McAfee VirusScan Enterprise for Linux, v1.6 Installation Guide COPYRIGHT Copyright © 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide Contents Introducing McAfee VirusScan Enterprise for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Product Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 What’s new in this release. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Hardware and software requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Supported kernels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Red Hat Enterprise Linux and CentOS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 SuSE Enterprise Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Ubuntu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Fedora. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Creating 2.6 kernel modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Installing McAfee VirusScan Enterprise for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Manual installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Silent installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Running McAfee VirusScan Enterprise for Linux. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Handling old certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Removing the software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Upgrading from previous LinuxShield versions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Integrating with ePolicy Orchestrator. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 3 Introducing McAfee VirusScan Enterprise for Linux McAfee VirusScan Enterprise for Linux (previously known as LinuxShield) detects and removes viruses and other potentially unwanted software on Linux-based systems. NOTE: This information is intended for network administrators who are responsible for their company’s anti-virus and security program. Contents Product Features What’s new in this release Product Features McAfee VirusScan Enterprise for Linux software has the following features: • Support for 64-bit AMD64/Intel EM64T operating systems. • The latest version (5400) of the McAfee anti-virus engine. • Incremental Virus Signature (DAT) updates. • Mod-versioning for automatic kernel support. • Scanning • Comprehensive on-access anti-virus scanning and cleaning using the McAfee scanning engine. • On-access scanning for local file systems, NFS and Samba. • Kernel-level scan cache for improved performance. • Scheduling of on-demand scans. • Scheduling of updates for scanning engine and virus definition files. • Administration • Remote administration using browser-based interface. • Secure browser interface with authentication and HTTPS (SSL) support. • Remote administration and reporting using ePolicy Orchestrator. • Reporting • Real-time statistics. • Detailed database for detected items and system events. • Ability to query the database by date range or individual field values, for example, virus name. Results of query can be exported to a CSV file. 4 McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide Introducing McAfee VirusScan Enterprise for Linux What’s new in this release • Configurable email notification for detected items, out-of-date virus definition files, configuration changes, and system events. • Diagnostic report for use when reporting a problem with the product. Features not supported • Support for 2.4 kernels. What’s new in this release This release of VirusScan Enterprise for Linux includes the following new enhancements: • Support for SuSE Linux Enterprise Server/Desktop 11 • Support for CentOS 4.x • Support for CentOS 5.x • Support for Fedora Core 10, 11, and 12 • Support for Ubuntu 8.04, 9.04, and 9.10 (Desktop/Server edition) • Regular expression based exclusions for On-access scan and On-demand scan from the user interface. • The latest version (5400) of the McAfee anti-virus engine. McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 5 System Requirements This section describes the software and hardware requirements to install VirusScan Enterprise for Linux. Contents Hardware and software requirements Supported kernels Creating 2.6 kernel modules Hardware and software requirements The following hardware and software are required: Supported operating systems (32-bit/64-bit) • SuSE Linux Enterprise Server 9.x • SuSE Linux Enterprise Server/Desktop 10.x • SuSE Linux Enterprise Server/Desktop 11 • Red Hat Enterprise 4.x Advanced Server, Workstation, Enterprise Server, Desktop • Red Hat Enterprise 5.x Advanced Platform, Desktop • CentOS 4.x • CentOS 5.x • Fedora Core 10, 11, and 12 • Ubuntu 8.04, 9.04, and 9.10 (Desktop/Server edition) NOTE: On-access scanning is not supported for the following file systems: • SLES 10 SP2, 10 SP3, and 11— ext2, isofs • RHEL 5.x — ext2, isofs • CentOS 5.x — ext2, isofs • Ubuntu 9.04 — ext2, ext3, ext4, isofs • Ubuntu 9.10 — ext2, ext3, ext4 • Fedora Core 10, 11, and 12 — ext3, ext4, isofs Supported processors • Intel x86 architecture-based processor • Intel x64 architecture-based processor that supports Intel Extended Memory 64 Technology (Intel EM64T) 6 McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide System Requirements Supported kernels • AMD x64 architecture-based processor with AMD 64-bit technology Memory • Minimum: 256 MB • Recommended: 1 GB Disk space • Minimum: 500 MB Supported browsers • Microsoft Internet Explorer 5.5, 6.0, 7.0 and 8.0 • Konqueror 3.5.1 and 4.1.3 • Mozilla 0.9.9, 1.0.1, 1.2.1, 1.4, 1.6, 1.7.8, 1.8.x and 1.9.x • Firefox 1.0, 1.5, 2.0, 3.0, 3.5 and 3.6 Supported McAfee Management software • McAfee ePolicy Orchestrator 4.0 • McAfee ePolicy Orchestrator 4.5 Supported McAfee Agent software • McAfee Agent 4.5 Patch 1 (Build 1470) Display Monitor screen with a recommended minimum resolution of 1024 x 768. Supported kernels The following kernel modules are provided in this release, for 32-bit and 64-bit (x86_64) operating systems. If your kernel is not listed here, see About kernel support section and Creating kernel modules section. About kernel support The VirusScan Enterprise for Linux installation includes on-access kernel modules for the versions of RedHat, SuSE, and Ubuntu that we support. See the tables in Supported kernels section to get the full list of kernels. We provide these modules for the original kernel versions that are shipped with the distribution, and for the latest official kernel updates provided by Red Hat, SuSE, and Ubuntu at the time of this release. Our updates for their later kernels will be available from http://mysupport.nai.com. Source code for the kernel modules is also available on your product CD, or from our product download site. The availability of this source code allows you to respond to security patches as quickly as your specific environment and company policy dictates. However, we are unable to provide support for customized kernel modules because we cannot test them or reproduce specific issues. NOTE: To view an updated list of supported kernels associated with this release, see KB68859 in the McAfee Support online KnowledgeBase: https://mysupport.mcafee.com. McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 7 System Requirements Supported kernels Supported Kernels for: Red Hat Enterprise Linux and CentOS SuSE Enterprise Linux Ubuntu Fedora Red Hat Enterprise Linux and CentOS Supported Kernels for Red Hat Enterprise Linux and CentOS 4.x Red Hat Enterprise Linux 4.x and CentOS 4.x (EL, ELsmp, ELhugemem) 2.6.9-5 2.6.9-67.0.4 2.6.9-22.0.1 2.6.9-67.0.7 2.6.9-22.0.2 2.6.9-67 2.6.9-34 2.6.9-78.0.1 2.6.9-34.0.1 2.6.9-78.0.13 2.6.9-34.0.2 2.6.9-78.0.17 2.6.9-42 2.6.9-78.0.22 2.6.9-42.0.2 2.6.9-78.0.5 2.6.9-42.0.3 2.6.9-78.0.8 2.6.9-42.0.8 2.6.9-78 2.6.9-42.0.10 2.6.9-89.0.11 2.6.9-55 2.6.9-89.0.15 2.6.9-55.0.2 2.6.9-89.0.16 2.6.9-55.0.6 2.6.9-89.0.18 2.6.9-55.0.9 2.6.9-89.0.19 2.6.9-55.0.12 2.6.9-89.0.20 2.6.9-67.0.1 2.6.9-89.0.23 2.6.9-67.0.15 2.6.9-89.0.3 2.6.9-67.0.20 2.6.9-89.0.7 2.6.9-67.0.22 2.6.9-89.0.9 2.6.9-89 Supported Kernels for Red Hat Enterprise Linux 5.x and CentOS 5.x Red Hat Enterprise Linux 5.x and CentOS 5.x (el5, el5PAE, xen) 8 2.6.18-8 2.6.18-92.1.18 2.6.18-8.1.1 2.6.18-92.1.22 2.6.18-8.1.3 2.6.18-128 2.6.18-8.1.4 2.6.18-128.1.1 2.6.18-8.1.6 2.6.18-128.1.6 2.6.18-8.1.8 2.6.18-128.1.10 2.6.18-53 2.6.18-128.1.14 2.6.18-53.1.4 2.6.18-128.1.16 2.6.18-53.1.6 2.6.18-128.2.1 2.6.18-53.1.13 2.6.18-128.4.1 McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide System Requirements Supported kernels Red Hat Enterprise Linux 5.x and CentOS 5.x (el5, el5PAE, xen) 2.6.18-53.1.14 2.6.18-128.7.1 2.6.18-53.1.4.19 2.6.18-164 2.6.18-53.1.4.21 2.6.18-164.2.1 2.6.18-92 2.6.18-164.6.1 2.6.18-92.1.1 2.6.18-164.9.1 2.6.18-92.1.6 2.6.18-164.10.1 2.6.18-92.1.10 2.6.18-164.11.1 2.6.18-92.1.13 2.6.18-164.15.1 2.6.18-92.1.17 2.6.18-194. SuSE Enterprise Linux Supported Kernels for SuSE Enterprise Linux 9.x SuSE Enterprise Linux 9.x (default, smp, bigsmp) 2.6.5-7.97 2.6.5-7.202.7 2.6.5-7.111 2.6.5-7.244 2.6.5-7.139 2.6.5-7.252 2.6.5-7.145 2.6.5-7.257 2.6.5-7.147 2.6.5-7.267 2.6.5-7.151 2.6.5-7.276 2.6.5-7.191 2.6.5-7.282 2.6.5-7.193 2.6.5-7.283 2.6.5-7.201 2.6.5-7.286 2.6.5-7.287.3 SuSE Enterprise Linux 9.x (default, smp, bigsmp, xen) 2.6.5-7.308 2.6.5-7.316 2.6.5-7.311 2.6.5-7.317 2.6.5-7.312 2.6.5-7.318 2.6.5-7.314 2.6.5-7.319 2.6.5-7.315 2.6.5-7.322 Supported Kernels for SuSE Enterprise Linux 10.x SuSE Enterprise Linux 10.x (default, smp, bigsmp, xen) 2.6.16-21.0.8 2.6.16.60-0.25 2.6.16-21.0.15 2.6.16.60-0.37 2.6.16-21.0.25 2.6.16.60-0.39.3 2.6.16-27.0.6 2.6.16.60-0.42.4 2.6.16-27.0.9 2.6.16.60-0.42.5 2.6.16-46.0.12 2.6.16.60-0.42.7 2.6.16-46.0.14 2.6.16.60-0.42.8 2.6.16.53-0.8 2.6.16.60-0.42.9 McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 9 System Requirements Supported kernels SuSE Enterprise Linux 10.x (default, smp, bigsmp, xen) 2.6.16.53-0.16 2.6.16.60-0.54.5 2.6.16.53-0.18 2.6.16.60-0.57.1 2.6.16.54-0.2.10 2.6.16.60-0.58.1 2.6.16.54-0.2.11 2.6.16.60-0.59.1 2.6.16.60-0.21 2.6.16.60-0.60.1 2.6.16.60-0.23 Supported Kernels for SuSE Enterprise Linux 11 SuSE Enterprise Linux 11 (default, xen, PAE) 2.6.27.19-5.1 2.6.27.37-0.1.1 2.6.27.21-0.1.2 2.6.27.39-0.3.1 2.6.27.23-0.1.1 2.6.27.42-0.1.1 2.6.27.25-0.1.1 2.6.27.45-0.1.1 2.6.27.29-0.1.1 Ubuntu Supported Kernels for Ubuntu 8.04 Ubuntu 8.04 (generic, server) 2.6.24-16 2.6.24-22 2.6.24-18 2.6.24-23 2.6.24-19 2.6.24-24 2.6.24-20 2.6.24-25 2.6.24-21 2.6.24-26 2.6.24-27 Supported Kernels for Ubuntu 9.04 Ubuntu 9.04 (generic, server) 2.6.28-11 2.6.28-15 2.6.28-12 2.6.28-16 2.6.28-13 2.6.28-17 2.6.28-14 2.6.28-18 Supported Kernels for Ubuntu 9.10 Ubuntu 9.10 (generic, server) 2.6.31-14 2.6.31-18 2.6.31-15 2.6.31-19 2.6.31-16 2.6.31-20 2.6.31-17 10 McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide System Requirements Creating 2.6 kernel modules Fedora Supported Kernels for Fedora 10 Fedora 10 (default, PAE) 2.6.27.41-170.2.117 2.6.27.5-117 Supported Kernels for Fedora 11 Fedora 11 (default, PAE) 2.6.29.4-167 2.6.30.10-105 Supported Kernels for Fedora 12 Fedora 12 (default, PAE) 2.6.31.5-127 2.6.31.9-174 Creating 2.6 kernel modules To build a VirusScan Enterprise for Linux kernel module from source, you need the source for your kernel. Most vendor-supplied kernels include a kernel source package, that usually installs the source into /usr/src/linux-<kernel version>. If you are not familiar with building the Linux kernel, we recommend that you refer to tutorials available on the Internet. 1 Put your source tree into a known clean state to remove any generated files and any non-standard configuration. To do this, run make mrproper from the top-level directory of your kernel source tree: cd <kernel source directory> make mrproper 2 Configure the kernel source. You need the configuration file that was used to compile your kernel. NOTE: If you are using a vendor-supplied kernel, the /boot directory normally contains a copy of the configuration file, which has a config- prefix or a .config extension. 3 Copy the configuration file to the file .config in the top-level directory of your kernel source tree, and run make oldconfig: cp <kernel config file> .config make oldconfig If asked for any configuration items, your configuration file is incomplete, and you need to ask the supplier about the correct answers. 4 Check the version information in the top-level kernel Makefile. In particular, check that EXTRAVERSION is set appropriately. Sometimes the version information is set to a custom value in vendor-supplied source. The definition for KERNELRELEASE when expanded should match the contents of /proc/sys/kernel/osrelease assuming that you are building modules for the kernel that is currently running. The standard definition for KERNELRELEASE is: McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 11 System Requirements Creating 2.6 kernel modules KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)$(EXTRAVERSION) 5 Build the kernel by typing make bzImage. This creates generated files that are necessary for module compilation. NOTE: You are now ready to build the VirusScan Enterprise for Linux kernel modules. The Makefile provided to build the VirusScan Enterprise for Linux modules requires 3.80 or later of GNU Make. Check your version of make by using make --version. If you have version 3.79 or earlier, you need to upgrade it to 3.80 or later. 6 Unpack the source files into an empty directory, and use the kernel build system to build the modules: cd <VirusScan Enterprise for Linux source directory> make -C <kernel source dir> SUBDIRS='pwd' modules If there are no errors, you will have two kernel modules — lshook.ko and linuxshield.ko. 7 Copy these modules into your VirusScan Enterprise for Linux module directory. The default path is: /opt/NAI/LinuxShield/lib/modules. If you have multiple kernels that cannot be distinguished by the contents of /proc/sys/kernel/osrelease (the same as the output of uname -r), you need to use the file kernel.version in the same directory. This file can contain multiple lines, each having the form: <prefix>:<build version> Here <prefix> is a unique string that is derived from the kernel version. Given a version of 2.6.nn<extra>, the prefix is 2.6.nn<unique tag><extra>, where the unique tag does not contain ":". For example, 2.6.9-ls-xyz:#1 SMP Sun May 16 12:27:32 UTC2004 Here <build version> is the contents of /proc/sys/kernel/version (or the output of uname -v) when the matching kernel is running. During VirusScan Enterprise for Linux startup, if kernel modules are identified as matching the running kernel, symbolic links are created in the directory /lib/modules/`uname -r`/nai. The targets of these links can determine which module files have been loaded. 8 12 Rename the modules to have .o extension instead of .ko extension. McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide Installing McAfee VirusScan Enterprise for Linux You can install McAfee VirusScan Enterprise for Linux manually on hosts (see Manual installation) or you can use a script (see Silent installation). Download and extract the McAfee VirusScan Enterprise for Linux, version 1.6 package (McAfeeVSEForLinux-1.6.0-<build>-release.noarch.tar.gz) on to a temporary directory. Contents Manual installation Silent installation Running McAfee VirusScan Enterprise for Linux Removing the software Upgrading from previous LinuxShield versions Integrating with ePolicy Orchestrator Manual installation During installation, you are prompted to supply a password and other information. For most of the questions, you can accept the default value that is offered. To set up email notification for alerts if it is required, you need a Mail Transfer Agent (MTA) configured, and the following information: • Email address of the VirusScan administrator • Address for the SMTP host • TCP/IP port number for the SMTP host Pre-requisites: • Ensure that there is no user named as "nails" or group named as "nailsgroup" on the computer. • Ensure that you have root privileges to install McAfee VirusScan Enterprise for Linux, version 1.6. 1 To install McAfee Runtime, type the following command in the terminal window: rpm -ivh MFErt.i686.rpm 2 To install McAfee Agent (MA), type the following command in the terminal window: rpm -ivh MFEcma.i686.rpm 3 To confirm that the McAfee Agent is running correctly, type the following command in the terminal window: /etc/init.d/cma status McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 13 Installing McAfee VirusScan Enterprise for Linux Manual installation 4 To install McAfee VirusScan Enterprise for Linux, type the following command in the terminal window: rpm -ivh McAfeeVSEForLinux-1.6.0-<build>.noarch.rpm 5 Answer the questions when prompted. Accept the default values, or specify your own. 6 When prompted to start the VirusScan services, select the default option Y. 7 To confirm that VirusScan Enterprise for Linux is installed and running correctly, type the following command in the terminal window: /etc/init.d/nails status Installing on Novell Open Enterprise Server 1 or 2 Use this task to install VirusScan Enterprise for Linux on Novell Open Enterprise Server 1 or 2. Task 1 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called "nailsgroup". 2 Add the user "nails" a member of the "nailsgroup". Enable the user and group using the Linux User Management. 3 Provide "nails" user with administrative privileges on all the NSS volumes. rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree> NOTE: You need to provide administrative privileges to the "nails" user, every time a new NSS volume is created. 4 Install McAfee Runtime and McAfee Agent using the following commands: rpm -ivh MFErt.i686.rpm rpm -ivh MFEcma.i686.rpm 5 To install McAfee VirusScan Enterprise for Linux, type the following command in the terminal window: rpm -ivh McAfeeVSEForLinux-1.6.0-<build>.noarch.rpm 6 Type nailsgroup for the Linux group for VirusScan administrator. 7 Type nails for the VirusScan user. 8 Answer the questions when prompted. Accept the default values, or specify your own. 9 When prompted to start the VirusScan services, select the default option Y. Installing on Ubuntu 8.04, 9.04, and 9.10 (Desktop/Server edition) Use this task to install VirusScan Enterprise for Linux on Ubuntu Server 8.04, 9.04, and 9.10. Before you begin If you are installing VirusScan Enterprise for Linux on a 64-bit Ubuntu system, ensure that you perform the following steps before installation: 14 1 Copy pam_unix.so from /lib/security of a 32-bit ubuntu system to a temporary directory (/tmp) on the 64-bit ubuntu system. 2 In the root directory, create a folder pam32lib. McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide Installing McAfee VirusScan Enterprise for Linux Silent installation 3 Execute the following command to copy pam_unix32.so to the pam32lib directory: cp /tmp/pam_unix.so /pam32lib/pam_unix32.so Task 1 Install McAfee Runtime and McAfee Agent using the following commands: dpkg -i MFErt.i686.deb dpkg -i MFEcma.i686.deb 2 Type the following at the command prompt: dpkg -i McAfeeVSEForLinux-1.6.0-<build>.noarch.deb 3 Answer the questions when prompted. Accept the default values, or type your own. 4 When prompted to start the VirusScan services, select the default option Y. 5 To confirm that VirusScan Enterprise for Linux is installed and running correctly, type the following at the command prompt: /etc/init.d/nails status Silent installation Pre-requisites: • Before installing VirusScan Enterprise for Linux, make sure that there is no user as "nails" and no group as "nailsgroup" in the computer. • Before installing McAfee VirusScan Enterprise for Linux, you must have McAfee Runtime and McAfee Agent already installed on the computer. Use this section to install McAfee VirusScan Enterprise for Linux in silent mode. 1 Create a file "nails.options" in the root home directory. For example: SILENT_ACCEPTED_EULA=”yes” SILENT_INSTALLDIR=”/opt/NAI/LinuxShield” SILENT_RUNTIMEDIR=”/var/opt/NAI/LinuxShield” SILENT_ADMIN=”admin@example.com” SILENT_HTTPHOST=”192.168.255.200” SILENT_HTTPPORT=”55443” SILENT_MONITORPORT=”65443” SILENT_SMTPHOST=”example.example.com.” SILENT_SMTPPORT=”25” SILENT_NAILS_USER=”nails” SILENT_NAILS_GROUP=”nailsgroup” SILENT_CREATE_USER=”no” SILENT_CREATE_GROUP=”no” SILENT_RUN_WITH_MONITOR=”yes” SILENT_QUARANTINEDIR=”/quarantine” SILENT_START_PROCESSES=”yes” SILENT_CONTINUE_INSTALL_ON_PAM_ERROR=”no” NOTE: McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 15 Installing McAfee VirusScan Enterprise for Linux Silent installation Use SILENT_CONTINUE_INSTALL_ON_PAM_ERROR only when 32-bit PAM libraries are not present. If you set this flag to yes and continue without Pluggable Authentication Module (PAM) libraries, the installation of VirusScan Enterprise for Linux monitor component is skipped, and the web interface will not be available. However, you can still manage the VirusScan Enterprise for Linux host using ePolicy Orchestrator or the web interface of some other VirusScan Enterprise for Linux host. See information about configuring VirusScan Enterprise for Linux in the Product Guide. 2 As root, create a user "nails" as a member of a group "nailsgroup". 3 To install McAfee VirusScan Enterprise for Linux, type the following command in the terminal window: rpm -ivh McAfeeVSEForLinux-1.6.0-<build>.noarch.rpm 4 After performing the installation, use the command passwd to assign a password to the user "nails". Installing on Novell Open Enterprise Server 1 or 2 in silent mode Use this task to install on Novell Open Enterprise server 1 or 2 in silent mode. Task 1 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called "nailsgroup". 2 Add the user "nails" a member of the "nailsgroup", enable the user and group using the Linux User Management. 3 Provide "nails" user with administrative privileges on all the NSS volumes. rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree> NOTE: You need to provide administrative privileges to the "nails" user, every time a new NSS volume is created. 4 In the "nails.options" file, check if the following parameters are available: SILENT_NAILS_USER="nails" SILENT_NAILS_GROUP="nailsgroup" 5 From the terminal window, type: rpm -ivh McAfeeVSEForLinux-1.6.0-<build>.noarch.rpm 6 After performing the installation, use the command passwd to assign a password to the user "nails". Installing on Ubuntu 8.04, 9.04, and 9.10 (Desktop/Server edition) in silent mode Use this task to install on Ubuntu 8.04, 9.04, and 9.10 (Desktop/Server edition) in silent mode. Task 1 In the "nails.options" file, check if the following parameters are available: SILENT_NAILS_USER="nails" SILENT_NAILS_GROUP="nailsgroup" 2 16 Type the following at the command prompt: McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide Installing McAfee VirusScan Enterprise for Linux Running McAfee VirusScan Enterprise for Linux dpkg -i McAfeeVSEForLinux-1.6.0-<build>.noarch.deb 3 After performing the installation, use the command passwd to assign a password to the user nails. Running McAfee VirusScan Enterprise for Linux Use this task to open the McAfee VirusScan Enterprise for Linux user interface. 1 From a supported web-browser, go to https://<hostname or IP address>:<port number> Specify the hostname or IP address of the computer, on which VirusScan Enterprise for Linux is installed. By default, the port number is "55443". For example: https://192.168.200.200:55443 (or) https://server1:55443 2 On the log on page, type the user name as nails and type the password that you specified during installation. NOTE: If you see messages caused by the use of certificates, see Handling old certificates. Handling old certificates Use this task if you see messages caused by the use of certificates. VirusScan Enterprise for Linux has its own certificate that it adds to the browser the first time that you connect. If you add this certificate permanently, then install a new version of VirusScan Enterprise for Linux, you might experience an error, stating that the certificate that the site is providing is not correct. This happens because the certificate is different from the one stored in your browser. Every installation creates a specific certificate for the host, and associates the certificate with the IP address or the name that you have provided. If the certificate does not match the stored certificate, the browser displays an error. To fix this, remove the old certificate and accept the new one when prompted. The steps are described for each supported browser. Konqueror 1 Open Konqueror. 2 At Settings, select Configure Konqueror. 3 At the new window, click the icon on the left side, called Crypto. 4 On the right pane, click the Peer SSL Certificate tab to display every certificate that you have saved. 5 Select and remove the Network Associates certificate. When you log on again, you are prompted with the new certificate. Mozilla 1 Open Mozilla. 2 Select Edit | Preferences. McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 17 Installing McAfee VirusScan Enterprise for Linux Removing the software 3 Expand Privacy & Security. 4 Select Certificate on the left side, and click Manage Certificates from the right pane. 5 On the new window, select the Authority tab and scroll to find Network Associates. 6 Expand this, and find the certificate displaying the IP address of the host or the host name. Select the certificate and delete it. These steps should remove the certificate, and allow you to import the new certificate associated with the host. Internet Explorer • Microsoft Internet Explorer does not save the certificate, but it will prompt you to accept the certificate every time that you log on. Removing the software Use this task to remove McAfee VirusScan Enterprise for Linux from your computer. 1 To uninstall VirusScan Enterprise for Linux, type the following at the command prompt: rpm -e McAfeeVSEForLinux rpm -e MFEcma rpm -e MFErt If you want to uninstall from a Ubuntu server, type: dpkg --purge McAfeeVSEForLinux dpkg --purge MFEcma dpkg --purge MFErt 2 Reboot the computer to remove the VirusScan Enterprise kernel modules. NOTE: You do not have to reboot the computer immediately, because the VirusScan Enterprise for Linux kernel modules does not interrupt functioning of any other running service. Upgrading from previous LinuxShield versions Use this task to upgrade your previous LinuxShield version 1.5 or 1.5.1 to McAfee VirusScan Enterprise for Linux, version 1.6. NOTE: If you have "NWA (Non-Windows Agent)" installed on this computer, make sure to uninstall NWA before proceeding to the next step. 1 To install McAfee Runtime, type the following command in the terminal window: rpm -ivh MFErt.i686.rpm 2 To install McAfee Agent (MA), type the following command in the terminal window: rpm -ivh MFEcma.i686.rpm 3 To confirm that the McAfee Agent is running correctly, type the following command in the terminal window: /etc/init.d/cma status 18 McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide Installing McAfee VirusScan Enterprise for Linux Integrating with ePolicy Orchestrator 4 To install McAfee VirusScan Enterprise for Linux, type the following command in the terminal window: rpm -Uvh McAfeeVSEForLinux-1.6.0-<build>.noarch.rpm 5 Answer the questions when prompted. Accept the default values, or specify your own. 6 When prompted to start the VirusScan services, select the default option Y. 7 To confirm that VirusScan Enterprise for Linux is installed and running correctly, type the following command in the terminal window: /etc/init.d/nails status Integrating with ePolicy Orchestrator Use this task to integrate McAfee VirusScan Enterprise for Linux with ePolicy Orchestrator. 1 Download and extract the McAfee VirusScan Enterprise for Linux, version 1.6 package (McAfeeVSEForLinux-1.6.0-<build>-release.noarch.tar.gz) on to a temporary directory on the ePolicy Orchestrator server. NOTE: Before deploying McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator, remove any previous versions of the LinuxShield software from the client computer. 2 Check in the McAfee Agent (MSA-LNX_4.5.0_Package.ZIP) bundled with this package on to the ePolicy Orchestrator Master repository. 3 Check in McAfeeVSEForLinux-1.6.0-<build>-EPO.ZIP on to the ePolicy Orchestrator Master repository. 4 Check in the following extensions on to the ePolicy Orchestrator "Extensions": • EPOAGENTMETA.ZIP • LYNXSHLD1600.ZIP • LYNXSHLD1600PARSER.ZIP 5 From the ePolicy Orchestrator server, copy INSTALL.SH and INSTALLDEB.SH from C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409 to your Linux client. 6 From the Linux terminal, execute the following command: sh install.sh –i Incase of Ubuntu operating system, type sh installdeb.sh -i This will establish a connection between ePolicy Orchestrator and the Linux client computer. 7 Create a Product Deployment Task on ePolicy Orchestrator to deploy McAfee VirusScan Enterprise for Linux, version 1.6. NOTE: For more detailed information on how to integrate and configure McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator, see the McAfee VirusScan Enterprise for Linux, version 1.6 — Configuration Guide. McAfee VirusScan Enterprise for Linux software, version 1.6 — Installation Guide 19