Configuring the Permissions of PARSEC (Astra Linux) |
In operating systems equipped with the security subsystem (mandate access control system), due to the variation in privilege levels required to access different files, the SpIDer Guard monitor working in its default mode (Mode = AUTO) cannot intercept file-access events for any files whose required access privilege level is higher than the one with which SpIDer Guard was launched. Moreover, if the user works at any privilege level other than the zeroth, the command-line-based management tool Dr.Web Ctl for Dr.Web for UNIX File Servers cannot interact with the SpIDer Guard monitor and with the Dr.Web ConfigD configuration daemon, if they work at a different privilege level; access to the consolidated quarantine may also become unavailable. To configure permissions, superuser permissions are required (i.e. privileges of the root user). To elevate your privileges, use the command for changing the current user or the command to execute the specified command with the privileges of another user. Configuring SpIDer Guard to intercept attempts to access files with any privilege level To give the SpIDer Guard file monitor an ability to detect attempted access, when any files that have any level of access privileges are accessed, it is necessary to switch SpIDer Guard into an LKM operating mode (this will use a special loadable kernel module for the kernel; this module is supplied together with Dr.Web for UNIX File Servers). To switch SpIDer Guard into the LKM operating mode, execute the following command:
To get additional information, use the following command:
Configuring the Correct Launch of Dr.Web for UNIX File Servers at Any Privilege Level In order for all the components of Dr.Web for UNIX File Servers to be able to correctly interact with each other when they are launched with different privilege levels, modify the script that launches the Dr.Web ConfigD configuration daemon (): 1.Log into the system using the privilege level zero 2.Open the /etc/init.d/drweb-configd script file in any text editor (root privileges are required). 3.In this file find the definition of the start_daemon function and replace the line:
with the line:
4.In some OSes, (for example, 1.3), an additional indication of component launch dependence from the subsystem could be required. In this case, it is also necessary to modify a string in the file:
Change this string in the following way:
5.Save the file and reboot the operating system. |