Installation Guide
LinuxShield
™
version 1.5
McAfee
System Protection
®
Industry-leading intrusion prevention solutions
COPYRIGHT
Copyright © 2005 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN
(STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA),
INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN,
MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE,
PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN
KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its
affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered
and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE
GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE
CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU
HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU
DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF
APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
Attributions
This product includes or may include:
• Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). • Cryptographic software written by Eric
A. Young and software written by Tim J. Hudson. • Some software programs that are licensed (or sublicensed) to the user under the GNU
General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute
certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which
is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software
covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use,
copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the
rights and restrictions herein. • Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. • Software
originally written by Robert Nordier, Copyright © 1996-7 Robert Nordier. • Software written by Douglas W. Sauder. • Software developed by the
Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at
www.apache.org/licenses/LICENSE-2.0.txt. • International Components for Unicode ("ICU") Copyright ©1995-2002 International Business
®
Machines Corporation and others. • Software developed by CrystalClear Software, Inc., Copyright ©2000 CrystalClear Software, Inc. • FEAD
®
®
Optimizer technology, Copyright Netopsystems AG, Berlin, Germany. • Outside In Viewer Technology ©1992-2001 Stellent Chicago, Inc. and/or
®
Outside In HTML Export, © 2001 Stellent Chicago, Inc. • Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper,
© 1998, 1999, 2000. • Software copyrighted by Expat maintainers. • Software copyrighted by The Regents of the University of California, © 1996,
1989, 1998-2000. • Software copyrighted by Gunnar Ritter. • Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
California 95054, U.S.A., © 2003. • Software copyrighted by Gisle Aas. © 1995-2003. • Software copyrighted by Michael A. Chase, © 1999-2000.
• Software copyrighted by Neil Winton, ©1995-1996. • Software copyrighted by RSA Data Security, Inc., © 1990-1992. • Software copyrighted by
Sean M. Burke, © 1999, 2000. • Software copyrighted by Martijn Koster, © 1995. • Software copyrighted by Brad Appleton, © 1996-1999.
• Software copyrighted by Michael G. Schwern, ©2001. • Software copyrighted by Graham Barr, © 1998. • Software copyrighted by Larry Wall
and Clark Cooper, © 1998-2000. • Software copyrighted by Frodo Looijaard, © 1997. • Software copyrighted by the Python Software Foundation,
Copyright © 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. • Software copyrighted by
Beman Dawes, © 1994-1999, 2002. • Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek © 1997-2000 University of Notre
Dame. • Software copyrighted by Simone Bordet & Marco Cravero, © 2002. • Software copyrighted by Stephen Purcell, © 2001. • Software
developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). • Software copyrighted by International Business
Machines Corporation and others, © 1995-2003. • Software developed by the University of California, Berkeley and its contributors. • Software
developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). • Software copyrighted by
Kevlin Henney, © 2000-2002. • Software copyrighted by Peter Dimov and Multi Media Ltd. © 2001, 2002. • Software copyrighted by David
Abrahams, © 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. • Software copyrighted by Steve Cleary, Beman
Dawes, Howard Hinnant & John Maddock, © 2000. • Software copyrighted by Boost.org, © 1999-2002. • Software copyrighted by Nicolai M.
Josuttis, © 1999. • Software copyrighted by Jeremy Siek, © 1999-2001. • Software copyrighted by Daryle Walker, © 2001. • Software copyrighted
by Chuck Allison and Jeremy Siek, © 2001, 2002. • Software copyrighted by Samuel Krempp, © 2001. See http://www.boost.org for updates,
documentation, and revision history. • Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), © 2001, 2002. • Software copyrighted by
Cadenza New Zealand Ltd., © 2000. • Software copyrighted by Jens Maurer, ©2000, 2001. • Software copyrighted by Jaakko Järvi
(jaakko.jarvi@cs.utu.fi), ©1999, 2000. • Software copyrighted by Ronald Garcia, © 2002. • Software copyrighted by David Abrahams, Jeremy
Siek, and Daryle Walker, ©1999-2001. • Software copyrighted by Stephen Cleary (shammah@voyager.net), ©2000. • Software copyrighted by
Housemarque Oy <http://www.housemarque.com>, © 2001. • Software copyrighted by Paul Moore, © 1999. • Software copyrighted by Dr. John
Maddock, © 1998-2002. • Software copyrighted by Greg Colvin and Beman Dawes, © 1998, 1999. • Software copyrighted by Peter Dimov,
© 2001, 2002. • Software copyrighted by Jeremy Siek and John R. Bandela, © 2001. • Software copyrighted by Joerg Walter and Mathias Koch,
© 2000-2002. • Software copyrighted by Carnegie Mellon University © 1989, 1991, 1992. • Software copyrighted by Cambridge Broadband Ltd.,
© 2001-2003. • Software copyrighted by Sparta, Inc., © 2003-2004. • Software copyrighted by Cisco, Inc. and Information Network Center of
Beijing University of Posts and Telecommunications, © 2004. • Software copyrighted by Simon Josefsson, © 2003. • Software copyrighted by
Thomas Jacob, © 2003-2004. • Software copyrighted by Advanced Software Engineering Limited, © 2004. • Software copyrighted by Todd C.
Miller, © 1998. • Software copyrighted by The Regents of the University of California, © 1990, 1993, with code derived from software contributed
to Berkeley by Chris Torek.
PATENT INFORMATION
Protected by US Patents 6,029,256; 6,230,288; 6,496,875; 6,594,686; 6,622,150; 6,668,289; 6,684,329.
™
Issued July 2007 / LinuxShield software version 1.5
DBN-009-EN
Contents
1
2
Introducing LinuxShield
4
Product features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
What’s new in this release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Using this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Getting product information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contact information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
5
5
5
6
7
8
System Requirements
9
Hardware and software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Creating kernel modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Creating 2.4 kernel modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Creating 2.6 kernel modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
3
Installing LinuxShield
20
Manual installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Silent installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Running LinuxShield . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Handling old certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Removing the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Upgrading from previous LinuxShield versions . . . . . . . . . . . . . . . . . . . . . . . . . .
Upgrading from a pre-release version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Integrating with ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
22
23
23
24
24
25
25
3
1
Introducing LinuxShield
LinuxShield detects and removes viruses and other potentially unwanted software on
Linux-based systems. This section describes:
„
Product features
„
What’s new in this release
„
Using this guide
„
Getting product information
„
Contact information
Product features
LinuxShield software has the following features:
„
Support for AMD 64 / EM64T (64-bit) platforms.
„
Kernel hooking modules (KHMs)
„
Scanning
„
„
Comprehensive on-access anti-virus scanning and cleaning using the McAfee
scanning engine.
„
On-access scanning for local file systems, NFS and Samba.
„
Kernel-level scan cache for improved performance.
„
Scheduling of on-demand scans.
„
Scheduling of updates for scanning engine and virus definition files.
Administration
„
Remote administration using browser-based interface.
„
Monitoring and configuring of multiple LinuxShield installations from the browser
interface.
„
Secure browser interface with authentication and HTTPS (SSL) support.
„
Remote administration and reporting using ePolicy Orchestrator.
4
LinuxShield™ 1.5 Installation Guide
Introducing LinuxShield
What’s new in this release
„
Reporting
„
Real-time statistics.
„
Detailed database for detected items and system events.
„
Ability to query the database by date range or individual field values, for example,
virus name. Results of query can be exported to a CSV file.
„
Configurable email notification for detected items, out-of-date virus definition
files, configuration changes, and system events.
„
Diagnostic report for use when reporting a problem with the product.
What’s new in this release
This release of LinuxShield includes the following new enhancements:
„
Redhat Enterprise Linux 5 (32-bit).
„
Redhat Enterprise Linux 5 (AMD 64/EM64T).
„
Global File System (GFS) on Redhat Enterprise Linux 5.
„
Novell Open Enterprise Server 2 (32-bit).
„
Novell Open Enterprise Server 2 (AMD 64/EM64T).
„
Kernel module versioning which provides on-access scanning on new kernels
without having to recompile modules.
„
The latest version (5200) of the McAfee anti-virus engine.
„
Incremental Virus Signature (DAT) updates.
Using this guide
This guide provides information on installing your product. These topics are included:
„
Introducing LinuxShield — An overview of the product, with a description of new or
changed features; an overview of this guide; McAfee contact information.
„
System Requirements — The system requirements necessary to install LinuxShield
successfully; instructions on creating kernel modules.
„
Installing LinuxShield — Procedures to install the software manually and silently,
instructions on how to remove the software from your computer and upgrade from
a pre-release or previous version of the software.
Audience
This information is intended for network administrators who are responsible for their
company’s anti-virus and security program.
5
1
LinuxShield™ 1.5 Installation Guide
Introducing LinuxShield
Using this guide
Conventions
This guide uses the following conventions:
Bold
Condensed
All words from the interface, including options, menus, buttons, and dialog
box names.
Example:
Type the User name and Password of the appropriate account.
The path of a folder or program; text that represents something the user
types exactly (for example, a command at the system prompt).
Courier
Examples:
The default location for the program is:
C:\Program Files\McAfee\EPO\3.5.0
Run this command on the client computer:
scan --help
Italic
For emphasis or when introducing a new term; for names of product
documentation and topics (headings) within the material.
Example:
Refer to the VirusScan Enterprise Product Guide for more information.
Blue
A web address (URL) and/or a live link.
Example:
Visit the McAfee web site at:
http://www.mcafee.com
<TERM>
Angle brackets enclose a generic term.
Example:
In the console tree, right-click <SERVER>.
Note: Supplemental information; for example, another method of
executing the same command.
Note
Tip: Suggestions for best practices and recommendations from McAfee for
threat prevention, performance and efficiency.
Tip
Caution: Important advice to protect your computer system, enterprise,
software installation, or data.
Caution
Warning
Warning: Important advice to protect a user from bodily harm when using
a hardware product.
6
1
LinuxShield™ 1.5 Installation Guide
Introducing LinuxShield
Getting product information
Getting product information
Unless otherwise noted, product documentation comes as Adobe Acrobat .PDF files,
available on the product CD or from the McAfee download site.
Installation Guide — System requirements and instructions for installing and starting
the software.
Product Guide — Introduction to the product and its features; detailed instructions for
configuring the software; information on deployment, recurring tasks, and operating
procedures.
Help — High-level and detailed information accessed from the software application.
Configuration Guide — For use with ePolicy Orchestrator®. Procedures for
configuring and managing supported products through the ePolicy Orchestrator
management software.
Release Notes — ReadMe. Product information, resolved issues, any known issues,
and last-minute additions or changes to the product or its documentation.
License Agreement — The McAfee License Agreement booklet that includes all the
license types you can purchase for your product. The License Agreement presents
general terms and conditions for use of the licensed product.
Contacts — Contact information for McAfee services and resources: technical
support, customer service, Security Headquarters (AVERT), beta program, and training.
7
1
LinuxShield™ 1.5 Installation Guide
Introducing LinuxShield
Contact information
Contact information
Threat Center: McAfee Avert® Labs
http://www.mcafee.com/us/threat_center/default.asp
Avert Labs Threat Library
http://vil.nai.com
Avert Labs WebImmune & Submit a Sample (Logon credentials required)
https://www.webimmune.net/default.asp
Avert Labs DAT Notification Service
http://vil.nai.com/vil/signup_DAT_notification.aspx
Download Site http://www.mcafee.com/us/downloads/
Product Upgrades (Valid grant number required)
Security Updates (DATs, engine)
HotFix and Patch Releases
„
For Security Vulnerabilities (Available to the public)
„
For Products (ServicePortal account and valid grant number required)
Product Evaluation
McAfee Beta Program
Technical Support
http://www.mcafee.com/us/support/
KnowledgeBase Search
http://knowledge.mcafee.com/
McAfee Technical Support ServicePortal (Logon credentials required)
https://mysupport.mcafee.com/eservice_enu/start.swe
Customer Service
Web
http://www.mcafee.com/us/support/index.html
http://www.mcafee.com/us/about/contact/index.html
Phone — US, Canada, and Latin America toll-free:
+1-888-VIRUS NO or +1-888-847-8766 Monday – Friday, 8 a.m. – 8 p.m., Central Time
Professional Services
Enterprise: http://www.mcafee.com/us/enterprise/services/index.html
Small and Medium Business:
http://www.mcafee.com/us/smb/services/index.html
8
1
2
System Requirements
Hardware and software
This section includes the following topics:
„
Hardware and software requirements.
„
Creating kernel modules on page 15.
Hardware and software requirements
The following hardware and software are required.
All platforms
„ Monitor screen with a recommended minimum resolution of 1024 x 768.
Minimum hardware requirements for 32-bit platforms
„ Intel Pentium II with 128 MB RAM, and 40 MB free space on the hard drive.
Typical hardware requirements for 32-bit platforms
Intel Pentium 4 with 256 MB RAM, and 200 MB free space on the hard drive.
„
Minimum hardware requirements for 64-bit platforms
„ Intel Pentium 4 EM64T or AMD 64 with 256 MB RAM, and 40 MB free space on the
hard drive.
Typical hardware requirements for 64-bit platforms
Intel Pentium 4 EM64T or AMD 64 with 512 MB RAM, and 200 MB free space on the
hard drive.
Supported operating systems for 32-bit platforms
„ Novell Linux Desktop 9
„
Novell Linux Small Business Suite 9
„
Novell Open Enterprise Server 9 running Linux Enterprise Server 9 SP1
„
Red Hat Enterprise 2.1 Advanced Server, Workstation, Enterprise Server
„
Red Hat Enterprise 3.0 Advanced Server, Workstation, Enterprise Server
„
Red Hat Enterprise 4.0 Advanced Server, Workstation, Enterprise Server, Desktop
9
LinuxShield™ 1.5 Installation Guide
System Requirements
Hardware and software requirements
„
Red Hat Enterprise 5.0 Server, Desktop
„
SuSE Enterprise 8 Server United Linux 1.0
„
SuSE Linux Enterprise Server 9
„
SuSE Linux Enterprise Server/Desktop 10
Supported operating systems for 64-bit platforms
„ Red Hat Enterprise 4.0 Advanced Server, Workstation, Enterprise Server, Desktop
„
Red Hat Enterprise 5.0 Advanced Platform, Desktop
„
SuSE Linux Enterprise Server 9
„
SuSE Linux Enterprise Server/Desktop 10
Supported browsers
„ Internet Explorer 5.5, 6.0 and 7.0
„
Konqueror 3.1, 3.1.1, 3.1.3, 3.1.4, 3.2.1, 3.3.1 - 5.5 and 3.5.1
„
Mozilla 0.9.9, 1.0.1, 1.2.1, 1.4, 1.6, 1.7.8, and 1.7.13
„
Firefox 1.0, 1.0.4, and 2.0
Supported ePolicy Orchestrator Server
„ 3.6 or later
Supported kernels
The following kernel modules are provided in this release. If your kernel is not listed
here, see About kernel support on page 15 and Creating kernel modules on page 15.
Table 2-1 Kernel modules supported on 32-bit platforms for Red Hat
Red Hat Enterprise 2.1
Red Hat Enterprise 3.0
Red Hat Enterprise 4.0
Red Hat Enterprise 5.0
kernel-2.4.9-e.3
kernel-smp-2.4.9-e.3
kernel-enterprise-2.4.9-e.3
kernel-2.4.21-4.EL
kernel-smp-2.4.21-4.EL
kernel-hugemem-2.4.21-4.EL
kernel-2.6.9-5.EL
kernel-smp-2.6.9-5.EL
kernel-hugemem-2.6.9-5.EL
kernel-2.6.18-8.el5
kernel-2.4.9-e.12
kernel-smp-2.4.9-e.12
kernel-2.4.21-9.0.1.EL
kernel-smp-2.4.21-9.0.1.EL
kernel-hugemem-2.4.21-9.0.1.EL
kernel-2.6.9-11.EL
kernel-smp-2.6.9-11.EL
kernel-hugemem-2.6.9-11.EL
kernel-2.6.18-8.1.1.el5PAE
kernel-2.4.21-9.0.3.EL
kernel-smp-2.4.21-9.0.3.EL
kernel-hugemem-2.4.21-9.0.3.EL
kernel-2.6.9-22.EL
kernel-smp-2.6.9-22.EL
kernel-hugemem-2.6.9-22.EL
kernel-2.4.21-15.EL
kernel-smp-2.4.21-15.EL
kernel-hugemem-2.4.21-15.EL
kernel-2.6.9-22.0.1.EL
kernel-smp-2.6.9-22.0.1.EL
kernel-hugemem-2.6.9-22.0.1.EL
kernel-2.6.18-8.1.6.el5
kernel-2.4.9-e.41
kernel-smp-2.4.9-e.41
kernel-enterprise-2.4.9-e.41
kernel-2.4.21-15.0.2.EL
kernel-smp-2.4.21-15.0.2.EL
kernel-hugemem-2.4.21-15.0.2.EL
kernel-2.6.9-22.0.2.EL
kernel-2.6.18-8.1.8.el5
kernel-smp-2.6.9-22.0.2.EL
kernel-2.6.18-8.1.8.el5PAE
kernel-2.4.9-e.43
kernel-smp-2.4.9-e.43
kernel-enterprise-2.4.9-e.43
kernel-2.4.21-15.0.3.EL
kernel-smp-2.4.21-15.0.3.EL
kernel-hugemem-2.4.21-15.0.3.EL
kernel-2.4.9-e.48
kernel-smp-2.4.9-e.48
kernel-enterprise-2.4.9-e.48
kernel-2.4.21-15.0.4.EL
kernel-smp-2.4.21-15.0.4.EL
kernel-hugemem-2.4.21-15.0.4.EL
kernel-2.6.18-8.el5PAE
kernel-2.6.18-8.1.1.el5
kernel-2.4.9-e.38
kernel-smp-2.4.9-e.38
kernel-enterprise-2.4.9-e.38
kernel-2.4.9-e.40
kernel-smp-2.4.9-e.40
kernel-enterprise-2.4.9-e.40
kernel-hugemem-2.6.9-22.0.2.EL
kernel-2.6.9-34.EL
kernel-smp-2.6.9-34.EL
kernel-hugemem-2.6.9-34.EL
kernel-2.6.9-34.0.1.EL
10
kernel-2.6.18-8.1.3.el5
kernel-2.6.18-8.1.3.el5PAE
kernel-2.6.18-8.1.4.el5
kernel-2.6.18-8.1.4.el5PAE
kernel-2.6.18-8.1.6.el5PAE
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Hardware and software requirements
Table 2-1 Kernel modules supported on 32-bit platforms for Red Hat (continued)
Red Hat Enterprise 2.1
Red Hat Enterprise 3.0
Red Hat Enterprise 4.0
kernel-2.4.9-e.49
kernel-smp-2.4.9-e.49
kernel-enterprise-2.4.9-e.49
kernel-2.4.21-20.EL
kernel-smp-2.4.21-20.EL
kernel-hugemem-2.4.21-20.EL
kernel-smp-2.6.9-34.0.1.EL
kernel-2.4.9-e.62
kernel-smp-2.4.9-e.62
kernel-enterprise-2.4.9-e.62
kernel-2.4.21-20.0.1.EL
kernel-smp-2.4.21-20.0.1.EL
kernel-hugemem-2.4.21-20.0.1.EL
kernel-2.4.9-e.65
kernel-smp-2.4.9-e.65
kernel-enterprise-2.4.9-e.65
kernel-2.4.21-27.EL
kernel-smp-2.4.21-27.EL
kernel-hugemem-2.4.21-27.EL
kernel-2.6.9-42.EL
kernel-2.4.9-e.68
kernel-2.4.21-27.0.1.EL
kernel-smp-2.4.21-27.0.1.EL
kernel-hugemem-2.4.21-27.0.1.EL
kernel-hugemem-2.6.9-42.EL
kernel-smp-2.4.9-e.68
kernel-enterprise-2.4.9-e.68
kernel-2.4.9-e.70
kernel-smp-2.4.9-e.70
kernel-enterprise-2.4.9-e.70
kernel-2.4.9-e.71
kernel-smp-2.4.9-e.71
kernel-enterprise-2.4.9-e.71
kernel-2.4.21-27.0.2.EL
kernel-smp-2.4.21-27.0.2.EL
kernel-hugemem-2.4.21-27.0.2.EL
kernel-2.4.21-32.0.1.EL
kernel-smp-2.4.21-32.0.1.EL
kernel-hugemem-2.4.21-32.0.1.EL
kernel-2.4.21-37.EL
kernel-smp-2.4.21-37.EL
kernel-hugemem-2.4.21-37.EL
kernel-2.4.21-40.EL
kernel-smp-2.4.21-40.EL
kernel-hugemem-2.4.21-40.EL
kernel-2.4.21-47.EL
kernel-smp-2.4.21-47.EL
kernel-hugemem-2.4.21-47.EL
kernel-2.4.21-47.0.1.EL
kernel-smp-2.4.21-47.0.1.EL
kernel-hugemem-2.4.21-47.0.1.EL
kernel-hugemem-2.6.9-34.0.1.EL
kernel-2.6.9-34.0.2.EL
kernel-smp-2.6.9-34.0.2.EL
kernel-hugemem-2.6.9-34.0.2.EL
kernel-smp-2.6.9-42.EL
kernel-2.6.9-42.0.2.EL
kernel-smp-2.6.9-42.0.2.EL
kernel-hugemem-2.6.9-42.0.2.EL
kernel-2.6.9-42.0.3.EL
kernel-smp-2.6.9-42.0.3.EL
kernel-hugemem-2.6.9-42.0.3.EL
kernel-2.6.9-42.0.8.EL
kernel-smp-2.6.9-42.0.8.EL
kernel-hugemem-2.6.9-42.0.8.EL
kernel-2.6.9-42.0.10.EL
kernel-smp-2.6.9-42.0.10.EL
kernel-hugemem-2.6.9-42.0.10.EL
kernel-2.6.9-55.EL
kernel-smp-2.6.9-55.EL
kernel-hugemem-2.6.9-55.EL
kernel-2.6.9-55.0.2.EL
kernel-smp-2.6.9-55.0.2.EL
kernel-hugemem-2.6.9-55.0.2.EL
kernel-2.4.21-50.EL
kernel-smp-2.4.21-50.EL
kernel-hugemem-2.4.21-50.EL
11
Red Hat Enterprise 5.0
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Hardware and software requirements
Table 2-2 Kernel modules supported on 32-bit platforms for SuSE
SuSE Enterprise 8
SuSE Enterprise 9.0
/Novell Linux Desktop
9.0
SuSE Enterprise 10
k_smp-2.4.19-113
kernel-default-2.6.5-7.97
kernel-smp-2.6.5-7.97
kernel-bigsmp-2.6.5-7.97
kernel-default-2.6.16-21.0.8
k_deflt-2.4.19-120
k_deflt-2.4.21-198
k_smp-2.4.21-198
k_deflt-2.4.21-203
k_smp-2.4.21-203
k_deflt-2.4.21-215
k_smp-2.4.21-215
k_deflt-2.4.21-226
k_smp-2.4.21-226
kernel-default-2.6.5-7.111
kernel-smp-2.6.5-7.111
kernel-bigsmp-2.6.5-7.111
kernel-default-2.6.5-7.139
kernel-smp-2.6.5-7.139
kernel-bigsmp-2.6.5-7.139
kernel-default-2.6.5-7.145
kernel-smp-2.6.5-7.145
kernel-bigsmp-2.6.5-7.145
kernel-smp-2.6.16-21.0.8
kernel-bigsmp-2.6.16-21.0.8
kernel-default-2.6.16-21.0.15
kernel-smp-2.6.16-21.0.15
kernel-bigsmp-2.6.16-21.0.15
kernel-default-2.6.16-21.0.25
kernel-smp-2.6.16-21.0.25
kernel-bigsmp-2.6.16-21.0.25
kernel-default-2.6.16-27.0.6
k_deflt-2.4.21-231
kernel-default-2.6.5-7.147
kernel-smp-2.6.5-7.147
kernel-smp-2.6.16-27.0.6
k_smp-2.4.21-231
kernel-bigsmp-2.6.5-7.147
kernel-bigsmp-2.6.16-27.0.6
k_deflt-2.4.21-241
kernel-default-2.6.5-7.151
kernel-smp-2.6.5-7.151
kernel-bigsmp-2.6.5-7.151
kernel-default-2.6.16-27.0.9
k_smp-2.4.21-241
k_deflt-2.4.21-251
k_deflt-2.4.21-261
kernel-default-2.6.5-7.191
kernel-smp-2.6.5-7.191
kernel-bigsmp-2.6.5-7.191
k_smp-2.4.21-261
kernel-default-2.6.5-7.193
k_deflt-2.4.21-266
kernel-smp-2.6.5-7.193
kernel-bigsmp-2.6.5-7.193
k_smp-2.4.21-251
k_smp-2.4.21-266
k_smp-2.4.21-273
kernel-default-2.6.5-7.201
kernel-smp-2.6.5-7.201
kernel-bigsmp-2.6.5-7.201
k_deflt-2.4.21-278
kernel-default-2.6.5-7.202.7
k_smp-2.4.21-278
kernel-smp-2.6.5-7.202.7
k_deflt-2.4.21-281
kernel-bigsmp-2.6.5-7.202.7
k_smp-2.4.21-281
kernel-default-2.6.5-7.244
k_deflt-2.4.21-286
kernel-smp-2.6.5-7.244
k_smp-2.4.21-286
kernel-bigsmp-2.6.5-7.244
k_deflt-2.4.21-292
kernel-default-2.6.5-7.252
k_smp-2.4.21-292
kernel-smp-2.6.5-7.252
k_deflt-2.4.21-295
kernel-bigsmp-2.6.5-7.252
k_deflt-2.4.21-273
12
kernel-smp-2.6.16-27.0.9
kernel-bigsmp-2.6.16-27.0.9
kernel-default-2.6.16-46.0.12
kernel-smp-2.6.16-46.0.12
kernel-bigsmp-2.6.16-46.0.12
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Hardware and software requirements
Table 2-2 Kernel modules supported on 32-bit platforms for SuSE (continued)
SuSE Enterprise 8
SuSE Enterprise 9.0
/Novell Linux Desktop
9.0
k_smp-2.4.21-295
kernel-default-2.6.5-7.257
k_deflt-2.4.21-304
kernel-smp-2.6.5-7.257
k_smp-2.4.21-304
kernel-bigsmp-2.6.5-7.257
k_deflt-2.4.21-306
kernel-default-2.6.5-7.267
k_smp-2.4.21-306
kernel-smp-2.6.5-7.267
k_deflt-2.4.21-309
kernel-bigsmp-2.6.5-7.267
k_smp-2.4.21-309
kernel-default-2.6.5-7.276
k_deflt-2.4.21-314
kernel-smp-2.6.5-7.276
k_smp-2.4.21-314
kernel-bigsmp-2.6.5-7.276
SuSE Enterprise 10
kernel-default-2.6.5-7.282
kernel-smp-2.6.5-7.282
kernel-bigsmp-2.6.5-7.282
kernel-default-2.6.5-7.283
kernel-smp-2.6.5-7.283
kernel-bigsmp-2.6.5-7.283
kernel-default-2.6.5-7.286
kernel-smp-2.6.5-7.286
kernel-bigsmp-2.6.5-7.286
Table 2-3 Kernel modules supported on 64-bit platforms for Red Hat
Red Hat Enterprise 4.0
Red Hat Enterprise 5.0
Kernel-2.6.9-5.EL
kernel-2.6.18-8.el5
Kernel-smp-2.6.9-5.EL
kernel-2.6.18-8.1.1.el5
Kernel-2.6.9-11.EL
kernel-2.6.18-8.1.3.el5
Kernel-smp-2.6.9-11EL
kernel-2.6.18-8.1.4.el5
Kernel-2.6.9-22.EL
kernel-2.6.18-8.1.6.el5
Kernel-smp-2.6.9-22.EL
kernel-2.6.18-8.1.8.el5
Kernel-2.6.9-22.0.1EL
Kernel-smp-2.6.9-22.0.2EL
kernel-2.6.9-22.0.2.EL
kernel-smp-2.6.9-22.0.2.EL
kernel-2.6.9-34.EL
kernel-smp-2.6.9-34.EL
kernel-2.6.9-34.0.1.EL
kernel-smp-2.6.9-34.0.1.EL
kernel-2.6.9-34.0.2.EL
kernel-smp-2.6.9-34.0.2.EL
kernel-2.6.9-42.EL
13
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Hardware and software requirements
Table 2-3 Kernel modules supported on 64-bit platforms for Red Hat (continued)
Red Hat Enterprise 4.0
Red Hat Enterprise 5.0
kernel-smp-2.6.9-42.EL
kernel-2.6.9-42.0.2.EL
kernel-smp-2.6.9-42.0.2.EL
kernel-2.6.9-42.0.3.EL
kernel-smp-2.6.9-42.0.3.EL
kernel-2.6.9-42.0.8.EL
kernel-smp-2.6.9-42.0.8.EL
kernel-2.6.9-42.0.10.EL
kernel-smp-2.6.9-42.0.10.EL
kernel-2.6.9-55.EL
kernel-smp-2.6.9-55.EL
kernel-2.6.9-55.0.2.EL
kernel-smp-2.6.9-55.0.2.EL
Table 2-4 Kernel modules supported on 64-bit platforms for SuSE
SuSE Enterprise 9
SuSE Enterprise 10
kernel-default-2.6.5-7.97
kernel-default-2.6.16-21.0.8
kernel-smp-2.6.5-7.97
kernel-smp-2.6.16-21.0.8
kernel-default-2.6.5-7.139
kernel-default-2.6.16-21.0.15
kernel-smp-2.6.5-7.139
kernel-smp-2.6.16-21.0.15
kernel-default-2.6.5-7.147
kernel-default-2.6.16-21.0.25
kernel-smp-2.6.5-7.147
kernel-smp-2.6.16-21.0.25
kernel-default-2.6.5-7.151
kernel-default-2.6.16-27.0.6
kernel-smp-2.6.5-7.151
kernel-smp-2.6.16-27.0.6
kernel-default-2.6.5-7.191
kernel-default-2.6.16-27.0.9
kernel-smp-2.6.5-7.191
kernel-smp-2.6.16-27.0.9
kernel-default-2.6.5-7.193
kernel-default-2.6.16-46.0.12
kernel-smp-2.6.5-7.193
kernel-smp-2.6.16-46.0.12
kernel-default-2.6.5-7.201
kernel-smp-2.6.5-7.201
kernel-default-2.6.5-7.202.7
kernel-smp-2.6.5-7.202.7
kernel-default-2.6.5-7.244
kernel-smp-2.6.5-7.244
kernel-default-2.6.5-7.252
kernel-smp-2.6.5-7.252
kernel-default-2.6.5-7.257
kernel-smp-2.6.5-7.257
14
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Creating kernel modules
Table 2-4 Kernel modules supported on 64-bit platforms for SuSE (continued)
SuSE Enterprise 9
SuSE Enterprise 10
kernel-default-2.6.5-7.267
kernel-smp-2.6.5-7.267
kernel-default-2.6.5-7.276
kernel-smp-2.6.5-7.276
kernel-default-2.6.5-7.282
kernel-smp-2.6.5-7.282
kernel-default-2.6.5-7.283
kernel-smp-2.6.5-7.283
kernel-default-2.6.5-7.286
kernel-smp-2.6.5-7.286
About kernel support
The LinuxShield installation includes on-access kernel modules for the versions of Red
Hat and SuSE that we support. See the tables in Supported kernels on page 10 to get
the full list of kernels. We provide these modules for the original kernel versions that
are shipped with the distribution, and for the latest official kernel updates provided by
Red Hat and SuSE at the time of this release. Our updates for their later kernels will be
available from http://mysupport.nai.com.
Source code for the kernel modules is also available on your product CD, or from our
product download site. (See Contact information on page 8.) The availability of this
source code allows you to respond to security patches as quickly as your specific
environment and company policy dictates. However, we are unable to provide support
for customized kernel modules because we cannot test them or reproduce specific
issues.
Creating kernel modules
To build a LinuxShield kernel module from source, you need the source for your kernel.
Most vendor-supplied kernels include a kernel source package, that usually installs the
source into /usr/src/linux-<kernel version>. If you are not familiar with building
the Linux kernel, we recommend that you refer to tutorials available on the Internet.
Alternatively, follow the procedure in Creating 2.4 kernel modules or Creating 2.6
kernel modules.
Creating 2.4 kernel modules
1 Put your source tree into a known clean state to remove generated files and
non-standard configuration. To do this, run make mrproper from the top-level
directory of your kernel source tree, as in the following commands:
cd <kernel source dir>
make mrproper
2 Configure the kernel source. You need the configuration file that was used to
compile your kernel. If you are using a vendor-supplied kernel, the /boot directory
normally contains a copy of the configuration file, which has a config prefix or a
.config extension.
15
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Creating kernel modules
3 Copy the configuration file to the file .config in the top-level directory of your kernel
source tree, and run make oldconfig, as in these commands:
cp <kernel config file> .config
make oldconfig
If a message prompts you for any configuration items, your configuration file is
incomplete, and you need to ask the supplier about the correct answers.
4 Check the version information in the top-level kernel Makefile. In particular, check
that EXTRAVERSION is set appropriately.
Sometimes the version information is set to a custom value in vendor-supplied
source. The definition for KERNELRELEASE when expanded should match the
contents of /proc/sys/kernel/osrelease assuming that you are building modules
for the kernel that is currently running. The standard definition for KERNELRELEASE is:
KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)$(EXTRAVERSION)
5 Generate some dependency information and header files. Type the following
command:
make dep
6 Build the kernel by typing this command:
make bzImage
This step creates generated files that are necessary for module compilation.
As a minimum, you can build the generated configuration header files using
make include/config/MARKER, but this might not work for all kernel versions and
configurations.
Note
You are now ready to build the LinuxShield kernel modules. The Makefile provided to
build the LinuxShield modules requires 3.80 or later of GNU Make. Check your version
of make by using make --version. If you have version 3.79 or earlier, you need to
upgrade.
7 Unpack the source files into an empty directory, and use the kernel build system to
build the modules:
cd <LinuxShield source directory>
make -C <kernel source dir> SUBDIRS=`pwd` modules
If there are no errors, you have two kernel modules — lshook.o and
linuxshield.o.
8 Copy the modules into your LinuxShield module directory (called
/opt/NAI/LinuxShield/lib/modules by default).
The modules in this directory are prefixed with the kernel version for which they
were compiled. For example, if /proc/sys/kernel/osrelease contains
2.4.21-xyz, the modules are named 2.4.21-xyz-lshook.o and
2.4.21-xyz-linuxshield.o.
16
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Creating kernel modules
If you have multiple kernels that cannot be distinguished by the contents of
/proc/sys/kernel/osrelease (the same as the output of uname -r), you need to
use the file kernel.version in the same directory. This file can contain multiple
lines. Each has the form:
<prefix>:<build version>
Here <prefix> is a unique string derived from the kernel version. Given a version of
2.4.nn<extra>, the prefix is 2.4.nn<unique tag><extra>, where the unique tag
does not contain ”:” for example:
2.4.21-ls-xyz:#1 SMP Sun May 16 12:27:32 UTC 2004
Here <build version> is the contents of /proc/sys/kernel/version (or the
output of uname -v) when the matching kernel is running.
During LinuxShield startup, if kernel modules are identified as matching the running
kernel, symbolic links are created in the directory /lib/modules/`uname -r`/nai.
The targets of these links can determine which module files have been loaded.
17
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Creating kernel modules
Creating 2.6 kernel modules
1 Put your source tree into a known clean state to remove any generated files and any
non-standard configuration. To do this, run make mrproper from the top-level
directory of your kernel source tree:
cd <kernel source directory>
make mrproper
2 Configure the kernel source. You need the configuration file that was used to
compile your kernel.
Note
If you are using a vendor-supplied kernel, the /boot directory normally contains a copy
of the configuration file, which has a config- prefix or a .config extension.
3 Copy the configuration file to the file .config in the top-level directory of your kernel
source tree, and run make oldconfig:
cp <kernel config file> .config
make oldconfig
If asked for any configuration items, your configuration file is incomplete, and you
need to ask the supplier about the correct answers.
4 Check the version information in the top-level kernel Makefile. In particular, check
that EXTRAVERSION is set appropriately.
Sometimes the version information is set to a custom value in vendor-supplied
source. The definition for KERNELRELEASE when expanded should match the
contents of /proc/sys/kernel/osrelease assuming that you are building modules
for the kernel that is currently running. The standard definition for KERNELRELEASE is:
KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)$(EXTRAVERSION)
5 Build the kernel by typing this command:
make bzImage
This step creates generated files that are necessary for module compilation.
Note
You are now ready to build the LinuxShield kernel modules. The Makefile provided to
build the LinuxShield modules requires 3.80 or later of GNU Make. Check your version
of make by using make --version. If you have version 3.79 or earlier, you need to
upgrade.
6 Unpack the source files into an empty directory, and use the kernel build system to
build the modules:
cd <LinuxShield source directory>
make -C <kernel source dir> SUBDIRS=`pwd` modules
If there are no errors, you have two kernel modules — lshook.ko and
linuxshield.ko.
7 Copy these modules into your LinuxShield module directory (called
/opt/NAI/LinuxShield/lib/modules by default).
18
2
LinuxShield™ 1.5 Installation Guide
System Requirements
Creating kernel modules
Note
The modules in this directory are prefixed with the kernel version for which they were
compiled. For example, if /proc/sys/kernel/osrelease contains 2.6.9-xyz, the
modules will be named 2.6.9-xyz-lshook.ko and 2.6.9-xyz-linuxshield.ko.
If you have multiple kernels that cannot be distinguished by the contents of
/proc/sys/kernel/osrelease (the same as the output of uname -r), you need to
use the file kernel.version in the same directory. This file can contain multiple
lines, each having the form:
<prefix>:<build version>
Here <prefix> is a unique string that is derived from the kernel version. Given a
version of 2.6.nn<extra>, the prefix is 2.6.nn<unique tag><extra>, where the
unique tag does not contain “:”, for example:
2.6.9-ls-xyz:#1 SMP Sun May 16 12:27:32 UTC2004
Here <build version> is the contents of /proc/sys/kernel/version (or the
output of uname -v) when the matching kernel is running.
During LinuxShield startup, if kernel modules are identified as matching the running
kernel, symbolic links are created in the directory /lib/modules/`uname -r`/nai.
The targets of these links can determine which module files have been loaded.
8 Rename the modules to have .o extension instead of .ko extension.
19
2
3
Installing LinuxShield
Installing, upgrading and removing the software
You can install LinuxShield manually on hosts (see Manual installation on page 21) or
you can use a script (see Silent installation on page 22). The following topics are also
included:
„
Running LinuxShield on page 23.
„
Removing the software on page 24.
„
Integrating with ePolicy Orchestrator on page 25.
Related topics
Upgrading from previous LinuxShield versions on page 24.
„
„
Upgrading from a pre-release version on page 25.
20
LinuxShield™ 1.5 Installation Guide
Installing LinuxShield
Manual installation
Manual installation
During installation, you are prompted to supply a password and other information. For
most of the questions, you can accept the default value that is offered.
To set up email notification for alerts if it is required, you need an MTA (Mail Transfer
Agent) configured, and the following information:
„
Email address of the LinuxShield administrator.
„
Address for the SMTP host.
„
TCP/IP port number for the SMTP host.
To install LinuxShield:
1 Download the rpm file.
2 At the command prompt, type:
rpm -i LinuxShield-1.5.0-<version>.<arch>.rpm
where <version> is a version number such as 108, and <arch> is i386 for 32-bit
platforms and x86-64 for 64-bit platforms.
3 Answer the questions when prompted. Accept the default values, or type your own.
4 When prompted to start the LinuxShield services, select the default option, y.
5 To confirm that the system is running correctly, type:
/etc/init.d/nails status
6 At the command prompt, type:
rpm -i NWA-3.0.2-<version>.i686.rpm
where <version> is a version number such as 113LM.
7 Answer the questions when prompted. These include the IP address of the ePolicy
Orchestrator server, and port number for the agent-to-server connection.
8 To confirm that the ePolicy Orchestrator agent is running correctly, type:
/etc/init.d/nwa status
21
3
LinuxShield™ 1.5 Installation Guide
Installing LinuxShield
Silent installation
Silent installation
For silent installation:
1 Create the file nails.options in the root home directory. For example:
SILENT_ACCEPTED_EULA=”yes”
SILENT_INSTALLDIR=”/opt/NAI/LinuxShield”
SILENT_RUNTIMEDIR=”/var/opt/NAI/LinuxShield”
SILENT_ADMIN=”admin@example.com”
SILENT_HTTPHOST=”192.168.255.200”
SILENT_HTTPPORT=”55443”
SILENT_MONITORPORT=”65443”
SILENT_SMTPHOST=”example.example.com.”
SILENT_SMTPPORT=”25”
SILENT_NAILS_USER=”nails”
SILENT_NAILS_GROUP=”nails”
SILENT_CREATE_USER=”no”
SILENT_CREATE_GROUP=”no”
SILENT_RUN_WITH_MONITOR=”yes”
SILENT_QUARANTINEDIR=”/quarantine”
SILENT_START_PROCESSES=”yes”
SILENT_CONTINUE_INSTALL_ON_PAM_ERROR=”no”
Note
Use SILENT_CONTINUE_INSTALL_ON_PAM_ERROR only when 32-bit PAM libraries
are not present.
If you set this flag to yes and continue without Pluggable Authentication Module
(PAM) libraries, the installation of LinuxShield monitor component is skipped, and
the web interface will not be available. However, you can still manage the
LinuxShield host using ePolicy Orchestrator or the web interface of some other
LinuxShield host. See information about configuring LinuxShield in the Product
Guide.
2 As root, create a user, nails as a member of a group, nails.
3 At the command prompt, type:
rpm -i LinuxShield-1.5.0-<version>.<arch>.rpm
where <version> is a version number such as 108, and <arch> is i386 for 32-bit
platforms and x86-64 for 64-bit platforms.
4 After performing the installation, use the command passwd to assign a password to
the user, nails. To manage several hosts from one browser location, each host must
have the same user name and password.
22
3
LinuxShield™ 1.5 Installation Guide
Installing LinuxShield
Running LinuxShield
5 Create the file, nwa.config in the root home directory. For example:
ServerIPAddress: 192.168.255.200
AgentServerPort: 80
StartService: Y
6 At the command prompt, type:
rpm -i NWA-3.0.2-<version>.i686.rpm
where <version> is a version number, such as 113LM.
Running LinuxShield
1 To open the LinuxShield browser interface, use a supported browser:
https://<hostname>:<port number>
where <hostname> is the name of the host on which LinuxShield is installed. By
default, the port number is 55443.
2 On the logon page, type the user name, nails and enter the password that you
specified during installation.
3 If you see messages caused by the use of certificates, see Handling old certificates.
Handling old certificates
LinuxShield has its own certificate that it adds to the browser the first time that you
connect. If you add this certificate permanently, then install a new version of
LinuxShield, you might experience an error, stating that the certificate that the site is
providing is not correct.
This happens because the certificate is different from the one stored in your browser.
Every installation creates a specific certificate for the host, and associates the
certificate with the IP address or the name that you have provided. If the certificate
does not match the stored certificate, the browser displays an error.
To fix this, remove the old certificate and accept the new one when prompted. The
steps are described for each supported browser.
Konqueror
1 Open Konqueror.
2 At Settings, select Configure Konqueror.
3 At the new window, click the icon on the left side, called Crypto.
4 On the right pane, click the Peer SSL Certificate tab to display every certificate that you
have saved.
5 Select and remove the Network Associates certificate.
When you log on again, you are prompted with the new certificate.
23
3
LinuxShield™ 1.5 Installation Guide
Installing LinuxShield
Removing the software
Mozilla
1 Open Mozilla.
2 Select Edit | Preferences.
3 Expand Privacy & Security.
4 Select Certificate on the left side, and click Manage Certificates from the right pane.
5 On the new window, select the Authority tab and scroll to find Network Associates.
6 Expand this, and find the certificate displaying the IP address of the host or the host
name. Select the certificate and delete it.
These steps should remove the certificate, and allow you to import the new certificate
associated with the host.
Internet Explorer
Microsoft Internet Explorer does not save the certificate, but it will prompt you to
accept the certificate every time that you log on.
Removing the software
1 Remove the software, using:
rpm -e LinuxShield
rpm -e NWA
2 Reboot the machine to remove the LinuxShield kernel modules.
Note
You do not need to reboot immediately because the LinuxShield kernel modules do not
interrupt functioning of any other running service.
Upgrading from previous LinuxShield versions
This section is valid for 32-bit platforms only.
Note
1 At the command prompt, type:
rpm -U LinuxShield-1.5.0-<version>.i386.rpm
where <version> is a version number, such as 108.
Upgrading briefly stops on-access scanning.
2 To confirm that the system is running, type:
/etc/init.d/nails status
24
3
LinuxShield™ 1.5 Installation Guide
Installing LinuxShield
Upgrading from a pre-release version
3 Depending on the LinuxShield version from which you are updating, choose one of
the following options:
You cannot upgrade NWA when using this version of LinuxShield.
Note
„
Uninstall NWA if it isinstalled on your computer, type the following at the
command prompt:
rpm -e NWA
„
To install the latest version of NWA, type the following at the command prompt:
rpm -i NWA-3.0.2-<version>.i686.rpm
where <version> is a version number such as 113LM.
4 Answer the questions when prompted. The questions include the IP address of the
ePolicy Orchestrator server, and port number for the agent-to-server connection.
5 To confirm that the ePolicy Orchestrator agent is running correctly, type:
/etc/init.d/nwa status
Upgrading from a pre-release version
To upgrade from a Beta or Release Candidate version:
1 Remove the software, using:
rpm -e LinuxShield
rpm -e NWA
2 Reboot the machine to remove the LinuxShield kernel modules.
3 Install the new software. See Manual installation on page 21.
Integrating with ePolicy Orchestrator
The following NAP files need to be added to the ePolicy Orchestrator repository:
„
LinuxShield150.nap — product NAP file.
„
LinuxShield150_reports.nap — product event-reporting NAP file.
„
NWA-LNX300.NAP — agent NAP file.
See the LinuxShield Configuration Guide and ePolicy Orchestrator Product Guide for
details.
25
3