santiago)
    18:10:47 /lib/libc.so version:
    ./fssp-common: line 257: /lib/libc.so.*: No such file or directory
    18:10:47 printlicense()
    error: Failed dependencies:
    ld-linux.so.2 is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libc.so.6 is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libdl.so.2 is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libpthread.so.0 is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libc.so.6(GLIBC_2.0) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libc.so.6(GLIBC_2.1) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libc.so.6(GLIBC_2.1.3) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libc.so.6(GLIBC_2.2) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libdl.so.2(GLIBC_2.0) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libdl.so.2(GLIBC_2.1) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libpthread.so.0(GLIBC_2.0) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
    libpthread.so.0(GLIBC_2.1) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386

     

    I did:

     

    yum install gcc glibc-devel glibc-headers kernel-devel

     

    and some other installs, still the error remains. What should I try next? (is this install even possible?)

  • Peter
    Peter Posts: 127 Threat Terminator

     

    Hi,

     

    Let's throw in one more:

     

    # yum install compat-libstdc++-33.i686

     

    Any help?

     

  • OJ
    OJ Posts: 9 Security Scout

    Peter, that and some others I tried after posting that message.... Install seems to have succeeded now. But where is /etc/init.d/fsma ? There are only fsaua and fsupdate init-scripts in /etc/init.d 

     

    Where do we specify whether I am installing Client or Server, or is that based on the keycode?

  • Peter
    Peter Posts: 127 Threat Terminator

     

    Hi,

     

    As for missing fsma script, you did install the full product and not only the on-demand-scanner, correct? The on-demand-scanner installation is triggered by the --command-line-only startupswitch...

     

    Client or Server is determined by keycode.

  • OJ
    OJ Posts: 9 Security Scout

    I did use the --command-line-only, and I thought that it is needed if the machine has only command line interface. Maybe re-install without that switch is needed now?

  • Peter
    Peter Posts: 127 Threat Terminator

     

     

    >I did use the --command-line-only, and I thought that it is needed if the machine has only command line interface.

     

    Not the case. The above switch is available for users who do not need on-access-scanning of a firewall module and it (only) provided a on-demand-scanner with Automatic Updates. No FSMA meaning, central management with PM is  not an option here.

     

    >Maybe re-install without that switch is needed now?

     

    Actually, I believe upgrading from command-line-only to full installation is not supported. First uninstall the current product using uninstall-fsav script then install again.

     

     

  • Jarkko
    Jarkko Posts: 2 Junior Protector

    Just noticed an complaint on Ubuntu 12.0.4.1 LTS installation

     

    Could not find the Actions Plugin for Nautilus file manager.
    Please install it if you wish to scan files in Nautilus.

    Which could be avoided by initially installing the plugin by:

    sudo apt-get install nautilus-actions

     

    Jarkko

  • derkon
    derkon Posts: 1 Security Scout

    I had installed f-secure but then removed it and now

     

    its link is in nautilus-actions and I cant remove the link it wont delete it keeps coming back Ive searched for al folders under the name fsecure and f-secure and removed them

     

    but it still remains in the nautilus actions menu I could just disbale it and it wont show BUT i dont want it in the menu at all !!!

    Ive remove nautilus-actions and delete the folders then reinstalled nautilus-actions but still f-secure menu item is still there

    can you help me

     

    My next move is to grep "F-secure" IN EVERY FOLDER ,FILE IN MY DRIVE lol untill i find it

    Surely you guys know how to remove this

  • Jayson
    Jayson Posts: 106 Firewall Master

    Hello,

    Just a quick update, derkon's issue was resolved after contacting our Technical Support.

    Steps to uninstall the F-Secure Linux Security as below.

    1. Run the following uninstall script as root user.
    # /opt/f-secure/fsav/bin/uninstall-fsav

    2. The uninstall script does not remove configuration files. If you are sure that you do not need them any more, remove all files in these paths.
    /etc/opt/f-secure/
    /var/opt/f-secure/
    /opt/f-secure/

    Thanks.


    Best Regards,
    Jayson

This discussion has been closed.

Categories