Configuring the Permissions of PARSEC (Astra Linux)

 Top  Previous  Next

In operating systems equipped with the PARSEC security subsystem (mandate access control system), due to the variation in privilege levels required to access different files, SpIDer Guard working in its default mode (AUTO) cannot intercept file-access events for any files whose required access privilege level is higher than the one with which SpIDer Guard was launched. Moreover, if the user works at any privilege level other than the zeroth, the graphical interface of Dr.Web for Linux cannot interact with SpIDer Guard and with the Anti-virus service components if they work at a different privilege level; access to the consolidated quarantine may also become unavailable.

To perform these procedures, superuser permissions are required (i.e. privileges of the root user). To elevate your privileges, use the su command for changing the current user or the sudo command to execute the specified command with the privileges of another user.

Configuring SpIDer Guard to intercept attempts to access files with any privilege level

To give the SpIDer Guard file monitor an ability to detect attempted access, when any files that have any level of access privileges are accessed, it is necessary to switch SpIDer Guard into an LKM operating mode (this will use a special loadable kernel module for the Linux kernel; this module is supplied together with Dr.Web for Linux).

To switch SpIDer Guard into the LKM operating mode, execute the following command:

# drweb-ctl cfset LinuxSpider.Mode LKM

To get additional information, use the following command:

$ man drweb-spider

Configuring the Correct Launch of Dr.Web for Linux at Any Privilege Level

In order for all the components of the Anti-virus (Scanner, SpIDer Guard and SpIDer Gate, graphical interface and the management tool) to be able to correctly interact with each other when they are launched with different privilege levels, it is necessary to modify the script that launches the Dr.Web for Linux configuration daemon (drweb-configd)—the product service component responsible for interaction of all anti-virus components between each other.

To do this, proceed as follows:

1.Log into the system using the privilege level zero

2.Open the /etc/init.d/drweb-configd script file in any text editor (root privileges are required).

3.In this file find the definition of the start_daemon() function and replace the line:

"$DAEMON" -d -p "$PIDFILE" >/dev/null 2>&1

with the line:

execaps -c 0x100 -- "$DAEMON" -d -p "$PIDFILE" >/dev/null 2>&1

4.In some OSes, (for example, Astra Linux SE 1.3), an additional indication of component launch dependence from the PARSEC subsystem could be required. In this case, it is also necessary to modify a string in the file:

# Required-Start: $local_fs $network

Change this string in the following way:

# Required-Start: $local_fs $network parsec

5.Save the file and reboot the operating system