In this section
•Main File Monitoring Settings
•Switching Between File Monitoring Modes
To configure the GNU/Linux file system monitoring performed by the SpIDer Guard monitor, specify the values of the parameters provided in the [LinuxSpider] settings section of the configuration file.
•Enable the monitor by setting the Start parameter value to Yes.
•Specify the mode of interaction of the monitor with the file system in the Mode parameter (it is recommended that you use the Auto value).
•If necessary, use the ExcludedProc parameter to store executable paths for trusted applications, that is, the applications which access to files will not be controlled by the monitor.
•If necessary, use the ExcludedFilesystem parameter to store the names of the file systems (for example, cifs) which files will not be controlled by the monitor.
•Specify the monitoring scope by indicating a set of protected spaces. Each protected space is specified by the separate section [LinuxSpider.Space.<space name>]. Specify a path to the directory with the files to be monitored in the Path parameter for each space, and set the Enable value to Yes to include the protected space in the monitoring scope.
•Specify the exclusion scope (the lists of paths to objects that are monitored and excluded from monitoring) in the ExcludedPath parameter (for the entire file system or for each protected space). For example, if some paths are controlled by the Samba file server or are NSS volumes, these paths should be included in the exclusion scope in order to avoid conflicts if the scanning is performed by different monitors.
•Specify the parameters of file scanning and the reaction of the monitor to detection of various types of threats (if necessary, specify them individually for each protected space within the monitoring scope).
Switching Between File Monitoring Modes
|
The modes for enhanced monitoring of files and pre-blocking are only available if SpIDer Guard operates in FANOTIFY mode and the OS kernel is built with the CONFIG_FANOTIFY_ACCESS_PERMISSIONS option enabled.
To switch between SpIDer Guard monitoring modes, superuser privileges are required. To obtain them, you can use the su command to switch to a different user or the sudo command to perform the action as a different user. |
•To switch SpIDer Guard to the FANOTIFY mode, use the command:
# drweb-ctl cfset LinuxSpider.Mode FANOTIFY |
•To change the monitoring mode, use the command:
# drweb-ctl cfset LinuxSpider.BlockBeforeScan <mode> |
where <mode> defines the blocking mode:
▫Off—access is not blocked, SpIDer Guard operates in regular (non-blocking) monitoring mode;
▫Executables—access to executable files is blocked, SpIDer Guard performs enhanced monitoring of executable files;
▫All—access to all files is blocked, SpIDer Guard monitors files in “paranoid” mode.
•To change the interval within which scan results cached by Dr.Web File Checker remain relevant, use the command:
# drweb-ctl cfset FileCheck.RescanInterval <interval> |
where <interval> determines the interval during which cached scan results remain relevant. The allowed value is from 0s to 1m. If you set the interval of less than 1 second, the scanning is performed upon each request.
After the settings are adjusted, reload the Dr.Web Server Security Suite configuration using the command:
# drweb-ctl reload |
You can also restart Dr.Web Server Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:
# service drweb-configd restart |