Ls 151 Install Guide En

Installation Guide

LinuxShield™

version 1.5.1

McAfee® System ProtectionIndustry-leading intrusion prevention solutions

COPYRIGHTCopyright © 2008 McAfee, Inc. All Rights Reserved.

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONSACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

AttributionsThis product includes or may include:

• Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). • Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. • Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. • Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. • Software originally written by Robert Nordier, Copyright © 1996-7 Robert Nordier. • Software written by Douglas W. Sauder. • Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. • International Components for Unicode ("ICU") Copyright ©1995-2002 International Business Machines Corporation and others. • Software developed by CrystalClear Software, Inc., Copyright ©2000 CrystalClear Software, Inc. • FEAD

®

Optimizer

®

technology, Copyright Netopsystems AG, Berlin, Germany. • Outside In®

Viewer Technology ©1992-2001 Stellent Chicago, Inc. and/or Outside In

®

HTML Export, © 2001 Stellent Chicago, Inc. • Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, © 1998, 1999, 2000. • Software copyrighted by Expat maintainers. • Software copyrighted by The Regents of the University of California, © 1996, 1989, 1998-2000. • Software copyrighted by Gunnar Ritter. • Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., © 2003. • Software copyrighted by Gisle Aas. © 1995-2003. • Software copyrighted by Michael A. Chase, © 1999-2000. • Software copyrighted by Neil Winton, ©1995-1996. • Software copyrighted by RSA Data Security, Inc., © 1990-1992. • Software copyrighted by Sean M. Burke, © 1999, 2000. • Software copyrighted by Martijn Koster, © 1995. • Software copyrighted by Brad Appleton, © 1996-1999. • Software copyrighted by Michael G. Schwern, ©2001. • Software copyrighted by Graham Barr, © 1998. • Software copyrighted by Larry Wall and Clark Cooper, © 1998-2000. • Software copyrighted by Frodo Looijaard, © 1997. • Software copyrighted by the Python Software Foundation, Copyright © 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. • Software copyrighted by Beman Dawes, © 1994-1999, 2002. • Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek © 1997-2000 University of Notre Dame. • Software copyrighted by Simone Bordet & Marco Cravero, © 2002. • Software copyrighted by Stephen Purcell, © 2001. • Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). • Software copyrighted by International Business Machines Corporation and others, © 1995-2003. • Software developed by the University of California, Berkeley and its contributors. • Software developed by Ralf S. Engelschall <[email protected]> for use in the mod_ssl project (http:// www.modssl.org/). • Software copyrighted by Kevlin Henney, © 2000-2002. • Software copyrighted by Peter Dimov and Multi Media Ltd. © 2001, 2002. • Software copyrighted by David Abrahams, © 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. • Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, © 2000. • Software copyrighted by Boost.org, © 1999-2002. • Software copyrighted by Nicolai M. Josuttis, © 1999. • Software copyrighted by Jeremy Siek, © 1999-2001. • Software copyrighted by Daryle Walker, © 2001. • Software copyrighted by Chuck Allison and Jeremy Siek, © 2001, 2002. • Software copyrighted by Samuel Krempp, © 2001. See http://www.boost.org for updates, documentation, and revision history. • Software copyrighted by Doug Gregor ([email protected]), © 2001, 2002. • Software copyrighted by Cadenza New Zealand Ltd., © 2000. • Software copyrighted by Jens Maurer, ©2000, 2001. • Software copyrighted by Jaakko Järvi ([email protected]), ©1999, 2000. • Software copyrighted by Ronald Garcia, © 2002. • Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, ©1999-2001. • Software copyrighted by Stephen Cleary ([email protected]), ©2000. • Software copyrighted by Housemarque Oy <http://www.housemarque.com>, © 2001. • Software copyrighted by Paul Moore, © 1999. • Software copyrighted by Dr. John Maddock, © 1998-2002. • Software copyrighted by Greg Colvin and Beman Dawes, © 1998, 1999. • Software copyrighted by Peter Dimov, © 2001, 2002. • Software copyrighted by Jeremy Siek and John R. Bandela, © 2001. • Software copyrighted by Joerg Walter and Mathias Koch, © 2000-2002. • Software copyrighted by Carnegie Mellon University © 1989, 1991, 1992. • Software copyrighted by Cambridge Broadband Ltd., © 2001-2003. • Software copyrighted by Sparta, Inc., © 2003-2004. • Software copyrighted by Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, © 2004. • Software copyrighted by Simon Josefsson, © 2003. • Software copyrighted by Thomas Jacob, © 2003-2004. • Software copyrighted by Advanced Software Engineering Limited, © 2004. • Software copyrighted by Todd C. Miller, © 1998. • Software copyrighted by The Regents of the University of California, © 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek.

Issued April 2008 / LinuxShield™ software version 1.5.1 DBN-010-EN

Contents

1 Introducing LinuxShield 5

Product features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5What’s new in this release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Using this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Getting product information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Contact information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2 System Requirements 11

Hardware and software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11Creating kernel modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Creating 2.4 kernel modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Creating 2.6 kernel modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3 Installing LinuxShield 25

Manual installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Silent installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Running LinuxShield . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Handling old certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Removing the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Upgrading from previous LinuxShield versions . . . . . . . . . . . . . . . . . . . . . . . . . . . 30Integrating with ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31PLDP Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3

LinuxShield™ 1.5.1 Installation Guide Contents

4

1 Introducing LinuxShield

LinuxShield detects and removes viruses and other potentially unwanted software on Linux-based systems. This section describes:

Product features

What’s new in this release

Using this guide

Getting product information

Contact information

Product features LinuxShield software has the following features:

Support for AMD 64 / EM64T (64-bit) platforms.

Kernel hooking modules (KHMs)

Global File System (GFS) on Red Hat Enterprise Linux 5.

Kernel module versioning which provides on-access scanning on new kernels without having to recompile modules.

Incremental Virus Signature (DAT) updates.

Scanning

Comprehensive on-access anti-virus scanning and cleaning using the McAfee scanning engine.

On-access scanning for local file systems, NFS and Samba.

Kernel-level scan cache for improved performance.

Scheduling of on-demand scans.

Scheduling of updates for scanning engine and virus definition files.

Administration

Remote administration using browser-based interface.

5

LinuxShield™ 1.5.1 Installation Guide Introducing LinuxShieldWhat’s new in this release

1

Monitoring and configuring of multiple LinuxShield installations from the browser interface.

Secure browser interface with authentication and HTTPS (SSL) support.

Remote administration and reporting using ePolicy Orchestrator.

Reporting

Real-time statistics.

Detailed database for detected items and system events.

Ability to query the database by date range or individual field values, for example, virus name. Results of query can be exported to a CSV file.

Configurable email notification for detected items, out-of-date virus definition files, configuration changes, and system events.

Diagnostic report for use when reporting a problem with the product.

What’s new in this releaseThis release of LinuxShield includes the following new enhancements:

Support for updating virus signatures (DATs) and scanning engine from ePolicy Orchestrator version 3.6.1 and 4.0 repositories.

Support for updating virus signatures (DATs) and scanning engine from HTTP and local repositories.

Support for specifying a list of FTP, HTTP, and/or local repositories for updating virus signatures (DATs) and scanning engine.

Support for LinuxShield deployment and installation from ePolicy Orchestrator version 3.6.1 and 4.0.

Support for installing HotFixes and Patches for LinuxShield from ePolicy Orchestrator version 3.6.1 and 4.0.

McAfee Agent 4.0 support.

Support for VmWare and Xen.

Using this guideThis guide provides information on installing your product. These topics are included:

Introducing LinuxShield — An overview of the product, with a description of new or changed features; an overview of this guide; McAfee contact information.

System Requirements — The system requirements necessary to install LinuxShield successfully; instructions on creating kernel modules.

6

LinuxShield™ 1.5.1 Installation Guide Introducing LinuxShieldUsing this guide

1

Installing LinuxShield — Procedures to install the software manually and silently, instructions on how to remove the software from your computer and upgrade from a pre-release or previous version of the software.

AudienceThis information is intended for network administrators who are responsible for their company’s anti-virus and security program.

ConventionsThis guide uses the following conventions:

Bold Condensed

All words from the interface, including options, menus, buttons, and dialog box names.

Example: Type the User name and Password of the appropriate account.

Courier The path of a folder or program; text that represents something the user types exactly (for example, a command at the system prompt).

Examples: The default location for the program is: C:\Program Files\McAfee\EPO\3.5.0

Run this command on the client computer: scan --help

Italic For emphasis or when introducing a new term; for names of product documentation and topics (headings) within the material.

Example: Refer to the VirusScan Enterprise Product Guide for more information.

Blue A web address (URL) and/or a live link.

Example: Visit the McAfee web site at:

http://www.mcafee.com

<TERM> Angle brackets enclose a generic term.

Example: In the console tree, right-click <SERVER>.

Note

Note: Supplemental information; for example, another method of executing the same command.

Tip

Tip: Suggestions for best practices and recommendations from McAfee for threat prevention, performance and efficiency.

Caution

Caution: Important advice to protect your computer system, enterprise, software installation, or data.

Warning

Warning: Important advice to protect a user from bodily harm when using a hardware product.

7

http://www.mcafee.com

LinuxShield™ 1.5.1 Installation Guide Introducing LinuxShieldGetting product information

1

Getting product informationUnless otherwise noted, product documentation comes as Adobe Acrobat .PDF files, available on the product CD or from the McAfee download site.

Installation Guide — System requirements and instructions for installing and starting the software.

Product Guide — Introduction to the product and its features; detailed instructions for configuring the software; information on deployment, recurring tasks, and operating procedures.

Help — High-level and detailed information accessed from the software application.

Configuration Guide — For use with ePolicy Orchestrator®. Procedures for configuring and managing supported products through the ePolicy Orchestrator management software.

Release Notes — ReadMe. Product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation.

License Agreement — The McAfee License Agreement booklet that includes all the license types you can purchase for your product. The License Agreement presents general terms and conditions for use of the licensed product.

Contacts — Contact information for McAfee services and resources: technical support, customer service, Security Headquarters (AVERT), beta program, and training.

8

LinuxShield™ 1.5.1 Installation Guide Introducing LinuxShieldContact information

1

Contact informationThreat Center: McAfee Avert® Labs http://www.mcafee.com/us/threat_center/default.asp

Avert Labs Threat Library http://vil.nai.com

Avert Labs WebImmune & Submit a Sample (Logon credentials required) https://www.webimmune.net/default.asp

Avert Labs DAT Notification Service http://vil.nai.com/vil/signup_DAT_notification.aspx

Download Site http://www.mcafee.com/us/downloads/ Product Upgrades (Valid grant number required)

Security Updates (DATs, engine)

HotFix and Patch Releases

For Security Vulnerabilities (Available to the public)

For Products (ServicePortal account and valid grant number required)

Product Evaluation

McAfee Beta Program

Technical Support http://www.mcafee.com/us/support/ KnowledgeBase Search http://knowledge.mcafee.com/

McAfee Technical Support ServicePortal (Logon credentials required) https://mysupport.mcafee.com/eservice_enu/start.swe

Customer ServiceWeb http://www.mcafee.com/us/support/index.html http://www.mcafee.com/us/about/contact/index.html

Phone — US, Canada, and Latin America toll-free: +1-888-VIRUS NO or +1-888-847-8766 Monday – Friday, 8 a.m. – 8 p.m., Central Time

Professional Services Enterprise: http://www.mcafee.com/us/enterprise/services/index.html

Small and Medium Business: http://www.mcafee.com/us/smb/services/index.html

9

http://www.mcafee.com/us/threat_center/default.asp

http://vil.nai.com

https://www.webimmune.net/default.asp

http://vil.nai.com/vil/signup_DAT_notification.aspx

http://www.mcafee.com/us/downloads/

http://www.mcafee.com/us/support/

http://knowledge.mcafee.com/

https://mysupport.mcafee.com/eservice_enu/start.swe

http://www.mcafee.com/us/support/index.html

http://www.mcafee.com/us/about/contact/index.html

http://www.mcafee.com/us/enterprise/services/index.html

http://www.mcafee.com/us/smb/services/index.html

LinuxShield™ 1.5.1 Installation Guide Introducing LinuxShieldContact information

1

10

2 System RequirementsHardware and software

This section includes the following topics:

Hardware and software requirements.

Creating kernel modules on page 21.

Hardware and software requirementsThe following hardware and software are required.

All platformsMonitor screen with a recommended minimum resolution of 1024 x 768.

Minimum hardware requirements for 32-bit platformsIntel Pentium II with 128 MB RAM, and 40 MB free space on the hard drive.

Typical hardware requirements for 32-bit platformsIntel Pentium 4 with 256 MB RAM, and 200 MB free space on the hard drive.

Minimum hardware requirements for 64-bit platformsIntel Pentium 4 EM64T or AMD 64 with 256 MB RAM, and 40 MB free space on the hard drive.

Typical hardware requirements for 64-bit platformsIntel Pentium 4 EM64T or AMD 64 with 512 MB RAM, and 200 MB free space on the hard drive.

Supported operating systems for 32-bit platformsNovell Linux Desktop 9

Novell Linux Small Business Suite 9

Novell Open Enterprise Server 1 running SuSE Linux Enterprise Server 9 SP1

Red Hat Enterprise 2.1 Advanced Server, Workstation, Enterprise Server

Red Hat Enterprise 3.0 Advanced Server, Workstation, Enterprise Server

Red Hat Enterprise 4.0 Advanced Server, Workstation, Enterprise Server, Desktop

11

LinuxShield™ 1.5.1 Installation Guide System RequirementsHardware and software requirements

2

Red Hat Enterpris

kernel-2.4.9-e.3 kernel-smp-2.4.9-e.3kernel-enterprise-2.4

kernel-2.4.9-e.12 kernel-smp-2.4.9-e.1



Red Hat Enterprise 5.0 Server, Desktop

SuSE Enterprise 8 Server United Linux 1.0

SuSE Linux Enterprise Server 9

SuSE Linux Enterprise Server/Desktop 10


Supported operating systems for 64-bit platformsRed Hat Enterprise 4.0 Advanced Server, Workstation, Enterprise Server, Desktop

Red Hat Enterprise 5.0 Advanced Platform, Desktop

SuSE Linux Enterprise Server 9

SuSE Linux Enterprise Server/Desktop 10


Supported browsersInternet Explorer 5.5, 6.0 and 7.0

Konqueror 3.5.1

Mozilla 0.9.9, 1.0.1, 1.2.1, 1.4, and 1.6

Firefox 1.0, 1.5, and 2.0

Supported ePolicy Orchestrator Server 3.6.1 or later

Supported kernels The following kernel modules are provided in this release. If your kernel is not listed here, see About kernel support on page 20 and Creating kernel modules on page 21.

Table 2-1 Kernel modules supported on 32-bit platforms for Red Hat

e 2.1 Red Hat Enterprise 3.0 Red Hat Enterprise 4.0 Red Hat Enterprise 5.0

.9-e.3

kernel-2.4.21-4.EL kernel-smp-2.4.21-4.EL kernel-hugemem-2.4.21-4.EL


kernel-2.6.18-8.el5

kernel-2.6.18-8.el5PAE

kernel-2.6.18-8.1.1.el5

2

8 .9-e.38

0 .9-e.40

kernel-2.4.21-9.0.1.EL kernel-smp-2.4.21-9.0.1.EL kernel-hugemem-2.4.21-9.0.1.EL






kernel-2.6.18-8.1.1.el5PAE

kernel-2.6.18-8.1.3.el5


kernel-2.6.18-8.1.4.el5


kernel-2.6.18-8.1.6.el5


12


2




Red Hat Enterpris

1 .9-e.41

3 .9-e.43

8 .9-e.48




kernel-2.6.9-22.0.2.EL

kernel-smp-2.6.9-22.0.2.EL

kernel-hugemem-2.6.9-22.0.2.EL

kernel-2.6.9-34.EL

kernel-smp-2.6.9-34.EL

kernel-hugemem-2.6.9-34.EL

kernel-2.6.9-34.0.1.EL

kernel-2.6.18-8.1.8.el5


Table 2-1 Kernel modules supported on 32-bit platforms for Red Hat (continued)


13


2




Red Hat Enterpris

9 .9-e.49

2 .9-e.62

5 .9-e.65






kernel-2.6.9-34.0.2.EL



kernel-2.6.9-42.EL


kernel-2.6.18-8.el5


kernel-2.6.18-8.el5xen

kernel-2.6.18-8.1.1.el5


kernel-2.6.18-8.1.1.el5xen



14


2

kernel-2.4.9-e.68

kernel-smp-2.4.9-e.6

kernel-enterprise-2.4

kernel-2.4.9-e.70



kernel-2.4.9-e.71



kernel-2.4.9-e.72



Red Hat Enterpris

8

.9-e.68

0

.9-e.70

1

.9-e.71

2

.9-e.72





kernel-2.4.21-40.EL



kernel-2.4.21-47.EL



kernel-2.4.21-47.0.1.EL



kernel-2.4.21-50.EL



kernel-2.4.21-51.EL



kernel-2.4.21-52.EL



kernel-2.4.21-53.EL




kernel-2.6.9-42.0.2.EL



kernel-2.6.9-42.0.3.EL



kernel-2.6.9-42.0.8.EL



kernel-2.6.9-42.0.10.EL



kernel-2.6.9-55.EL



kernel-2.6.9-55.0.2.EL



kernel-2.6.9-55.0.6.EL



kernel-2.6.9-55.0.9.EL



kernel-2.6.9-67.EL



kernel-2.6.9-67.0.4.EL



kernel-2.6.9-67.0.7.EL



kernel-2.6.9-67.0.15.EL



kernel-2.6.18-8.1.3.el5



kernel-2.6.18-8.1.4.el5



kernel-2.6.18-8.1.6.el5



kernel-2.6.18-8.1.8.el5



kernel-2.6.18-8.1.10.el5



kernel-2.6.18-8.1.14.el5



kernel-2.6.18-8.1.15.el5



kernel-2.6.18-53.el5



kernel-2.6.18-53.1.4.el5



kernel-2.6.18-53.1.6.el5



kernel-2.6.18-53.1.13.el5

kernel-2.6.18-53.1.13.el5PAE

kernel-2.6.18-53.1.13.el5xen

kernel-2.6.18-53.1.14.el5

kernel-2.6.18-53.1.14.el5PAE

kernel-2.6.18-53.1.14.el5xen

kernel-2.6.18-53.1.19.el5

kernel-2.6.18-53.1.19.el5PAE

kernel-2.6.18-53.1.19.el5xen



15


2

Table 2-2 Kernel modules supported on 32-bit platforms for SuSE

SuSE Enterprise 8 SuSE Enterprise 9.0 /Novell Linux Desktop 9.0

SuSE Enterprise Desktop 10

SuSE Enterprise Server 10

k_smp-2.4.19-113

k_deflt-2.4.19-120

k_deflt-2.4.21-198

k_smp-2.4.21-198

k_deflt-2.4.21-203

k_smp-2.4.21-203

k_deflt-2.4.21-215

k_smp-2.4.21-215

k_deflt-2.4.21-226

k_smp-2.4.21-226

k_deflt-2.4.21-231

kernel-default-2.6.5-7.97 kernel-smp-2.6.5-7.97 kernel-bigsmp-2.6.5-7.97




kernel-default-2.6.5-7.147 kernel-smp-2.6.5-7.147

kernel-default-2.6.16-21.0.8

kernel-smp-2.6.16-21.0.8

kernel-bigsmp-2.6.16-21.0.8


kernel-smp-2.6.16-21.0.15



kernel-smp-2.6.16-21.0.25



kernel-smp-2.6.16-27.0.6



kernel-smp-2.6.16-21.0.8


kernel-xen-2.6.16-21.0.8

kernel-xenpae-2.6.16-21.0.8


kernel-smp-2.6.16-21.0.15


kernel-xen-2.6.16-21.0.15



kernel-smp-2.6.16-21.0.25


kernel-xen-2.6.16-21.0.25



kernel-smp-2.6.16-27.0.6


kernel-xen-2.6.16-27.0.6


k_smp-2.4.21-231

k_deflt-2.4.21-241

k_smp-2.4.21-241

k_deflt-2.4.21-251

k_smp-2.4.21-251

k_deflt-2.4.21-261

k_smp-2.4.21-261

kernel-bigsmp-2.6.5-7.147



kernel-default-2.6.5-7.193


kernel-smp-2.6.16-27.0.9



kernel-smp-2.6.16-46.0.12



kernel-smp-2.6.16-27.0.9


kernel-xen-2.6.16-27.0.9



kernel-smp-2.6.16-46.0.12


kernel-xen-2.6.16-46.0.12


k_deflt-2.4.21-266

k_smp-2.4.21-266

k_deflt-2.4.21-273

k_smp-2.4.21-273

k_deflt-2.4.21-278

k_smp-2.4.21-278

kernel-smp-2.6.5-7.193 kernel-bigsmp-2.6.5-7.193



kernel-smp-2.6.5-7.202.7


kernel-smp-2.6.16-46.0.14



kernel-smp-2.6.16-46.0.14


kernel-xen-2.6.16-46.0.14


16


2

k_deflt-2.4.21-281

k_smp-2.4.21-281

k_deflt-2.4.21-286

k_smp-2.4.21-286

k_deflt-2.4.21-292

k_smp-2.4.21-292

k_deflt-2.4.21-295



kernel-smp-2.6.5-7.244






kernel-smp-2.6.16-53.0.8



kernel-smp-2.6.16-53.0.8


kernel-xen-2.6.16-53.0.8


k_smp-2.4.21-295

k_deflt-2.4.21-304

k_smp-2.4.21-304

k_deflt-2.4.21-306

k_smp-2.4.21-306

k_deflt-2.4.21-309

k_smp-2.4.21-309

k_deflt-2.4.21-314

k_smp-2.4.21-314











kernel-smp-2.6.16-53.0.16



kernel-smp-2.6.16-53.0.16


kernel-xen-2.6.16-53.0.16












kernel-smp-2.6.5-7.287.3









kernel-smp-2.6.16-54.2.3


kernel-default-2.6.16.60-0.9

kernel-smp-2.6.16.60-0.9

kernel-bigsmp-2.6.16.60-0.9


kernel-smp-2.6.16-54.2.3


kernel-xen-2.6.16-54.2.3


kernel-default-2.6.16.60-0.9

kernel-smp-2.6.16.60-0.9

kernel-bigsmp-2.6.16.60-0.9

kernel-xen-2.6.16.60-0.9

kernel-xenpae-2.6.16.60-0.9

Table 2-2 Kernel modules supported on 32-bit platforms for SuSE (continued)

SuSE Enterprise 8 SuSE Enterprise 9.0 /Novell Linux Desktop 9.0

SuSE Enterprise Desktop 10


17


2

Table 2-3 Kernel modules supported on 64-bit platforms for Red Hat

Red Hat Enterprise 4.0 Red Hat Enterprise 5.0

kernel-2.6.9-5.EL


kernel-2.6.9-11.EL

kernel-smp-2.6.9-11EL

kernel-2.6.9-22.EL

kernel-2.6.18-8.el5

kernel-2.6.18-8.1.1.el5

kernel-2.6.18-8.1.3.el5

kernel-2.6.18-8.1.4.el5

kernel-2.6.18-8.1.6.el5


kernel-2.6.9-22.0.1EL

kernel-smp-2.6.9-22.0.1EL

kernel-2.6.9-22.0.2.EL

kernel-smp-2.6.9-22.0.2EL

kernel-2.6.18-8.1.8.el5

kernel-2.6.18-8.1.10.el5


kernel-2.6.18-8.1.14.el5


kernel-2.6.9-34.EL


kernel-2.6.9-34.0.1.EL


kernel-2.6.9-34.0.2.EL


kernel-2.6.9-42.EL

kernel-2.6.18-8.1.15.el5


kernel-2.6.18-53.el5


kernel-2.6.18-53.1.4.el5


18


2


kernel-2.6.9-42.0.2.EL


kernel-2.6.9-42.0.3.EL


kernel-2.6.9-42.0.8.EL

kernel-2.6.18-53.1.6.el5



kernel-2.6.18-53.1.13.el5

kernel-2.6.18-53.1.13.el5PAE

kernel-2.6.18-53.1.13.el5xen


kernel-2.6.9-42.0.10.EL


kernel-2.6.9-55.EL


kernel-2.6.9-55.0.2.EL


kernel-2.6.9-55.0.6.EL


kernel-2.6.9-55.0.9.EL


kernel-2.6.9-67.EL


kernel-2.6.9-67.0.4.EL



kernel-2.6.9-67.0.7.EL



kernel-2.6.9-67.0.15.EL



kernel-2.6.18-53.1.14.el5

kernel-2.6.18-53.1.14.el5PAE

kernel-2.6.18-53.1.14.el5xen

kernel-2.6.18-53.1.19.el5

kernel-2.6.18-53.1.19.el5PAE

kernel-2.6.18-53.1.19.el5xen


Red Hat Enterprise 4.0 Red Hat Enterprise 5.0

Table 2-4 Kernel modules supported on 64-bit platforms for SuSE

SuSE Enterprise 9 SuSE Enterprise Desktop 10








kernel-smp-2.6.16-21.0.8


kernel-smp-2.6.16-21.0.15


kernel-smp-2.6.16-21.0.8

kernel-xen-2.6.16-21.0.8


kernel-smp-2.6.16-21.0.15

kernel-xen-2.6.16-21.0.15







kernel-smp-2.6.16-21.0.25


kernel-smp-2.6.16-21.0.25

kernel-xen-2.6.16-21.0.25

19


2

About kernel support The LinuxShield installation includes on-access kernel modules for the versions of Red Hat and SuSE that we support. See the tables in Supported kernels on page 12 to get the full list of kernels. We provide these modules for the original kernel versions that are shipped with the distribution, and for the latest official kernel updates provided by Red Hat and SuSE at the time of this release. Our updates for their later kernels will be available from http://mysupport.nai.com.

Source code for the kernel modules is also available on your product CD, or from our product download site. (See Contact information on page 9.) The availability of this source code allows you to respond to security patches as quickly as your specific environment and company policy dictates. However, we are unable to provide support for customized kernel modules because we cannot test them or reproduce specific issues.







kernel-smp-2.6.16-27.0.6


kernel-smp-2.6.16-27.0.9


kernel-smp-2.6.16-27.0.6

kernel-xen-2.6.16-27.0.6


kernel-smp-2.6.16-27.0.9

kernel-xen-2.6.16-27.0.9

kernel-smp-2.6.5-7.202.7








kernel-smp-2.6.16-46.0.12


kernel-smp-2.6.16-46.0.14


kernel-smp-2.6.16-46.0.12

kernel-xen-2.6.16-46.0.12


kernel-smp-2.6.16-46.0.14

kernel-xen-2.6.16-46.0.14









kernel-smp-2.6.16-53.0.8


kernel-smp-2.6.16-53.0.16


kernel-smp-2.6.16-53.0.8

kernel-xen-2.6.16-53.0.8


kernel-smp-2.6.16-53.0.16

kernel-xen-2.6.16-53.0.16





kernel-smp-2.6.5-7.287.3






kernel-smp-2.6.16-54.2.3

kernel-default-2.6.16-60-0.9

kernel-smp-2.6.16-60-0.9


kernel-smp-2.6.16-54.2.3

kernel-xen-2.6.16-54.2.3

kernel-default-2.6.16-60-0.9

kernel-smp-2.6.16-60-0.9

kernel-xen-2.6.16-60-0.9

Table 2-4 Kernel modules supported on 64-bit platforms for SuSE (continued)

SuSE Enterprise 9 SuSE Enterprise Desktop 10


20

http://mysupport.nai.com

LinuxShield™ 1.5.1 Installation Guide System RequirementsCreating kernel modules

2

Creating kernel modules

To build a LinuxShield kernel module from source, you need the source for your kernel. Most vendor-supplied kernels include a kernel source package, that usually installs the source into /usr/src/linux-<kernel version>. If you are not familiar with building the Linux kernel, we recommend that you refer to tutorials available on the Internet. Alternatively, follow the procedure in Creating 2.4 kernel modules or Creating 2.6 kernel modules.

Creating 2.4 kernel modules1 Put your source tree into a known clean state to remove generated files and

non-standard configuration. To do this, run make mrproper from the top-level directory of your kernel source tree, as in the following commands:

cd <kernel source dir>

make mrproper

2 Configure the kernel source. You need the configuration file that was used to compile your kernel. If you are using a vendor-supplied kernel, the /boot directory normally contains a copy of the configuration file, which has a config prefix or a .config extension.

3 Copy the configuration file to the file .config in the top-level directory of your kernel source tree, and run make oldconfig, as in these commands:

cp <kernel config file> .config

make oldconfig

If a message prompts you for any configuration items, your configuration file is incomplete, and you need to ask the supplier about the correct answers.

4 Check the version information in the top-level kernel Makefile. In particular, check that EXTRAVERSION is set appropriately.

Sometimes the version information is set to a custom value in vendor-supplied source. The definition for KERNELRELEASE when expanded should match the contents of /proc/sys/kernel/osrelease assuming that you are building modules for the kernel that is currently running. The standard definition for KERNELRELEASE is:

KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)$(EXTRAVERSION)

5 Generate some dependency information and header files. Type the following command:

make dep

6 Build the kernel by typing this command:

make bzImage

This step creates generated files that are necessary for module compilation.

Note

McAfee does not support creating custom kernel modules.

21


2

As a minimum, you can build the generated configuration header files using make include/config/MARKER, but this might not work for all kernel versions and configurations.

7 Unpack the source files into an empty directory, and use the kernel build system to build the modules:

cd <LinuxShield source directory>

make -C <kernel source dir> SUBDIRS=`pwd` modules

If there are no errors, you have two kernel modules — lshook.o and linuxshield.o.

8 Copy the modules into your LinuxShield module directory (called /opt/NAI/LinuxShield/lib/modules by default).

The modules in this directory are prefixed with the kernel version for which they were compiled. For example, if /proc/sys/kernel/osrelease contains 2.4.21-xyz, the modules are named 2.4.21-xyz-lshook.o and 2.4.21-xyz-linuxshield.o.

If you have multiple kernels that cannot be distinguished by the contents of /proc/sys/kernel/osrelease (the same as the output of uname -r), you need to use the file kernel.version in the same directory. This file can contain multiple lines. Each has the form:

<prefix>:<build version>

Here <prefix> is a unique string derived from the kernel version. Given a version of 2.4.nn<extra>, the prefix is 2.4.nn<unique tag><extra>, where the unique tag does not contain ”:” for example:

2.4.21-ls-xyz:#1 SMP Sun May 16 12:27:32 UTC 2004

Here <build version> is the contents of /proc/sys/kernel/version (or the output of uname -v) when the matching kernel is running.

During LinuxShield startup, if kernel modules are identified as matching the running kernel, symbolic links are created in the directory /lib/modules/`uname -r`/nai. The targets of these links can determine which module files have been loaded.

Creating 2.6 kernel modules1 Put your source tree into a known clean state to remove any generated files and any

non-standard configuration. To do this, run make mrproper from the top-level directory of your kernel source tree:

cd <kernel source directory>

make mrproper

2 Configure the kernel source. You need the configuration file that was used to compile your kernel.

Note

You are now ready to build the LinuxShield kernel modules. The Makefile provided to build the LinuxShield modules requires 3.80 or later of GNU Make. Check your version of make by using make --version. If you have version 3.79 or earlier, you need to upgrade.

22


2

3 Copy the configuration file to the file .config in the top-level directory of your kernel source tree, and run make oldconfig:

cp <kernel config file> .config

make oldconfig

If asked for any configuration items, your configuration file is incomplete, and you need to ask the supplier about the correct answers.

4 Check the version information in the top-level kernel Makefile. In particular, check that EXTRAVERSION is set appropriately.

Sometimes the version information is set to a custom value in vendor-supplied source. The definition for KERNELRELEASE when expanded should match the contents of /proc/sys/kernel/osrelease assuming that you are building modules for the kernel that is currently running. The standard definition for KERNELRELEASE is:

KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)$(EXTRAVERSION)

5 Build the kernel by typing this command:

make bzImage

This step creates generated files that are necessary for module compilation.

6 Unpack the source files into an empty directory, and use the kernel build system to build the modules:

cd <LinuxShield source directory>

make -C <kernel source dir> SUBDIRS=`pwd` modules

If there are no errors, you have two kernel modules — lshook.ko and linuxshield.ko.

7 Copy these modules into your LinuxShield module directory (called /opt/NAI/LinuxShield/lib/modules by default).

If you have multiple kernels that cannot be distinguished by the contents of /proc/sys/kernel/osrelease (the same as the output of uname -r), you need to use the file kernel.version in the same directory. This file can contain multiple lines, each having the form:

<prefix>:<build version>

Note

If you are using a vendor-supplied kernel, the /boot directory normally contains a copy of the configuration file, which has a config- prefix or a .config extension.

Note

You are now ready to build the LinuxShield kernel modules. The Makefile provided to build the LinuxShield modules requires 3.80 or later of GNU Make. Check your version of make by using make --version. If you have version 3.79 or earlier, you need to upgrade.

Note

The modules in this directory are prefixed with the kernel version for which they were compiled. For example, if /proc/sys/kernel/osrelease contains 2.6.9-xyz, the modules will be named 2.6.9-xyz-lshook.ko and 2.6.9-xyz-linuxshield.ko.

23


2

Here <prefix> is a unique string that is derived from the kernel version. Given a version of 2.6.nn<extra>, the prefix is 2.6.nn<unique tag><extra>, where the unique tag does not contain “:”, for example:

2.6.9-ls-xyz:#1 SMP Sun May 16 12:27:32 UTC2004

Here <build version> is the contents of /proc/sys/kernel/version (or the output of uname -v) when the matching kernel is running.

During LinuxShield startup, if kernel modules are identified as matching the running kernel, symbolic links are created in the directory /lib/modules/`uname -r`/nai. The targets of these links can determine which module files have been loaded.

8 Rename the modules to have .o extension instead of .ko extension.

24

3 Installing LinuxShieldInstalling, upgrading and removing the software

You can install LinuxShield manually on hosts (see Manual installation on page 25) or you can use a script (see Silent installation on page 28). The following topics are included:

Running LinuxShield on page 29.

Removing the software on page 30.

Integrating with ePolicy Orchestrator on page 31.

Related topicsUpgrading from previous LinuxShield versions on page 30.

Manual installationDuring installation, you are prompted to supply a password and other information. For most of the questions, you can accept the default value that is offered. To set up email notification for alerts if it is required, you need an MTA (Mail Transfer Agent) configured, and the following information:

Email address of the LinuxShield administrator.

Address for the SMTP host.

TCP/IP port number for the SMTP host.

To install McAfee Runtime:1 Download the MFErt.i686.rpm file.

2 At the command prompt, type:

rpm -ivh MFErt.i686.rpm

To install McAfee Agent (MA):3 Download the MFEcma.i686.rpm file.


rpm -ivh MFEcma.i686.rpm

25

LinuxShield™ 1.5.1 Installation Guide Installing LinuxShieldManual installation

3

5 Answer the questions when prompted. These include whether installing CMA in managed or unmanaged mode.

6 To confirm that the McAfee agent is running correctly, type:

/etc/init.d/cma status

To install LinuxShield:

7 Download the rpm file.


rpm -ivh LinuxShield-1.5.1-<version>.<arch>.rpm

where <version> is a version number such as 108, and <arch> is i386 for 32-bit platforms and x86-64 for 64-bit platforms.

9 Answer the questions when prompted. Accept the default values, or type your own.

10 When prompted to start the LinuxShield services, select the default option, y.

11 To confirm that the system is running correctly, type:

/etc/init.d/nails status

To install LinuxShield 1.5.1 on Novel Open Enterprise Server 1 or 21 Remove LinuxShield (if installed) using the command:

rpm -e LinuxShield

2 From the Novell eDirectory server use iManager and create a user called “nails” and a group called “nailsgroup”.

3 Add the user “nails” a member of the “nailsgroup”. Enable the user and group using the Linux User Management.

4 Provide “nails” user with administrative privileges on all the NSS volumes.

5 Download the MFErt.i686.rpm and MFEcma.i686.rpm file.

6 Install McAfee Runtime and McAfee Agent using the commands:



Answer the questions when prompted. These include the IP address of the ePolicy Orchestrator server, and port number for the agent-to-server connection.

Note

For more information on deploying LinuxShield in managed mode, refer the LinuxShield Configuration guide.

Note

Before installing LinuxShield, you must have McAfee Runtime and McAfee Agent already installed on the computer. See Installing McAfee Runtime and Installing McAfee Agent.

Tip

rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>

You need to provide administrative privileges to the “nails” user, every time a new NSS volume is created.

26

LinuxShield™ 1.5.1 Installation Guide Installing LinuxShieldManual installation

3

7 Install LinuxShield using the command:

rpm -ivh LinuxShield-1.5.1-<version>.<Arch>.rpm

8 Type “nailsgroup” for the Linux group for LinuxShield administrator.

9 Type “nails” for the LinuxShield user.

10 Answer the questions when prompted. Accept the default values, or type your own.

11 When prompted to start the LinuxShield services, select the default option, y.

27

LinuxShield™ 1.5.1 Installation Guide Installing LinuxShieldSilent installation

3

Silent installation

1 Create the file nails.options in the root home directory. For example:

SILENT_ACCEPTED_EULA=”yes”

SILENT_INSTALLDIR=”/opt/NAI/LinuxShield”

SILENT_RUNTIMEDIR=”/var/opt/NAI/LinuxShield”

SILENT_ADMIN=”[email protected]”

SILENT_HTTPHOST=”192.168.255.200”

SILENT_HTTPPORT=”55443”

SILENT_MONITORPORT=”65443”

SILENT_SMTPHOST=”example.example.com.”

SILENT_SMTPPORT=”25”

SILENT_NAILS_USER=”nails”

SILENT_NAILS_GROUP=”nailsgroup”

SILENT_CREATE_USER=”no”

SILENT_CREATE_GROUP=”no”

SILENT_RUN_WITH_MONITOR=”yes”

SILENT_QUARANTINEDIR=”/quarantine”

SILENT_START_PROCESSES=”yes”

SILENT_CONTINUE_INSTALL_ON_PAM_ERROR=”no”

2 As root, create a user “nails” as a member of a group “nailsgroup”.


rpm -ivh LinuxShield-1.5.1-<version>.<arch>.rpm

Note

Before installing LinuxShield, you must have McAfee Runtime and McAfee Agent already installed on the computer. See Installing McAfee Runtime and Installing McAfee Agent.

Note

Use SILENT_CONTINUE_INSTALL_ON_PAM_ERROR only when 32-bit PAM libraries are not present.

If you set this flag to yes and continue without Pluggable Authentication Module (PAM) libraries, the installation of LinuxShield monitor component is skipped, and the web interface will not be available. However, you can still manage the LinuxShield host using ePolicy Orchestrator or the web interface of some other LinuxShield host. See information about configuring LinuxShield in the Product Guide.

Note

Before installing LinuxShield, make sure that there is no user as “nails” and no group as “nailsgroup”in the computer.

28

LinuxShield™ 1.5.1 Installation Guide Installing LinuxShieldRunning LinuxShield

3


4 After performing the installation, use the command passwd to assign a password to the user, nails. To manage several hosts from one browser location, each host must have the same user name and password.

To install LinuxShield 1.5.1 on Novel Open Enterprise Server 1 or 2 in Silent Mode:1 From the Novell eDirectory server use iManager and create a user called “nails” and

a group called “nailsgroup”.

2 Add the user “nails” a member of the “nailsgroup”. Enable the user and group using the Linux User Management.

3 Provide “nails” user with administrative privileges on all the NSS volumes.

4 In nails.options file, check if the following parameters are:

SILENT_NAILS_USER=”nails”

SILENT_NAILS_GROUP=”nailsgroup”

5 Follow rest of the steps as mentioned in Silent Installation section.

Running LinuxShield1 To open the LinuxShield browser interface, use a supported browser:

https://<hostname>:<port number>

where <hostname> is the name of the host on which LinuxShield is installed. By default, the port number is 55443.

2 On the logon page, type the user name, nails and enter the password that you specified during installation.

3 If you see messages caused by the use of certificates, see Handling old certificates.

Handling old certificatesLinuxShield has its own certificate that it adds to the browser the first time that you connect. If you add this certificate permanently, then install a new version of LinuxShield, you might experience an error, stating that the certificate that the site is providing is not correct.

This happens because the certificate is different from the one stored in your browser. Every installation creates a specific certificate for the host, and associates the certificate with the IP address or the name that you have provided. If the certificate does not match the stored certificate, the browser displays an error.

To fix this, remove the old certificate and accept the new one when prompted. The steps are described for each supported browser.

Konqueror1 Open Konqueror.

29

LinuxShield™ 1.5.1 Installation Guide Installing LinuxShieldRemoving the software

3

2 At Settings, select Configure Konqueror.

3 At the new window, click the icon on the left side, called Crypto.

4 On the right pane, click the Peer SSL Certificate tab to display every certificate that you have saved.

5 Select and remove the Network Associates certificate.

When you log on again, you are prompted with the new certificate.

Mozilla1 Open Mozilla.

2 Select Edit | Preferences.

3 Expand Privacy & Security.

4 Select Certificate on the left side, and click Manage Certificates from the right pane.

5 On the new window, select the Authority tab and scroll to find Network Associates.

6 Expand this, and find the certificate displaying the IP address of the host or the host name. Select the certificate and delete it.

These steps should remove the certificate, and allow you to import the new certificate associated with the host.

Internet ExplorerMicrosoft Internet Explorer does not save the certificate, but it will prompt you to accept the certificate every time that you log on.

Removing the software1 Remove the software, using:

rpm -e LinuxShield

rpm -e MFEcma

rpm -e MFErt

2 Reboot the computer to remove the LinuxShield kernel modules.

Upgrading from previous LinuxShield versions 1 Download the MFErt.i686.rpm and MFEcma.i686.rpm file.

2 Install McAfee Runtime and McAfee Agent using the commands:

Note

You do not need to reboot immediately because the LinuxShield kernel modules do not interrupt functioning of any other running service.

Note

If you have NWA (Non-Windows Agent) installed on this computer, make sure to uninstall NWA before proceeding to the next step.

30

LinuxShield™ 1.5.1 Installation Guide Installing LinuxShieldIntegrating with ePolicy Orchestrator

3



Answer the questions when prompted. These include the IP address of the ePolicy Orchestrator server, and port number for the agent-to-server connection.


rpm -U LinuxShield-1.5.1-<version>.<arch>.rpm


4 To confirm that the system is running, type:

/etc/init.d/nails status

Integrating with ePolicy Orchestrator

ePolicy Orchestrator 3.6The following NAP files need to be added to the ePolicy Orchestrator repository:

MSA_400LNX.nap — McAfee Agent NAP file.

LinuxShield151.nap — product NAP file.

LinuxShield151_reports.nap — product event-reporting NAP file.

ePolicy Orchestrator 4.0The following extensions need to be added to the ePolicy Orchestrator server:

LYNXSHLD1510.ZIP

LYNXSHLD1510PARSER.ZIP

PLDP ProcessPLDP is a Novell Partner Linux Driver process which allows automatic updates of LinuxShield Kernel Hooking modules when kernel updates happens. This process is supported on SLES 9 kernel 2.6.5-7.282 and above.

Note

See the LinuxShield Configuration Guide and ePolicy Orchestrator Product Guide for details.

31

LinuxShield™ 1.5.1 Installation Guide Installing LinuxShieldPLDP Process

3

To enable PLDP on SLES 9:

1 Install LinuxShield.

2 Install McAfee-LinuxShield rpm from /opt/NAI/package/LinuxShield directory.

When kernel update occurs, the McAfee-LinuxShield rpm automatically upgrades to the latest version available at the download site:

http://forgeftp.novell.com/driver-process/pub/update/mcafee/sle9/common/

To enable PLDP on SLE10:1 Install McAfee-LinuxShield-kmp-<flavour>-1.5.1_2.6.16.21_0.8-0.<arch>.rpm from

/opt/NAI/package/LinuxShield.

Note

Partner drivers provided by Novell are signed with a driver build key and is not present by default on SLES9 or NLD. While updating the drivers, “integrity check” errors may appear. You need to import the driver build key to resolve the integrity check errors.

To resolve integrity check errors:

Type rpm -qa gpg-pubkey*

If the output does not include the line “gpg-pubkey-7e2e3b05-44748aba”, the driver build key has not been imported. Then use the following Link to create the pgp key on your computer.

http://developer.novell.com/wiki/index.php/Adding_Keys

Note

Install the kernel-update-tool and update to yast2-packagemanager version 2.9.70-0.3 or above.

Note

LinuxShield 1.5.1 supports PLDP on SLE10 and is based on Novell readiness. Novell is currently working on providing PLDP support for LinuxShield 1.5.1 on SLE10.

32

http://developer.novell.com/wiki/index.php/Adding_Keys

http://forgeftp.novell.com/driver-process/pub/update/mcafee/sle9/common/

Documents

Ls 151 Install Guide En