background image

17

program  which  provides  continuous  monitoring  and  control  over  the  file  system.  Every  file 

system object is scanned based on customizable file access event types. The following event 

types are supported by the current version: 

Open events

This file access type is activated if the word  'open' is present in the 'event_mask‘ parameter in 

the eset.cfg file ([dac] section). In this case, the ON_OPEN bit of Dazuko access mask is set to on. 

Close events

This file access type is activated if the word 'close' is present in the 'event_mask‘ parameter in 

the eset.cfg file ([dac] section). In this case, the ON_CLOSE bit and ON_CLOSE_MODIFIED bit of 

Dazuko access mask is set to on.

 

NOTE:

  Some OS kernel versions do not support the interception of ON_CLOSE events. In these 

cases, close events will not be monitored by esets_dac. 

Exec events 

This file access type is activated if the word 'exec' is present in the 'event_mask' parameter in 

the eset.cfg file ([dac] section). In this case the ON_EXEC bit of Dazuko access mask is set to on. 

In summary, the On-access scanner ensures that all opened, closed and executed files are 

scanned by the esets_daemon for viruses. Based on the result of such scans, access to given files 

is denied or allowed. 

5.2.2. Installation and configuration

As mentioned previously, the Dazuko kernel module must be compiled and installed within 

the running kernel before 

esets_dac

 can be initialized. To compile and install Dazuko, please see: 

http://www.dazuko.org/howto-install.shtml

.

Once  Dazuko  is  installed,  review  and  edit  the  [global]  and  [dac]  sections  of  the  ESETS 

configuration  file  (esets.cfg).  Note  that  the  proper  functioning  of  the  On-access  scanner    is 

dependent  upon  configuration  of  the ‘agent_enabled’  option  within  the  [dac]  section  of  this 

file. Additionally, you must define the file system objects (i.e. directories and files) that are to be 

monitored by the On-access scanner. This can be accomplished by defining the parameters of 

the ‘ctl_incl’ and ‘ctl_excl’ options, which are also located within the [dac] section. After making 

changes  to  the  esets.cfg  file,  you  can  force  the  newly  created  configuration  to  be  re-read  by 

reloading the 

ESETS daemon

5.2.3. Tips

To  ensure  that  the  Dazuko  module  loads  prior  to  initialization  of  the 

esets_dac

  daemon, 

follow these steps:

Place a copy of the Dazuko module in either of the following directories, which are reserved 

for kernel modules:

    

   

/lib/modules

       or

   

/modules

        

Use the kernel utilities ‘depmod’ and ‘modprobe’ (For BSD OS, use ‘kldconfig’ and ‘kldload’) to 

handle dependencies and successful initialization of the newly added Dazuko module.

In  the 

esets_daemon

  initialization  script  ‘/etc/init.d/esets_daemon’,  before  the  daemon 

chapter 5

 

 

  Integration with File System services

Summary of Contents for FILE SECURITY

Page 1: ...ESET File Security Installation Manual and User Guide we protect digital worlds...

Page 2: ...Interface 24 6 5 Remote Administration 24 7 ESET Security system update 25 7 1 ESETS update utility 26 7 2 ESETS update process description 26 7 3 ESETS mirror http daemon 27 8 Let us know 29 Appendi...

Page 3: ...Chapter 1 Introduction...

Page 4: ...run under non privileged user account to enhance security The system supports selective configuration based on the user or client server Multiple logging levels can be configured to get information ab...

Page 5: ...Chapter 2 Terminology and abbreviations...

Page 6: ...ion the primary installation directory is opt eset esets ESETS daemon The main ESETS system control and scanning daemon esets_daemon ESETS base directory The directory where ESETS loadable modules con...

Page 7: ...s directory The SBINDIR value for the following Operating Systems is listed below Linux usr sbin Linux RSR opt eset esets sbin FreeBSD usr local sbin NetBSD usr pkg sbin Solaris opt esets sbin ESETS o...

Page 8: ......

Page 9: ...Chapter 3 Installation...

Page 10: ...ade the product use the following command sh esets i386 ext bin For the Linux RSR variation of the product use the command sh esets rsr i386 rpm bin to display the product s User License Acceptance Ag...

Page 11: ...Chapter 4 Architecture Overview...

Page 12: ...tegrate ESETS with the Linux BSD Solaris Server environment UTILITIES The utility modules provide simple and effective management of the system They are responsible for relevant system tasks such as l...

Page 13: ...le For detailed information on the most effective way to organize this file please refer to the esets cfg 5 and esets_daemon 8 man pages as well as relevant agents man pages ETCDIR certs This director...

Page 14: ......

Page 15: ...Chapter 5 Integration with File System services...

Page 16: ...list of options please see the esets_scan 8 man page 5 2 On access scanner powered by Dazuko The On access scanner is invoked by user s access and or operating system access to file system objects Thi...

Page 17: ...n As mentioned previously the Dazuko kernel module must be compiled and installed within the running kernel before esets_dac can be initialized To compile and install Dazuko please see http www dazuko...

Page 18: ...hould be used See section 5 3 1 below for detailed information Please note that this section is relevant only for Linux OS users and contains information regarding the operation installation and confi...

Page 19: ...g the following line LD_PRELOAD path to libesets_pac so COMMAND COMMAND ARGUMENTS where COMMAND COMMAND ARGUMENTS is the original executable statement Review and edit the global and pac sections of th...

Page 20: ......

Page 21: ...Chapter 6 Important ESET File Security mechanisms...

Page 22: ...has been taken as a result of these three action options the object is accepted Otherwise the object is blocked 6 2 User Specific Configuration The purpose of the User Specific Configuration mechanis...

Page 23: ...m will be processed by the ESET virus laboratory and if necessary added to the ESET virus signature database NOTE ACCORDINGTO OUR LICENSE AGREEMENT BY ENABLING SAMPLE SUBMISSION SYSTEMYOU ARE AGREEING...

Page 24: ...ministrator Manual This manual is located on our web site here http download eset com manuals ESET_ERA_User_Guide_EN pdf The ESETS Remote Administration Client is part of the main ESETS daemon For bas...

Page 25: ...Chapter 7 ESET Security system update...

Page 26: ...TS configuration file The ESETS daemon must be up and running in order to successfully update the virus signature database 7 2 ESETS update process description The update process consists of two stage...

Page 27: ...o yes and the Mirror is enabled Options av_mirror_httpd_port and av_mirror_httpd_addr define the port default 2221 and address default all local tcp addresses where the http server listens The option...

Page 28: ......

Page 29: ...Chapter 8 Let us know...

Page 30: ...ly improve the quality and effectiveness of our documentation If you feel that any sections in this Guide are unclear or incomplete please let us know by contacting Customer Care http www eset com sup...

Page 31: ...Appendix A PHP License...

Page 32: ...ll be given a distinguishing version number Once covered code has been published under a particular version of the license you may always continue to use it under the terms of that version You may als...

Reviews: