ESET FILE SECURITY, Installation Manual

Page: 17 / 32

17
program which provides continuous monitoring and control over the file system. Every file
system object is scanned based on customizable file access event types. The following event
types are supported by the current version:
Open events
This file access type is activated if the word 'open' is present in the 'event_mask‘ parameter in
the eset.cfg file ([dac] section). In this case, the ON_OPEN bit of Dazuko access mask is set to on.
Close events
This file access type is activated if the word 'close' is present in the 'event_mask‘ parameter in
the eset.cfg file ([dac] section). In this case, the ON_CLOSE bit and ON_CLOSE_MODIFIED bit of
Dazuko access mask is set to on.
NOTE:
Some OS kernel versions do not support the interception of ON_CLOSE events. In these
cases, close events will not be monitored by esets_dac.
Exec events
This file access type is activated if the word 'exec' is present in the 'event_mask' parameter in
the eset.cfg file ([dac] section). In this case the ON_EXEC bit of Dazuko access mask is set to on.
In summary, the On-access scanner ensures that all opened, closed and executed files are
scanned by the esets_daemon for viruses. Based on the result of such scans, access to given files
is denied or allowed.
5.2.2. Installation and configuration
As mentioned previously, the Dazuko kernel module must be compiled and installed within
the running kernel before
esets_dac
can be initialized. To compile and install Dazuko, please see:
http://www.dazuko.org/howto-install.shtml
.
Once Dazuko is installed, review and edit the [global] and [dac] sections of the ESETS
configuration file (esets.cfg). Note that the proper functioning of the On-access scanner is
dependent upon configuration of the ‘agent_enabled’ option within the [dac] section of this
file. Additionally, you must define the file system objects (i.e. directories and files) that are to be
monitored by the On-access scanner. This can be accomplished by defining the parameters of
the ‘ctl_incl’ and ‘ctl_excl’ options, which are also located within the [dac] section. After making
changes to the esets.cfg file, you can force the newly created configuration to be re-read by
reloading the
ESETS daemon
.
5.2.3. Tips
To ensure that the Dazuko module loads prior to initialization of the
esets_dac
daemon,
follow these steps:
Place a copy of the Dazuko module in either of the following directories, which are reserved
for kernel modules:
/lib/modules
or
/modules
Use the kernel utilities ‘depmod’ and ‘modprobe’ (For BSD OS, use ‘kldconfig’ and ‘kldload’) to
handle dependencies and successful initialization of the newly added Dazuko module.
In the
esets_daemon
initialization script ‘/etc/init.d/esets_daemon’, before the daemon
chapter 5
Integration with File System services