Pre-installation checklist for F-Secure Linux Security version 9.x

F-Secure Product Expert

Pre-installation checklist for F-Secure Linux Security version 9.x

 

Some distributions and Linux installations may require certain workarounds to be applied before the product can be installed. This file describes the most common configurations where that might be needed.

 

The general idea is that during installation you must have compiler and kernel source installed because real-time anti-virus and IDS features depend on a kernel driver which is compiled during installation to fit the running kernel.


All 64-bit Distributions

 

Some 64-bit distributions don't install 32-bit compatibility libraries by default. Be sure that these libraries are installed. Compatibility library package naming varies so check exact package name from distributions documentation. On 64-bit Ubuntu and Debian you should install ia32-libs.

 

Distributions using prelink (like Asianux)

Some distributions, like Asianux, run prelink periodically from cron to reduce startup time of binaries using dynamic libraries. Prelinking modifies binaries and dynamic libraries on the disk. This conflicts with the purpose of Linux Security's Integrity Checker feature, whose sole purpose is to detect modifications to system files.

We recommend you disable automatic prelink runs from cron. On Asianux, this can be done by editing /etc/sysconfig/prelink and changing the line:

 

PRELINKING=yes

to:

 

PRELINKING=no

Then run /etc/cron.daily/prelink. Now you can install F-Secure Linux Security and operate it normally.

If you have already installed F-Secure Linux Security, you should do this:

 

  1. Turn on software installation mode by running /opt/f-secure/fsav/bin/fsims on. In software installation mode Linux Security allow modifications to system files.
  2. Edit /etc/sysconfig/prelink as described above and run /etc/cron.daily/prelink.
  3. Turn off software installation mode by running /opt/f-secure/fsav/bin/fsims off.

When Linux Security software installation mode is turned off, the state of system files is stored in the Integrity Checker baseline, which is signed by interactively asking the administrator to enter a passphrase.

You can still use prelinking but you will have to turn on Linux Security software installation mode before prelinking and turn software installation mode off when prelinking is finished. This allows prelink to make the changes in system files in a controlled way. For example:

 

# /opt/f-secure/fsav/bin/fsims on
# prelink -a
# /opt/f-secure/fsav/bin/fsims off

Please note that this operation cannot easily be automated: Turning software installation mode off creates a new baseline and signs it by interactively asking administrator to enter a passphrase.

 

Red Hat Enterprise Linux, MIRACLE LINUX, Asianux, CentOS

 

 

Red Hat EL 4 / MIRACLE LINUX 4 (Asianux 2.0) / CentOS 4

The following steps are required to install FSAV Linux Security on a computer running Red Hat Enterprise Linux 4 AS, MIRACLE LINUX 4, Asianux 2.0 or CentOS 4:

The following additional rpms are needed (compared to default installation):

 

  • gcc
  • glibc-devel
  • glibc-headers
  • glibc-kernheaders

At least ONE of the following rpm packages are needed:

 

  • kernel-devel
  • kernel-hugemem-devel
  • kernel-smp-devel

(see which kernel is in use with command: uname -r)

For the 'F-Icon' System Tray applet to work these rpm packages are required:

 

  • kdelibs
  • compat-libstdc++

Install the rpms from system CDs with command rpm -ivh , or use "Applications->System Settings->Add/Remove Applications" or up2date in Red Hat.

Now you can install F-Secure Linux Client/Server Security normally

 

Red Hat EL 5 / Red Hat EL 6 / Asianux 3.0 / CentOS 5 / CentOS 6

Make sure that the following packages are installed, using, for example, yum(8), the search tab in Applications -> Add/Remove Software (RHEL 5), System -> Administration -> Add/Remove Software (CentOS/RHEL 6), or the rpm command:

 

  • gcc
  • glibc-devel
  • glibc-headers
  • kernel-devel
  • make
  • perl
  • patch

Running the following command as root will ensure the necessary packages are installed and up-to-date:

 

yum install gcc glibc-devel glibc-headers kernel-devel make perl patch pam.i686 zlib.i686

 

Packages pam.i686 and zlib.i686 are required on 64-bit Redhat EL 6 and Centos 6 platforms.

 

Note, if you encounter the following error during installation: 

"error: protected multilib versions”: pam-<version>.el6.i686 != pam-<version>.el6.x86_64", execute the following command before retrying pam.i686 installation:

 

yum update

 

Debian 5 / Debian 6

 

sudo apt-get install rpm make gcc linux-headers-`uname -r` patch

 

Additionally, on 64-bit platforms:

 

sudo apt-get install ia32-libs

 

 

Ubuntu 8.04

sudo apt-get install rpm libc6-dev patch linux-libc-dev

 

Ubuntu 8.04 Server, Ubuntu 10.04, Ubuntu 10.10

sudo apt-get install rpm libc6-dev patch linux-libc-dev make gcc

 

SUSE

These instructions has been tested and should work on (at least) the following SUSE versions: 9.1, 9.2, 9.3, 10.0, 10.1.

Make sure packages "kernel-source", "make", "patch" and "gcc" are installed through YaST or other means. The FSAV installer will warn you during installation if it cannot find the necessary components.

 

 

Turbolinux

The following steps are required to install the product on a computer running Turbolinux 10 or 11.

You need to install the Turbolinux package groups Development tools and _Kernel recompile kit_ in order to be able to compile the Dazuko kernel module. Use the following list if you want to install individual packages:

 

  • gcc
  • cpp
  • glibc-devel
  • kernel-headers
  • kernel-source

Sometimes Turbolinux kernel sources are not configured and they cannot be used to compile kernel drivers. Use the following commands:

cd /usr/src/linux-2.major.minor
./SetupKernelSource.sh architecture
make oldconfig

where major.minor is the kernel version. architecture is either i686, i686smp64G, x86_64, on Turbolinux11, and is either i586, i586smp, i586smp64G, x86_64, x86_64smp on Turbolinux10.

 

Known problems and solutions

 

WebUI login does not work on 64-bit Ubuntu 10.04

Because 64-bit Ubuntu 10.04 does not ship the 32-bit versions of PAM modules anymore, WebUI login will not work. As a workaround, please copy /lib/security/pam_unix.so from a 32-bit Ubuntu 10.04 to /lib32/security/pam_unix.so on the 64-bit computer. If you do not have a 32-bit Ubuntu 10.04 installation available, you can run the following commands:



# wget http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5.4_i386.deb
# dpkg -x http://security.ubuntu.com/ubuntu/pool/main/p/pam/libpam-modules_1.1.1-2ubuntu5.4_i386.deb tmp
# cp tmp/lib/security/pam_unix.so /lib32/security

 

Note that the actual package name might be different if there has been upgrades to the package. Also note that you will not get security updates automatically to the PAM module installed like this.

 

Initializing the product

 

If some depending packages were missing before the product was installed, execute the following command to properly initialize all F-Secure modules after installing the packages:

 

/etc/init.d/fsma restart

 

In case the Linux Security kernel interceptor could not be compiled, execute:

 

/opt/f-secure/fsav/bin/fsav-compile-drivers

 

(fsav-compile-drivers also executes "fsma restart").

 

Change history

 

24 Aug 2012: Added Debian 5 / 6

01 Nov 2011: Red Hat EL 3 / MIRACLE LINUX 3 (Asianux 1.0) / Debian 4.0 and Ubuntu 6.06 /  Ubuntu 7.10 removed as relevant Linux Security releases are no longer supported

01 Dec 2011: Added new section "Known problems".

08 Feb 2012: Added missing packages for RHEL 6/CENTOS 6 64-bit. Edited Known problems to include solution for running "fsma restart" and fsav-compile-drivers

09 March 2012: a minimal RHEL/Centos installation needs make, patch, perl to properly compile the  redirfs driver. 

Best Regards,
Peter
10 REPLIES 10
F-Secure Product Expert

Re: Pre-installation checklist for F-Secure Linux Security

The purpose of this article on the F-Secure Community is to replace the similar Knowledgebase article we currently have available. The original article in Knowledgebase shall be edited to provide a link to this URL.

Feel free to post feedback, corrections and suggestions to the article via this thread. We'll try and include the changes as soon as possible...

Best Regards,
Peter
OJ
Aspirant

Re: Pre-installation checklist for F-Secure Linux Security

In RHEL6, 64-bit:

 

18:10:43 RPM package manager is installed
18:10:46 The system has a working RPM package manager
18:10:46 Trying to determine if rpm needs --nodeps
bash-4.1.2-8.el6.x86_64
18:10:46 Making sure the product is running
18:10:46 Checking fsav
18:10:46 Could not find a previous installation, continuing with normal install.
18:10:47 Kernel: Linux 2.6.32-220.el6.x86_64
18:10:47 Distribution: Red Hat Enterprise Linux Server 6.2 (Santiago)
18:10:47 /lib/libc.so version:
./fssp-common: line 257: /lib/libc.so.*: No such file or directory
18:10:47 printlicense()
error: Failed dependencies:
ld-linux.so.2 is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libc.so.6 is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libdl.so.2 is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libpthread.so.0 is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libc.so.6(GLIBC_2.0) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libc.so.6(GLIBC_2.1) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libc.so.6(GLIBC_2.1.3) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libc.so.6(GLIBC_2.2) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libdl.so.2(GLIBC_2.0) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libdl.so.2(GLIBC_2.1) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libpthread.so.0(GLIBC_2.0) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386
libpthread.so.0(GLIBC_2.1) is needed by f-secure-automatic-update-agent-8.26.6038-1.i386

 

I did:

 

yum install gcc glibc-devel glibc-headers kernel-devel

 

and some other installs, still the error remains. What should I try next? (is this install even possible?)

F-Secure Product Expert

Re: Pre-installation checklist for F-Secure Linux Security

 

Hi,

 

Let's throw in one more:

 

# yum install compat-libstdc++-33.i686

 

Any help?

 

Best Regards,
Peter
Highlighted
OJ
Aspirant

Re: Pre-installation checklist for F-Secure Linux Security

Peter, that and some others I tried after posting that message.... Install seems to have succeeded now. But where is /etc/init.d/fsma ? There are only fsaua and fsupdate init-scripts in /etc/init.d 

 

Where do we specify whether I am installing Client or Server, or is that based on the keycode?

F-Secure Product Expert

Re: Pre-installation checklist for F-Secure Linux Security

 

Hi,

 

As for missing fsma script, you did install the full product and not only the on-demand-scanner, correct? The on-demand-scanner installation is triggered by the --command-line-only startupswitch...

 

Client or Server is determined by keycode.

Best Regards,
Peter
OJ
Aspirant

Re: Pre-installation checklist for F-Secure Linux Security

I did use the --command-line-only, and I thought that it is needed if the machine has only command line interface. Maybe re-install without that switch is needed now?

F-Secure Product Expert

Re: Pre-installation checklist for F-Secure Linux Security

 

 

>I did use the --command-line-only, and I thought that it is needed if the machine has only command line interface.

 

Not the case. The above switch is available for users who do not need on-access-scanning of a firewall module and it (only) provided a on-demand-scanner with Automatic Updates. No FSMA meaning, central management with PM is  not an option here.

 

>Maybe re-install without that switch is needed now?

 

Actually, I believe upgrading from command-line-only to full installation is not supported. First uninstall the current product using uninstall-fsav script then install again.

 

 

Best Regards,
Peter
Former F-Secure Employee

Re: Pre-installation checklist for F-Secure Linux Security

Just noticed an complaint on Ubuntu 12.0.4.1 LTS installation

 

Could not find the Actions Plugin for Nautilus file manager.
Please install it if you wish to scan files in Nautilus.

Which could be avoided by initially installing the plugin by:

sudo apt-get install nautilus-actions

 

Jarkko

Novice

Re: Pre-installation checklist for F-Secure Linux Security

I had installed f-secure but then removed it and now

 

its link is in nautilus-actions and I cant remove the link it wont delete it keeps coming back Ive searched for al folders under the name fsecure and f-secure and removed them

 

but it still remains in the nautilus actions menu I could just disbale it and it wont show BUT i dont want it in the menu at all !!!

Ive remove nautilus-actions and delete the folders then reinstalled nautilus-actions but still f-secure menu item is still there

can you help me

 

My next move is to grep "F-secure" IN EVERY FOLDER ,FILE IN MY DRIVE lol untill i find it

Surely you guys know how to remove this