on-access scanner for the server version

Avast Business Avast Business for Linux
1

hi, can anybody help me debug this piece of SW:
http://lion.asw.cz/~mensik/avast4guard-2.0.1b.tar.gz

it’s on-access scanner for linux/freebsd servers
it requires dazko (www.dazuko.org) and avast4server packages to be installed

2

I’m trying to help…

  1. Downloading both (avast and Dazuko). Ok.

  2. Installing Dazuko:
    su
    Password:
    ./configure

a) Configuration:

checking host system type... Linux
checking for make utility... ok (make)
checking for C compiler... ok (cc)
kernel source in /lib/modules/2.6.15-26-386/build... yes
acquiring Linux kernel code configuration... ok
checking if Linux is RSBAC patched... no
checking if devfs is enabled... no
discovered host system... Linux (2.6.15)
checking if security module support is enabled... yes
verifying capabilities are not built-in... ok
locating LSM API header... ok
identifying LSM API... ok
identifying device API... ok
inspecting class type... ok (class)
inspecting suspend function... ok (suspend1)
checking whether __d_path() is exported... yes
disabling ON_CLOSE events (not available for Linux 2.6)
configure: creating Makefile
configure: creating library/Makefile
configure: creating example_c/Makefile

./configure successful

=======================
 Configuration summary
=======================

module events = ON_OPEN ON_EXEC
devfs support = no
rsbac support = no
stacking support = yes
local __d_path() = no
module debug = no
library 1.x compatibility = yes

b) Make command:

make

make -C /lib/modules/2.6.15-26-386/build include/linux/version.h include/asm scripts
make[1]: Entrando no diretório `/usr/src/linux-headers-2.6.15-26-386'
  CHK     include/linux/version.h
make[1]: `include/asm' está atualizado.
make[1]: Saindo do diretório `/usr/src/linux-headers-2.6.15-26-386'
make -C /lib/modules/2.6.15-26-386/build SUBDIRS="/home/tech/Download/dazuko-2.2.2" modules
make[1]: Entrando no diretório `/usr/src/linux-headers-2.6.15-26-386'
  CC [M]  /home/tech/Download/dazuko-2.2.2/dazuko_core.o
  CC [M]  /home/tech/Download/dazuko-2.2.2/dazuko_transport.o
  CC [M]  /home/tech/Download/dazuko-2.2.2/dazuko_linux26_lsm.o
  CC [M]  /home/tech/Download/dazuko-2.2.2/dazuko_linux26.o
  LD [M]  /home/tech/Download/dazuko-2.2.2/dazuko.o
  Building modules, stage 2.
  MODPOST
  CC      /home/tech/Download/dazuko-2.2.2/dazuko.mod.o
  LD [M]  /home/tech/Download/dazuko-2.2.2/dazuko.ko
make[1]: Saindo do diretório `/usr/src/linux-headers-2.6.15-26-386'
touch dummy_rule
  1. Trying to insert the module I get error…

/sbin/insmod dazuko.ko

insmod: error inserting 'dazuko.ko': -1 Invalid parameters

What does “insmod: error inserting ‘./dazuko.ko’: -1 Invalid parameters” mean?
This is a general error. Please look in /var/log/messages to see what the real problem is. Usually kernel messages are logged to this file.

I’ll go there…

Aug  7 22:49:00 localhost kernel: [17180902.360000] dazuko: failed to register
Aug  7 22:55:25 localhost kernel: [17181287.828000] dazuko: failed to register
Aug  7 22:56:09 localhost kernel: [17181331.968000] dazuko: failed to register
Aug  7 22:58:22 localhost kernel: [17181464.724000] dazuko: failed to register
Aug  7 23:00:10 localhost kernel: [17181572.408000] dazuko: failed to register

Seems the times I’ve tried to add the module to Kernel…
But, and now, what can I do…

Dublin, be patient with me…

3

Dazuko seems to be compatible with avast… But I still do not succeed…
http://www.dazuko.org/applications.shtml

Changing to root (and not su) does not help…

root@Delta:~# cd /home/tech/Download/dazuko-2.2.2
root@Delta:/home/tech/Download/dazuko-2.2.2# /sbin/insmod dazuko.ko
insmod: error inserting 'dazuko.ko': -1 Invalid parameters
root@Delta:/home/tech/Download/dazuko-2.2.2#

[i]2.1 What are the known issues with Debian GNU/Linux?

The “dazuko-source” package that is available through apt-get for the current stable release, sarge, is very old (1.2.2). It is recommended that you download the latest stable version from the Dazuko Downloads site.

For Debian unstable and testing, the latest stable version of the “dazuko-source” package is available via apt-get.

John Ogness is the current maintainer for the Debian “dazuko-source” package.

For the current stable release, you can download the latest stable version as a Debian package here:

dazuko-source_2.2.2-1_all.deb

The Debian package requires “module-assistant”. This will automatically compile and install Dazuko. Here is the procedure:

apt-get install module-assistant

dpkg -i dazuko-source_2.2.2-1_all.deb

m-a a-i dazuko

This will compile and install the Dazuko kernel module. You can load the module with:

modprobe dazuko [/i]

Following these instructions, the only ‘fail’ (error) is the last one…

FATAL: Error inserting dazuko (/lib/modules/2.6.15-26-386/kernel/dazuko/dazuko.ko): Invalid argument

with the same error on /var/log/messages:


Aug  7 23:21:28 localhost kernel: [17182850.928000] dazuko: failed to register
Aug  7 23:24:08 localhost kernel: [17183010.996000] dazuko: failed to register
4

I’ve found that ‘capability’ module must be loaded after ‘dazuko’ module.
I think you just need to unload capability, inser Dazuko and then insert capability.

rmmod capability
insmod dazuko.ko
modprobe capability

It may help, I hope

5

Here’s improved version:
http://lion.asw.cz/~mensik/avast4guard-2.0.1b2.tar.gz

6

Executing:

cat /proc/modules

I got:

dazuko 60552 0 - Live 0xf8cf5000

So, I suppose Dazuko is running…

Now downloading and installing the new deb file for avast guard.

Trouble. Got this while running:

./configure --prefix=/usr --with-dazuko=/home/tech/Download/avast/dazuko-2.2.2

checking dazukoio.h usability... no
checking dazukoio.h presence... no
checking for dazukoio.h... no
configure: error: required library and/or header file not found, install Dazuko 2.1.0 or higher
7

if dazukoio.h file is installed in /usr/include directory and if libdazuko.a file in /usr/lib directory, please skip ‘–with-dazuko’ option!

otherwise if you enable the option, configure script will check for dazukoio.h and library/libdazuko.a files in specified directory. Please, first check that these files are located in /home/tech/Download/avast/dazuko-2.2.2 directory.

8

Here’s DEMO license file for the daemon valid this month:
http://lion.asw.cz/~mensik/License.dat

9

dazukoio.h is on the extracted folder of Dazuko.
libdazuko.a , can’t find…

10

Strange… while running:
root@Delta:/home/tech/Download/avast/dazuko-2.2.2# ./configure --prefix=/usr

I’ve got these errors at the end:
checking dazukoio.h usability… no
checking dazukoio.h presence… no
checking for dazukoio.h… no

But the file is here: /home/tech/Download/avast/dazuko-2.2.2/dazukoio.h

Dublin, can you send these files by email to me?

11

Man… this is difficult…
Try all over again and the same error…

Dublin, isn’t a command like
apt-get install dazuko

Or a deb file for it?

12

i found some rpm files in suse repository

http://ftp.jaist.ac.jp/pub/Linux/SuSE/suse/update/10.1/rpm/src/hbedv-dazuko-2.1.1-3.1.src.rpm

hope this helps :stuck_out_tongue:

you can convert rpm to deb using alien converter

13

Tech,

  1. go to dazuko-2.2.2 directory

  2. compile Dazuko (run: ./configure ; make )

  3. install dazuko.ko kernel module (by running: make install)

  4. copy dazukoio.h file into /usr/include directory

  5. copy library/libdazuko.a file into /usr/lib directory

  6. then go to avast4guard-2.0.1b2 directory

  7. run ./configure --prefix=/usr

  8. install avastguard (run: make install )

  9. consult avast4guard-2.0.1b2/INSTALL file for postinstallation steps

14

Ok.

./configure successful

=======================
 Configuration summary
=======================
[s][/s]
module events = ON_OPEN ON_EXEC
devfs support = no
rsbac support = no
stacking support = yes
local __d_path() = no
module debug = no
library 1.x compatibility = yes

make: `dummy_rule' is updated.

mkdir -p /lib/modules/2.6.15-26-386/extra
cp dazuko.ko /lib/modules/2.6.15-26-386/extra
/sbin/depmod -ae

Done.

Dublin, you’ve forgot (?)

cd example_c
make

cd ../library && make
make[1]: Entrando no diretório `/home/tech/Download/avast/dazuko-2.2.2/library'
cc -Wall -O -I.. -c ../dazukoio_core.c -o dazukoio_core.o
cc -Wall -O -I.. -c ../dazukoio_trusted_core.c -o dazukoio_trusted_core.o
cc -Wall -O -I.. -c ../dazuko_transport.c -o dazuko_transport.o
cc -Wall -O -I.. -c ../dazukoio_unix.c -o dazukoio_unix.o
cc -Wall -O -I.. -c ../dazukoio_linux_compat1.c -o dazukoio_linux_compat1.o
ar r libdazuko.a dazukoio_core.o dazukoio_trusted_core.o dazuko_transport.o dazukoio_unix.o dazukoio_linux_compat1.o
ar: criando libdazuko.a
ranlib libdazuko.a
make[1]: Saindo do diretório `/home/tech/Download/avast/dazuko-2.2.2/library'
cc -Wall -O -I.. -L../library -o example example.c -ldazuko
cc -Wall -O -I.. -L../library -pthread -o example_mt example_mt.c -ldazuko

Then you have the file /dazuko-2.2.2/library/libdazuko.a file to copy into /usr/lib directory[

Ok.

Shit…

checking for dazukoio.h... no
configure: error: required library and/or header file not found, install Dazuko 2.1.0 or higher

Where is dazukoio.h and where do I have to copy it?
It is in two different places:
/home/tech/Download/avast/dazuko-2.2.2
and
/usr/include
Strange?
I’ve copied it into /usr/lib … but get nothing… except…

checking for dazukoio.h... no
configure: error: required library and/or header file not found, install Dazuko 2.1.0 or higher

Waiting your instructions…

Either…

15

I don’t really know, what’s the cause.
Maybe try to change permissions of dazukoio.h and libdazuko.a files to 0755.
./configure --prefix=/usr works in my box if there’s dazukoio.h file in /usr/include directory, but it doesn’t if I remove the file.

16

FINALLY 8) 8) 8)

The command I’ve gave was:

./configure --prefix=/usr --with-dazuko=/home/tech/Download/avast/dazuko-2.2.2
and then the post installation commands…

/home/tech/Download/avast/avast4guard-2.0.1b2# make
/home/tech/Download/avast/avast4guard-2.0.1b2# make install
/home/tech/Download/avast/avast4guard-2.0.1b2# chown root:root /var/run/avastguard
/home/tech/Download/avast/avast4guard-2.0.1b2# chmod 0700 /var/run/avastguard
/home/tech/Download/avast/avast4guard-2.0.1b2# chown root:root /var/lib/avastguard/quarantine
/home/tech/Download/avast/avast4guard-2.0.1b2# chmod 0700 /var/lib/avastguard/quarantine

I have service avastguard and set it to run at startup…
I don’t have the service avastd ???

17

great!
avast4server is available at: http://www.avast.com/eng/download-avast-for-linux-server.html
a link to demo license file for avast4server is available at: http://lion.asw.cz/~mensik/License.dat

18

I’ll try next boot on Linux… can’t wait for it :smiley:
I’ve translated some ‘strings’ of the server (if not all) from English to Portuguese. Are the Portuguese version available or only in English?

19

wait for RC version, some sentences may change

20

Where do I save this file?
Is there any fron-end (GUI) interface for avast for server? I mean, even to edit the configurations?

Edit: found the answer /var/lib/avast4/
By the way, the configuration file is: /etc/avastengine.conf - avast! engine configuration file
Is there any other configuration besides the few ones there?

[Registry]
Avast4DataDir=/var/lib/avast4
Avast4TempDir=/var/tmp/avast4
Avast4LogDir=/var/log/avast4
Avast4LicenseFile=/var/lib/avast4/License.dat

Realy, the Windows version is more exciting ;D