In this section:
If your operating system does not support the fanotify mechanism used by SpIDer Guard for monitoring actions on file system objects, it can use a custom loadable LKM module running in kernel space (additionally, the kernel module can be used when the fanotify mechanism is implemented with restrictions of access to the file system).
By default, SpIDer Guard is distributed with a compiled kernel module for all operating systems listed in the System Requirements and Compatibility section. In addition, the SpIDer Guard component is distributed with a .tar.bz2 archive containing source code files of the loadable kernel module to ensure that it can be built manually.
|
The loadable kernel module (LKM) used by SpIDer Guard is designed for Linux kernels of versions 2.6.* and later. The LKM is not supported for ARM64, E2K and IBM POWER (ppc64el) architectures. |
The archive with source code of the loadable kernel module is located in the directory /opt/drweb.com/share/drweb-spider-kmod/src/, and is named as follows: drweb-spider-kmod-<version>-<date>.tar.bz2.
The drweb-spider-kmod directory also contains the check-kmod-install.sh script. Run the script to check whether your OS supports precompiled kernel versions distributed with Dr.Web Server Security Suite. If not, a message prompting to manually build the module will be displayed on the screen.
If the drweb-spider-kmod directory is absent at the specified path, install the drweb-spider-kmod package (from the repository or using custom installation from the universal package, depending on the method that was used to install Dr.Web Server Security Suite).
|
To build the loadable kernel module manually from source code, superuser (the root user) privileges are required. For that purpose, use the su command to switch to another user or the sudo command to build the module as a different user. |
1.Unpack the archive with source code to any directory. For example, the command
# tar -xf drweb-spider-kmod-<version>-<date>.tar.bz2 |
unpacks the archive directly to the directory containing the acrhive itself, having created a subdirectory with the name of the archive file.
2.Navigate to the created directory and run the following command:
# make |
If errors occur at the step of make, fix them (see below) and restart compilation.
3.After successfully passing the make step, run the following commands:
# make install |
4.After the kernel module is successfully built and registered in the system, perform additional configuration of SpIDer Guard. Specify the mode in which the component operates with the kernel module by running the following command:
# drweb-ctl cfset LinuxSpider.Mode LKM |
It is also possible to specify AUTO instead of LKM. In this case, SpIDer Guard will attempt to use both the kernel module and the fanotify system mechanism. For details, run the following command:
$ man 1 drweb-spider |
Upon running the make command, errors may occur. If so, check the following.
•To ensure successful building of the module, Perl and GCC are required. If they are absent in the system, install them.
•On certain OSes, you may need to install the kernel-devel package in advance.
•On certain OSes, the procedure can fail because the path to the directory with source code was specified incorrectly. If so, use the make command with the KDIR=<path to kernel source code> parameter. Typically, the source code files are stored in the /usr/src/kernels/<kernel version> directory.
|
The kernel version returned by the uname -r command can differ from the <kernel version> directory name. |