Building kernel module for SpIDer Guard

If the operating system does not support the fanotify mechanism used by SpIDer Guard for monitoring actions on file system objects, it can use a special loadable module in kernel space (additionally, the kernel module can be used when the fanotify mechanism is implemented with restrictions on access to the file system as, for example, in systems with mandatory access model).

By default, SpIDer Guard is supplied with a completely built loadable kernel module for all operating systems listed in the System Requirements section. In addition, you can build a loadable kernel module manually using the source codes supplied with SpIDer Guardin a tar.bz2 archive.

The loadable kernel module, used by SpIDer Guard, is intended for operation with GNU/Linux kernels 2.6.* and newer.

The archive with source codes is located in the share/drweb-spider-kmod/src/ subdirectory of the Dr.Web for UNIX File Servers base directory <opt_dir> (for Linux: /opt/drweb.com). The archive’s name is as follows: drweb-spider-kmod-<version>-<date>.tar.bz2.

The drweb-spider-kmod directory also contains the check-kmod-install.sh script. Run the script to check whether the used OS supports kernel versions included in the product. If not, a message prompting to manually build the module is displayed on the screen.

If the drweb-spider-kmod directory is missing at the specified path, install the drweb-spider-kmod package (from repository or using custom installation from universal package, depending on the method you selected to install the product).

To build the loadable kernel module manually from the source code files, administrative (root) privileges are required. For that purpose, you can use the su command to switch to another user or the sudo command to build the module as a different user.

1.Unpack the archive with source codes to any directory. For example, the following command

# tar -xf drweb-spider-kmod-<version>-<date>.tar.bz2

unpacks the source codes to the created directory. This directory has the archive’s name and is created in the same location where the archive resides.

If an error occurs during the make command execution, resolve the issue (see below) and restart compilation.

# make install
# depmod

4.After the kernel module is successfully compiled and registered on the system, perform additional configuration of SpIDer Guard. Set the component to operate with the kernel module by executing the following command:

# drweb-ctl cfset LinuxSpider.Mode LKM

It is also possible to specify AUTO instead of LKM. In this case, SpIDer Guard will automatically try to use either the kernel module or the fanotify monitoring interface. For details, type the following command:

$ man 1 drweb-spider

While the make command is being executed, errors may occur. If so, check the following:

•To ensure successful building of the module, Perl and GCC are required. If they are missing on the system, install them.

•On certain OSes, you may need to install the kernel-devel package before starting the procedure.

•On certain operating systems, the procedure can fail because the path to the directory with source codes was incorrectly defined. If so, specify the make command with the KDIR=<path to kernel source codes> parameter. Typically, the source codes are located in the /usr/src/kernels/<kernel version> directory.

The kernel version returned by the uname -r command can differ from the directory name <kernel version>.