Configuring the PARSEC Permissions

In Linux distributions equipped with PARSEC security subsystem, the access of all applications to files depends on their privilege level.That is why SpIDer Guard can intercept file-access events as far as its privilege level allows.

Moreover, if the user works at any privilege level other than the zero, the graphical interface of Dr.Web for Linux cannot interact with SpIDer Guard and with the Anti-virus service components if they work at a different privilege level; the access to the consolidated quarantine may also become unavailable.

In case if PARSEC is used in OS and user accounts working at privilege levels other than zeroth, are present, you need to customize Dr.Web for Linux in order to ensure that its components run at different privilege levels.

This section discusses the following settings of PARSEC that ensure correct operation of Dr.Web for Linux:

•Customizing of interaction of the components that are run at the different privilege levels.

•Customizing the automatic launch of the Dr.Web for Linux components with the user privileges.

•Configuring SpIDer Guard for file access events interception.

Customizing of interaction of the components that are run at the different privilege levels

For OS Astra Linux SE of version 1.6

Modify the /etc/parsec/privsock.conf system file to authorize the Dr.Web for Linux configuration daemon (drweb-configd) to use the privsock mechanism. drweb-configd is Dr.Web for Linux service component that is responsible for interaction of all anti-virus components between each other. The privsock mechanism is designed for the operation of system network services that do not process information using the mandatory context but interact with processes that operate in the mandatory context of an access subject. To do this, proceed as follows:

1.Open the /etc/parsec/privsock.conf file in any text editor. Add the following lines:

2.Save the file and restart the operating system.

For OS Astra Linux SE of version 1.5 and earlier

Modify the Dr.Web for Linux (drweb-configd) configuration daemon launch script. To do this, proceed as follows:

1.Log into the system using the privilege level zero.

2.Open the /etc/init.d/drweb-configd script file in any text editor.

3.In this file find the definition of the start_daemon() function and replace the line:

with the line:

4.In some OSes, (for example, Astra Linux SE 1.3), an additional indication of component launch dependence from the PARSEC subsystem could be required. In this case, it is also necessary to modify a string in the file:

Change this string in the following way:

5.Save the file and restart the operating system.

Customizing the automatic launch of the components with user privileges

To make Dr.Web for Linux components with which the user interacts available in the user environment (when the user works at a privilege level other than zero), you need to make changes to the files containing PAM settings to ensure the automatic launch of the required Dr.Web for Linux components at the beginning of the user session and their termination at the end of the session. The module (the special pam_drweb_session.so PAM module by Doctor Web launches the drweb-session mediation component, which connects the local copies of components run in the user environment with the components operating at zero-level privilege and autorun on OS startup).

To change PAM settings, we recommend that you use the drweb-configure configuration utility, included in Dr.Web for Linux, or you can make manual changes to the necessary configuration files.

1. Using the drweb-configure utility

To make configuring complex parameters of Dr.Web for Linux more convenient, we have developed the special auxiliary utility drweb-configure.

1.To enable or disable the automated launch of the necessary Dr.Web for Linux components in the user environment when it is running at a privilege level other than zero, use the following command:

where <mode> may have one of the following values:

•enable—enables the automated launch of the necessary components during the user session with the approprate privileges.

•disable—disables the automated launch of the necessary components during the user session with the approprate privileges (it will render a number of Dr.Web for Linux functions unavailable).

2.Restart the system.

2. Manual modification of PAM configuration

For Astra Linux and other distributions using the pam_parsec_mac.so PAM module

1.To change PAM configuration, you need to modify all configuration files in /etc/pam.d directory which launch the pam_parsec_mac.so PAM module. You can get the list of such files by performing the following command:

Add the following records of session type to all files from the list:

•Before the first records of session type:

•After the last record of session type:

2.Save the changed files.

3.Create a symbolic link to the pam_drweb_session.so file from the system directory containing PAM modules. The pam_drweb_session.so file is located in the Dr.Web for Linux library directory (/opt/drweb.com/lib/); in 64-bit operating systems, for instance, the path to the module is /opt/drweb.com/lib/x86_64-linux-gnu/pam/.

4.Reboot the operating system.

For ALT 8 SP and other distributions using the pam_namespace.so PAM module

1.To change PAM configuration, you need to modify all configuration files in /etc/pam.d directory which launch the pam_namespace.so PAM module. You can get the list of such files by performing the following command:

2.Add session-type records same as the records for distributions using the pam_parsec_mac.so PAM module (see the paragraph above) to each file.

Configuring SpIDer Guard for file access events interception

To give the SpIDer Guard file monitor an ability to detect the attempts of accessing files, which have any level of access privileges, you need to switch SpIDer Guard to the Fanotify operating mode.

To switch SpIDer Guard to the Fanotify operating mode, execute the following command:

To get additional information, use the following command: