F-SECURE LINUX SECURITY Скачать руководство пользователя страница 53

Страница: 53 / 219

Firewall Rules

Firewall rules

define what kind of Internet traffic is allowed or blocked.

Each

security level

has a predefined set of

firewall rules

, which you cannot change. The selected

security level affects the priority which your own rules receive in relation to the predefined rules.

firewall rule

can be applied to traffic from the Internet to your computer (inbound), or from

your computer to the Internet (outbound). A rule can also be applied to both directions at the
same time.

firewall rule

consists of

firewall services

, which specify the type of traffic and the

ports

that

this type of traffic uses. For example, a rule called

Web browsing

has a service called

HTTP

which uses the TCP and

port

number 80.

Firewall rules

also define whether firewall

alert

pop-ups are shown to you about the traffic that

matches the

firewall rules

When do you have to add a new firewall rule?

You may have to add a new firewall rule if you want to allow traffic that is
blocked or if you want to block specific Internet traffic.

By adding all the services that the program or device needs to the same rule,
you can easily:

•

turn the rule on or off later, or

•

remove the rule if you uninstall the program or remove the device.

You also have to add a new rule if you have denied certain type of traffic but
you want to allow it to certain IP addresses. In this case, you already have a
general "deny"

firewall rule

. To allow the traffic to certain IP addresses, you

have to create a more specific "allow" rule.

Firewall Services

Firewall services

define the type of traffic to which a

firewall rule

applies.

Network services

, such as web browsing,

file sharing

remote console access

, are examples

of these firewall services.

A service uses a certain

protocol

and

port

. For example, the HTTP service uses the TCP

protocol

and the

port

number 80.

A firewall service uses two kinds of ports:

•

Initiator port

: the

port

on the computer that starts the connection.

F-Secure Linux Security | Using the Product |

Содержание LINUX SECURITY

Страница 1: ...F Secure Linux Security...

Страница 2: ......

Страница 3: ...ter 2 Deployment 11 Deployment on Multiple Stand alone Linux Workstations 12 Deployment on Multiple Centrally Managed Linux Workstations 12 Central Deployment Using Image Files 12 Chapter 3 Installati...

Страница 4: ...34 I Want to 34 Scanning for Viruses 37 What are Viruses and Other Malware 37 Stopping Viruses and Other Malware 40 Methods of Protecting the Computer from Malware 42 Firewall Protection 50 What Is a...

Страница 5: ...es 74 Appendix A Command Line Tools 77 fsav 78 fsav config 78 dbupdate 80 fsfwc 80 fsic 81 fsims 81 fsma 82 fssetlanguage 83 fschooser 83 Appendix B Before You Install 85 64 bit Distributions 86 Distr...

Страница 6: ...Scheduled Scanning 99 Manual Scanning 100 Firewall 105 General Settings 105 Rules 106 Network Services 106 Integrity Checking 107 Known Files 107 Rootkit Prevention 107 General Settings 108 Communicat...

Страница 7: ...eal time antivirus and riskware protection and a host intrusion prevention HIPS functionality that provides protection against unauthorized connection attempts from network unauthorized system modific...

Страница 8: ...onfigured to scan a limited set of files the manual scanning can be used to scan the full system or you can use the scheduled scanning to scan the full system at regular intervals Automatic Updates ke...

Страница 9: ...nts write attempts and alerts the administrator Key Features and Benefits The product offers superior protection against viruses and worms and is transparent to end users Superior Protection against V...

Страница 10: ...ot possible to install for example a trojan version of a software The administrator can define that all Linux kernel modules are verified before the modules are allowed to be loaded An alert is sent t...

Страница 11: ...Chapter 2 Deployment Topics Deployment on Multiple Stand alone Linux Workstations Deployment on Multiple Centrally Managed Linux Workstations Central Deployment Using Image Files...

Страница 12: ...few Linux computers the web user interface can be used to manage Linux workstations instead of F Secure Policy Manager Deployment on Multiple Centrally Managed Linux Workstations If computers are mana...

Страница 13: ...nly hosts on which the image file will be installed should be imported 3 Run the following command etc init d fsma clearuid The utility program resets the Unique ID in the product installation 4 Shut...

Страница 14: ......

Страница 15: ...Chapter 3 Installation Topics System Requirements Stand alone Installation Centrally Managed Installation Upgrading Custom Installations Creating a Backup Uninstallation...

Страница 16: ...8 04 LTS Hardy Heron The following 64 bit AMD64 EM64T distributions are supported with 32 bit compatibility packages Asianux 2 0 Asianux Server 3 0 Debian 4 0 Fedora Core 7 Red Hat Enterprise Linux 4...

Страница 17: ...Firefox browsers Note About Dazuko Version The product needs the Dazuko kernel module for the real time virus protection integrity checking and rootkit protection Dazuko is an open source kernel modu...

Страница 18: ...ks are added to the crontab when they are created Network Resources When running the product reserves the following IP ports Comment Port Protocol Interface Web User Interface internal communication p...

Страница 19: ...he following command to extract the installation file tar zxvf f secure linux security version build tgz 2 Make sure that the installation file is executable chmod a x f secure linux security version...

Страница 20: ...products Use the Advanced mode You will need to install the product using an account with root privileges 1 Copy the installation file to your hard disk Use the following command to extract the instal...

Страница 21: ...all alerts generated with the earlier version Manual scanning scheduled scanning and database update settings have changed in version 5 30 and later If you have modified these settings before the upg...

Страница 22: ...he following directories and files to uninstall it opt f secure fsav var opt f secure fsav etc opt f secure fsav usr bin fsav usr share man man1 fsav 1 usr share man man5 fsav conf 5 usr share man man...

Страница 23: ...for Custom Installation The RPM files can be extracted from the installation package if you need to create a custom installation package The product installation package is a self extracting package w...

Страница 24: ...the local account to use for the web user interface login user USER Turn on the kernel module verification kernelverify Turn off the kernel module verification nokernelverify Specify the passphrase f...

Страница 25: ...le for detailed descriptions of the available settings Using The Product With Samba Servers The product can protect the whole Samba server in addition to the data on shared directories All the protect...

Страница 26: ...n that you want to administer 2 Select Linux Security 7 00 and open the Firewall tab 3 In the Rules section check that you have the security level you want to edit 4 Click Add Before 5 In the Rule Wiz...

Страница 27: ...f secure tar xpsf backup filename tar etc init d fsaua start etc init d fsma start Make sure that fsma and fsaua users and fsc group exist after the backup has been restored for exampe by backing up a...

Страница 28: ......

Страница 29: ...Chapter 4 Administering the Product Topics Basics of Using F Secure Policy Manager Accessing the Web User Interface Testing the Antivirus Protection...

Страница 30: ...for Linux F Secure Management Agent and F Secure Automatic Update Agent branches to change the behavior of the product as well For more information about F Secure Policy Manager see F Secure Policy M...

Страница 31: ...ngs Testing the Antivirus Protection To test whether the product operates correctly you can use a special test file that is detected as a virus The EICAR EICAR is the European Institute of Computer An...

Страница 32: ......

Страница 33: ...ction If you allow the remote access to the web user interface you can access it with the following HTTPS address https host domain 28082 Integrity Checking General Settings Where host domain is eithe...

Страница 34: ...ant the product to disinfect infected files the product must have write access to the files Check and edit the manual scanning settings before you start the manual scan 1 To start the full computer sc...

Страница 35: ...defined b Select the profile where you want to add a new rule and click Add new rule to create a new rule c Select Accept or Deny as a rule Type to choose whether the rule allows or denies the servic...

Страница 36: ...latest updates to your computer when you are connected to the Internet Information about the latest virus definition database update can be found at http www F Secure com download purchase updates sht...

Страница 37: ...e added to the baseline during the installation are set to Allow and Alert protection mode Note The default list of known files is generated upon installation and contains the most important system fi...

Страница 38: ...not designed specifically to harm the computer but it has security critical functions that may harm the computer if misused These programs perform some useful but potentially dangerous function Exampl...

Страница 39: ...dmin RiskTool Server FTP Server Proxy Server Telnet Server Web Tool List of platforms Apropos BAT Casino ClearSearch DOS DrWeb Dudu ESafe HTML Java JS Linux Lop Macro Maxifiles NAI NaviPromo NewDotNet...

Страница 40: ...ministrator Protection Against Kernel Rootkits If an attacker has gained an access to the system and tries to install a kernel rootkit by loading a kernel module for example through sbin insmod or sbi...

Страница 41: ...the infected file Does Real Time Scanning Affect the System Performance The amount of time and system resources that real time scanning takes depends on the contents location and type of the file File...

Страница 42: ...nd Choose one of the following actions Select Report and deny access to display and alert about the found virus and block access to it No other action is taken against the infected file View Alerts to...

Страница 43: ...condary action The secondary action takes place if the primary action cannot be performed By default the secondary action is Deny access After configuring the suspected file settings configure how ale...

Страница 44: ...les every time they are opened turn on Scan when opening a file 6 If you want to scan files every time they are closed turn on Scan when closing a file 7 If you want to scan files every time when they...

Страница 45: ...eport and deny access to display and alert about the found riskware and block access to it No other action is taken against the infected file View Alerts to check security alerts Not available during...

Страница 46: ...nnot cause any damage The renamed file has virus extension Select Delete to delete the infected file By default the primary action for infections is Disinfect 2 Select the secondary action The seconda...

Страница 47: ...rectory on a new line only one directory per line If scanning a certain directory takes a long time and you know that no user can create or copy an infected file in it or you get false alarms during t...

Страница 48: ...archive 4 If you want the archive scan to stop immediately when it finds an infected file turn on Stop on first infection inside an archive to stop scanning the archive If the setting is turned off t...

Страница 49: ...e web user interface click Modify advanced settings to view and configure advanced virus scanning settings Note that the scheduled scanning tasks use the Manual Scanning settings To set the scanning s...

Страница 50: ...ovides protection against information theft as unauthorized access attempts can be prohibited and detected The firewall keeps the computer protected after the product is installed automatically What I...

Страница 51: ...before it can be taken into use Allows normal web browsing and file retrievals HTTP HTTPS FTP as well as e mail and Mobile Usenet news traffic Encryption programs such as VPN and SSH are also allowed...

Страница 52: ...you want to use in the Firewall Protection Editing Security Profile Different security profiles can be assigned and edited to suit different users needs Each security profile has a set of pre configur...

Страница 53: ...may have to add a new firewall rule if you want to allow traffic that is blocked or if you want to block specific Internet traffic By adding all the services that the program or device needs to the s...

Страница 54: ...to allow traffic that is blocked or if you want to block specific net traffic When you create or edit firewall rules you should allow only the needed services and deny all the rest to minimize securit...

Страница 55: ...e network interfaces you want the rule to apply to the Flag field The rule is applied to all network interfaces if you leave the Flag field empty For example if eth0 if eth3 h Click Add Service to Thi...

Страница 56: ...Settings tab you can select network packet logging settings and configure trusted network interfaces Logging Unhandled Network Packets You can log unhandled network packets in problem solving situati...

Страница 57: ...modification attempts of the monitored files Known Files List The Known Files List contains all files that the product monitors and protects The baseline is created from the Known Files List by readin...

Страница 58: ...nds an alert when the file is modified Alert Displays whether the file is monitored or protected Protected files cannot be modified Protection while monitored files are only monitored and can be modif...

Страница 59: ...anges to file group are ignored Size Changes to file size are ignored Modification time Changes to file modification time are ignored Hash Changes to the content of the file are ignored Note Ignoring...

Страница 60: ...Software Installation Mode when you want to update or modify protected files To access the Software Installation Mode follow these instructions 1 Open the Web User Interface 2 Go to I want to page 3 C...

Страница 61: ...ing the passphrase should be limited Verify Baseline You can verify the baseline manually to make sure that your system is safe and all baselined files are unmodified 1 Enter your passphrase to verify...

Страница 62: ...cts a write attempt to dev kmem file but it does not prevent the write operation 3 Specify Allowed kernel module loaders Specified programs are allowed to load kernel modules when the kernel module ve...

Страница 63: ...alert For example a virus alert The alert includes information of the infection and the performed operation Processing Alerts You can search and delete specific alerts from hosts To find the alert me...

Страница 64: ...mail Local Alert is displayed in the Web User Interface Syslog Alert is written to the system log The syslog facility is LOG_DAEMON and alert priority varies Policy Manager Alert is sent to F Secure...

Страница 65: ...url to the PM Proxy address field b Click Add PM Proxy to add the new entry to the list 3 Configure HTTP Proxy if you need to use proxy to access the Internet a Check the Use HTTP Proxy check box to u...

Страница 66: ...anager Proxy offers a solution to bandwidth problems in distributed installations of the product by significantly reducing load on networks with slow connections When you use F Secure Policy Manager P...

Страница 67: ...Chapter 6 Troubleshooting Topics Installing Required Kernel Modules Manully User Interface F Secure Policy Manager Integrity Checking Firewall Virus Protection Generic Issues...

Страница 68: ...does not show any errors the product is working correctly fsav compile drivers is a shell script that configures and compiles the Dazuko driver automatically for your system and for the product For mo...

Страница 69: ...init d fsma restart How can I get the F icon visible in the system tray You may need to logout and login again to get the F icon in your systray If you are using GNOME Desktop make sure you have a no...

Страница 70: ...and the file where the symlink points to is not in the baseline For example modprobe uses lib libz so 1 which is really a symlink to a real file lib libz so 1 2 2 The symlink is in the baseline but t...

Страница 71: ...mba shares on my computer how can I fix this The Office firewall profile contains a rule that allows Windows Networking but that rule is disabled by default Enable the rule to allow accesses to samba...

Страница 72: ...wsing should work now How can I set up firewall rules to access NFS servers You need to allow the following network traffic through the firewall portmapper tcp and udp port 111 nfsd tcp and udp 2049 m...

Страница 73: ...se the setting in the Automatic Updates page in the advanced mode Does the real time scan work on NFS server If the product is installed on NFS server the real time scan does not scan files automatica...

Страница 74: ...the product How can I clean an interrupted installation If the product installation is interrupted you may have to remove the product components manually 1 List all installed rpm packages rpm qa grep...

Страница 75: ...ing to scan consider adding it to the excluded list 4 If you are using the centralized administration mode make sure that the DNS queries return addresses quickly or use IP addresses with F Secure Pol...

Страница 76: ...ed to compile kernel drivers manually how do I do that You may need to compile kernel drivers that the product need manually if you did not have compilers and other required tools intalled during the...

Страница 77: ...Appendix A Command Line Tools For more information on command line tools and options see man pages Topics fsav fsav config dbupdate fsfwc fsic fsims fsma fssetlanguage fschooser...

Страница 78: ...uch slower than scanning the local file system If you want to scan the network file system run fsav on the server If you cannot run fsav on the server you can scan the network file system from the cli...

Страница 79: ...trally managed installation enter the address of the F Secure Policy Manager Server Address of F Secure Policy Manager Server http localhost b In the centrally managed installation enter the location...

Страница 80: ...ly from the command line 1 Download the fsdbupdate run file from http download f secure com latest fsdbupdate run fsdbupdate run is a self extracting file that stops the automatic update agent daemon...

Страница 81: ...n the baseline opt f secure fsav bin fsic baseline c Enter a passphrase to create the signature In this example the product is also configured to send an alert about unauthorized modification attempts...

Страница 82: ...n F Secure Management Agent opt f secure fsav bin fsfwd run F Secure Firewall Daemon and the iptables netfilter firewall Checks and informs how many days are left in the opt f secure fsav libexec fslm...

Страница 83: ...cure fsav bin fssetlanguage language Where language is en english ja japanese de german fschooser With fschooser you can turn certain product features or or off You can turn off some product component...

Страница 84: ...Note Press ctrl C to cancel your changes 84 F Secure Linux Security Command Line Tools...

Страница 85: ...eriodically from cron to make linked libraries run faster Run this manually 64 bit Distributions if it is not run automatically before you activate the Integrity Checker Distributions Using Prelink Re...

Страница 86: ...tions like Asianux run prelink periodically from cron to reduce the startup time of binaries which use dynamic libraries Prelinking modifies binaries and dynamic libraries on the disk which conflicts...

Страница 87: ...that the administrator has to enter Red Hat Enterprise Linux Miracle Linux Asianux The following steps are required to install the product on a computer running Red Hat Enterprise Linux Miracle Linux...

Страница 88: ...anux 3 0 Make sure that the following packages are installed For example use the search tab in Applications Add Remove Software or use the rpm command gcc glibc devel glibc headers kernel devel Debian...

Страница 89: ...nents during the installation Turbolinux The following steps are required to install the product on a computer running Turbolinux Turbolinux 10 You need to install the Turbolinux package groups Develo...

Страница 90: ...on a computer running Ubuntu Linux Ubuntu 6 06 You need to install the compiler kernel headers RPM and possibly additional utilities to be able to install the product To install them use the followin...

Страница 91: ...Appendix C Basic Web User Interface Following tables display the settings that appear on the Basic Web User Interface Topics I Want To...

Страница 92: ...atic Updates page in Update virus definitions Advanced Mode where you can alter the settings for automatic virus definition updates You should use this wizard to set the product Install software in so...

Страница 93: ...ndix D Advanced Web User Interface Following tables display the settings that appear on the Advanced Web User Interface Topics Summary Alerts Virus Protection Firewall Integrity Checking General Setti...

Страница 94: ...ccording the currently active security level When enabled Integrity Checking will detect modification of baselined files Firewall Protection Alerts The following user interface controls appear on the...

Страница 95: ...ad simultaneously Select how old and which alert severity messages you want to edit and click Perform action to delete or mark selected messages as read Virus Protection Following tables display the v...

Страница 96: ...ted file to suspected extension Delete Delete the infected file Deny access Deny access Do not send an alert If the primary action fails the secondary action is applied If also the secondary actions f...

Страница 97: ...s List of executables for which all file access is Whitelisted executables Whitelisted executables must match baseline always allowed Enter full paths to executables one per line Executable on the whi...

Страница 98: ...d If set to Yes password protected archives are considered to be safe and access is allowed Otherwise access is not allowed Defines what happens when the first infection Stop on first infection inside...

Страница 99: ...he infected file Deny access Deny access Do not send an alert If the primary action fails the secondary action is applied If also the secondary actions fails an alert is sent describing the failed act...

Страница 100: ...ile Rename Rename the infected file to virus extension Delete Delete the infected file Custom Run a command specified in the custom primary action field Abort scan Abort further scanning If both prima...

Страница 101: ...describing the failed actions If Custom is chosen as the secondary action Secondary custom action the custom action must be specified here Please note that the custom action will be executed as the s...

Страница 102: ...actions fails an alert is sent describing the failed actions Specify whether the product should scan all Scan files files or only the files that match the extensions specified in the Extensions to Sca...

Страница 103: ...n is launched The supported archive formats include for example tar gz zip Defines how many levels deep to scan in Maximum number of nested archives nested archives It is not recommended to set this v...

Страница 104: ...n fails the secondary action is applied If also the secondary actions fails an alert is sent describing the failed actions Specify the secondary action to take when Secondary Riskware Action riskware...

Страница 105: ...enabled the firewall rules of the currently selected security level are applied to inbound and outbound packets When disabled all traffic is allowed To disable the firewall component completely use th...

Страница 106: ...his table contains the firewall rules Firewall Firewall Rules rules filter IP packets based on IP addresses port numbers etc Note that there usually are more than one security level defined and that y...

Страница 107: ...evention The following user interface controls appear on the Advanced User Interface Integrity Checking Rootkit Prevention page Description Element When enabled integrity checking will verify Kernel m...

Страница 108: ...the general settings Communications The following user interface controls appear on the Advanced User Interface General Communications page Description Element URL of the F Secure Management Server T...

Страница 109: ...alert message subject Besides the text Subject the following symbols could be used SEVERITY informational warning error fatal error security alert HOST_DNS DNS address of the host that sent the alert...

Страница 110: ...Proxy is used to reduce the load on the server by caching Policy Manager content in the proxy F Secure Automatic Update Agent will first connect to the Policy Manager Update Server through the config...

Страница 111: ...the time of how long F Secure Intermediate server failover time min Automatic Update Agent should try to connect to Intermediater server before switching over to F Secure Update server Specifies if t...

Страница 112: ...days must have passed Database age in days before reminders are sent since the publishing of currently used virus definitions before the user is reminded of the need to update them 112 F Secure Linux...

Страница 113: ...has Security alert 711 been compromised or the passphrase used to verify the baseline is incorrect File failed integrity check Security alert 730 Could not save the baseline entries to policy Error 7...

Страница 114: ...riod expired Security alert 170 Evaluation version Informational 171 Virus Alert Security alert 200 Virus Alert Disinfected Security alert 201 Virus Alert File deleted Security alert 202 Virus Alert F...

Страница 115: ...or missing F Secure Corporation certificate Warning 518 Bad or missing certificate from virus definition database publisher Warning 519 No certificate from the publisher matches the manifest file cert...

Страница 116: ...atabase type Warning 552 DBTool The list of DBTool traps Description Severity Trap Number File was not found Error 4 Cannot open file Error 308 File is encrypted Error 309 Scanning of a file could not...

Страница 117: ...urity alert 200 Virus Alert Disinfected Security alert 201 Virus Alert File deleted Security alert 202 Virus Alert File renamed Security alert 203 Virus Alert Action failed Security alert 205 Riskware...

Страница 118: ...sed Security alert 730 Integrity checker prevented a modification attempt to a protected file Security alert 731 Kernel module loader tried to open unbaselined file Security alert 733 Kernel module lo...

Страница 119: ...created on the current directory The report contains information about F Secure products as well as operating system logs and system settings The collected data is essential for problem solving and tr...

Страница 120: ...G 1 G Man Pages fsav 2 fsavd 32 dbupdate 48 fsfwc 52 fsic 55 fschooser 62 fsims 64 fssetlanguage 67...

Страница 121: ...s viruses and DOS file viruses F Secure Security Platform can also detect spy ware adware and other riskware in selected products fsav can scan files inside ZIP ARJ LHA RAR GZIP TAR CAB and BZ2 archiv...

Страница 122: ...out Treat the timeout as error e or clean c archive on off yes no 1 0 Scan files inside archives default Archives are still scanned as normal files with or without this option See NOTES section below...

Страница 123: ...ath The default is This option cannot be used to change the database directory of fsavd that is running The option is effective only when fsav launches fsavd The default value is var opt f secure fsav...

Страница 124: ...xtensions ext ext Specify the list of filename extensions to be scanned You can use or as wildcard characters The default list is fse on off yes no 1 0 Enable disable the FS Engine for the scan and th...

Страница 125: ...rror for the file See NOTES section below about nested archives If the value is set to 0 the archive is scanned but if it contains another archive fsav reports a scan error for the file The default va...

Страница 126: ...ime field raw on off yes no 1 0 Write ESC character 033 as is to output By default ESC char acter is shown in reverse video as string ESC riskware on off yes no 1 0 Report riskware detections Riskware...

Страница 127: ...an finishes or a scan error occurs short on off yes no 1 0 Use the short output format Only the path to infected or renamed files is shown shutdown By default fsavd does not immediately exit after com...

Страница 128: ...take when a suspected virus infection is found report only to terminal and as an alert rename or delete remove suspected action2 none report rename delete remove Secondary action to take if the primar...

Страница 129: ...f yes no 1 0 Do not scan files equal or larger than 2 GB 2 147 483 648 bytes If this option is not set an error will be reported for large files version Show F Secure Security Platform version engine...

Страница 130: ...imary action SCAN REPORTS By default fsav reports the infected and suspected infections to stdout Scan errors are reported to stderr An example of an infection in the scan report tmp eicar com Infecte...

Страница 131: ...tput tmp test txt clean The archive option scans the archive content and the output is as follows for the infected or suspected archive content tmp eicar zip eicar com Infected EICAR Test File AVP whe...

Страница 132: ...the infected suspected riskware file The user running the scan must have write access to the directory in order to delete the file By default actions are confirmed before the execution For example fo...

Страница 133: ...figuration file has failed because of the invalid syntax Resolution Edit the configuration file Could not open exclude file file path OS error Explanation A file path to the exclude option does not ex...

Страница 134: ...e new values in use Maximum nested archives value user given value is not valid in configura tion file file path line line number Explanation The maxnestedarchives field in the configuration file is n...

Страница 135: ...solution Edit the configuration file Scan timeout value user given value is out of range in configuration file file path line line number Explanation The timeout field in the configuration file is les...

Страница 136: ...ors are written to the standard error stream stderr In case of fatal error program execution stops immediately with exit code 1 Fatal erros reported by fsav and the descriptions are listed below Error...

Страница 137: ...atal error status exit code 1 The user has to correct the command line parameters and start the fsav again Unknown command line option option Explanation The user has given unknown option from the com...

Страница 138: ...either does not exist is not accessible or is too long from the configuration file Resolution The user has to correct the path and start fsav again Database directory directory path is not valid OS er...

Страница 139: ...planation The user has entered an illegal scan timeout value from the command line Resolution The user has to correct command line options and try again Illegal maximum nested archives value value Exp...

Страница 140: ...do anything If fsavd is running but the user does not have rights to access to the socket the user may try to use kill 1 command to shutdown the server Failed to launch fsavd Explanation fsavd is not...

Страница 141: ...directory file path Explanation The database update directory given in the configuration file or from the command line is same as in use database directory Resolution The user has to change the datab...

Страница 142: ...e lock for lock file file path Explanation The database update process has failed to acquire the lock for lock file in the database directory Resolution The database update process does not have prope...

Страница 143: ...tion fsavd is halted The user should remove the update flag file manually SCAN ERRORS fsav scan errors are written to the standard error stream stderr In case of scan error file scanning is immediatel...

Страница 144: ...path ERROR Password protected file engine name Explanation The scan engine could not open the file for scanning because the file is password protected i e encrypted Resolution The user may try to decr...

Страница 145: ...scan engine Explanation The file scan failed because too many nested archives encountered Resolution Increase maximum nested archives limit and try to scan again Scanning file file path failed connect...

Страница 146: ...i Virus Research See the instructions for more information EXIT CODES fsav has following exit codes 0 Normal exit no viruses or suspicious files found 1 Fatal error unrecoverable error Usually a missi...

Страница 147: ...des in following priority order 130 7 1 3 4 8 6 9 0 EXAMPLES Scan a file test exe using the default configuration file If fsavd is not running fsavd is launched fsav test exe Scan files in a directory...

Страница 148: ...smbshare Scan files found by find 1 command and feed the scan report to the mail 1 com mand find mnt smbshare type f fsav input 2 1 mail s FSAV Report admin localhost Scan files found by the find 1 c...

Страница 149: ...containing only other ZIP archives can be nested up to 29 archives The archive scanning consumes memory and scanning big archives takes lot of time during which fsavd process can not process other sca...

Страница 150: ...CHAPTERG G 31 For more information see F Secure home page...

Страница 151: ...savd is launched by the fsav client fsavd terminates automatically after 30 seconds of idle time when no client has connected to fsavd during that time If you want fsavd to stay loaded in the memory s...

Страница 152: ...an engines from the directory path The default is pidfile path Create a file containing the process identifier and remove it on the normal exit Without this option no pid file is created If path is no...

Страница 153: ...e also given for the group The setting is affected by the current umask The socket mode can be changed with the socketmode option from policy settings avpriskware on off yes no 1 0 Enable disable risk...

Страница 154: ...n to the following activity log entries Failed to scan file file path error message scan engine Explanation The scan engine reports it failed to scan the file The error message contains the reason for...

Страница 155: ...figuration file has an incorrect value Resolution fsavd tries to proceed The user has to edit the configuration file and set the action field to one of the following disinfect rename or delete The use...

Страница 156: ...avd to take values in effect Illegal scan executables value user given value in configuration file file path line line number Explanation The scanexecutables field in the configuration file has an inc...

Страница 157: ...d in configura tion file file path line line number Explanation The maxnestedarchives field in the configuration file is not a number Resolution fsavd tries to proceed The user has to edit the configu...

Страница 158: ...onfiguration file contains an unknown option name Resolution fsavd tries to proceed The user has to edit the configuration file and restart fsavd Unknown syslog facility user given value in configurat...

Страница 159: ...ls to start fsavd will tries to restart the scan engine The user needs to perform database update and possibly restart fsavd if fsavd fails to start the scan engine automatically Database file file pa...

Страница 160: ...o start fsavd tries to restart the scan engine The user needs to perform database update and possibly restart fsavd if fsavd fails to start the scan engine automatically engine name scan engine initia...

Страница 161: ...writes logs to default logfile stderr The user may reconfigure the logfile location and restart fsavd Cannot change working directory to file path Explanation fsavd failed change working directory da...

Страница 162: ...th which either does not exist is not accessible or is too long from the configuration file Resolution fsavd exits with error status The user has to correct the path and start fsavd again Database dir...

Страница 163: ...and line Resolution fsavd exits with error status The user has to correct the path and start the fsavd again Could not open configuration file file path OS error message Explanation The configuration...

Страница 164: ...un out of memory Explanation The accept 2 has failed because system ran out of the memory Resolution fsavd exits with error status The user has to free some memory and start fsavd again FILES etc opt...

Страница 165: ...fsavd as a background daemon process using fssp test conf as a configuration file fsavd config file fssp test conf Check fsavd scan engine and database versions fsavd version Bugs Please refer to Know...

Страница 166: ...CHAPTERG G 47 dbupdate 8 fsav 1 For more information see F Secure home page...

Страница 167: ...a shell script for updating F Secure Security Platform Virus Definition Databases It can update databases downloaded by F Secure Automatic Update Agent a fully automatic background process or databas...

Страница 168: ...ted using daastool and dbtool After the validation database files are copied to databasedirectory using the fsav dbup date updatedirectory command ERROR CODES If update with F Secure Automatic Update...

Страница 169: ...no new updates were available 1 An error has occurred See program output and var opt f secure fssp dbupdate log for details 2 Virus definition databases were succesfully updated BUGS Please refer to...

Страница 170: ...CHAPTERG G 51 fsav 1 and fsavd 8 For more information see F Secure home page...

Страница 171: ...ut any options it will show current security level and minimum allowed Options mode block server mobile office strict normal bypass Will set firewall to requested security level if allowed by minimum...

Страница 172: ...nd the host Any outgoing TCP connec tions are allowed A rule to allow Windows networking inside the same network is included but is not enabled by default strict Very much like the mobile profile exce...

Страница 173: ...CHAPTERG G 54 4Invalid arguments AUTHORS F Secure Corporation COPYRIGHT Copyright c 1999 2008 F Secure Corporation All Rights Reserved SEE ALSO For more information see F Secure home page...

Страница 174: ...y options fsic will verify all files in the known files list and report any anomalies Options V verify options Default operation if invoked without any options Verify the sys tem and report any deviat...

Страница 175: ...isables the auto switch same as if auto would not have been given at all default no force check all Check all attributes of the file even if some of them were marked as ignored when add ing the file v...

Страница 176: ...command line OR stdin to baseline This option has same sub options as baseline a add options target Add a target s to the known files list Targets must be real files or links By default all files are...

Страница 177: ...st A new baseline needs to be generated after all file deletions have been performed no progress bar Can be used to disable progressbar This is useful for example when verifying with show all verify a...

Страница 178: ...h is changed and inode data is still same then file contents has been modified and it s mtime set back to what it was with utime man 2 utime If show details is specified then deviations against baseli...

Страница 179: ...adding files to new baseline For example bin ls Accept to baseline Yes No All yes Disregard new entries If file has been modified fsic will ask Note bin ls seems to differ from baselined entry Want t...

Страница 180: ...ssphrase or Files do not match baselined information or A virus was detected in one of the files FILES None EXAMPLES None NOTES None BUGS None AUTHORS F Secure Corporation COPYRIGHT Copyright c 1999 2...

Страница 181: ...are ready to exit the tool The product will be automatically restarted in order to apply the changes Currently Firewall and Web User Interface are the only components that this tool can be used for I...

Страница 182: ...base will still be running so any alerts received will be available in the Web User Interface when it is re enabled BUGS None AUTHORS F Secure Corporation COPYRIGHT Copyright c 2008 F Secure Corporati...

Страница 183: ...sion and or new kernel modules If software installation mode is not used when installing a new kernel and or kernel modules F Secure Linux Security might prevent the new kernel from booting up This ha...

Страница 184: ...ine is auto matically regenerated and a new passphrase must be entered RETURN VALUES fsims returns the following return values 0Operation performed successfully 1User tried to execute fsims without ro...

Страница 186: ...er the product is restarted the default language selected with this tool will be activated The tool will try to find a suitable locale on the computer where it is run and gives a warning if one was no...

Страница 187: ...uage RETURN VALUES fssetlanguage always returns 0 FILES None EXAMPLES None NOTES None BUGS None AUTHORS F Secure Corporation COPYRIGHT Copyright c 2008 F Secure Corporation All Rights Reserved SEE ALS...

Страница 188: ...H 69 H Config Files fsaua_config 70 fssp conf 75...

Страница 189: ...ndalone mode This option only has effect if FSMA is installed and configured properly The default is yes which means centrally managed mode enable_fsma yes Update servers This directive controls which...

Страница 190: ...Examples update_servers http pms update_servers http server1 http backup_server1 http backup_server2 update_servers Update proxies This directive controls which Policy Manager Proxies the Automatic Up...

Страница 191: ...ser passwd address port http user passwd address port Examples http_proxies http proxy1 8080 http backup_proxy 8880 http_proxies Poll interval This directive specifies in seconds how often the Automat...

Страница 192: ...ut Specifies the timei after which Automatic Update Agent is allowed to check for updates from update servers hosted by F Secure This is the time elapsed in seconds since the last successful connectio...

Страница 193: ...log information on each succesful download and all errors nolog log nothing The default is normal log_level normal Log Facility Specify the syslog facility for Automatic Update Agent Possible values...

Страница 194: ...match the extensions specified in the Extensions to Scan setting Possible values 0 All files 1 Only files with specified extensions odsFileScanFiles 0 Specify the list of filename extensions to be sca...

Страница 195: ...tar td0 tgz tlb tsp tt6 vbe vbs v wp vxd wb wiz wml wpc ws xl zip zl Specify whether executables should be scanned If a file has any user group other executable bits set it is scanned regardless of t...

Страница 196: ...if they would be included in scanning according to what is defined in the other scanning settings Possible values 0 Disabled 1 Enabled odsFileEnableExcludedPaths 1 Specifies whether archives should b...

Страница 197: ...than the limit a scan error is generated odsFileMaximumNestedArchives 5 Define whether MIME encoded data should be scanned for malicious content NOTE Current MIME decoding support does not work for m...

Страница 198: ...considered to be safe and access is allowed Otherwise access is not allowed Possible values 0 No 1 Yes odsFileIgnorePasswordProtected 1 Defines what happens when the first infection is found inside a...

Страница 199: ...ort scan 6 Custom odsFilePrimaryActionOnInfection 2 If Custom is chosen as the primary action the custom action must be specified here Please note that the custom action will be executed as the super...

Страница 200: ...e values 0 Do nothing 1 Report only 2 Disinfect 3 Rename 4 Delete 5 Abort scan 6 Custom odsFileSecondaryActionOnInfection 3 If Custom is chosen as the secondary action the custom action must be specif...

Страница 201: ...Action Specify the primary action to take when suspected infection is detected Possible values 0 Do nothing 1 Report only 3 Rename 4 Delete odsFilePrimaryActionOnSuspected 1 Specify the secondary acti...

Страница 202: ...0 Set this on to report and handle riskware detections Riskware is potential spyware Possible values 0 No 1 Yes odsScanRiskware 1 Type of riskware that should not be detected odsExcludedRiskware Spec...

Страница 203: ...ctionOnRiskware 1 Specify the secondary action to take when riskware is detected and the primary action has failed Possible values 0 Do nothing 1 Report only 3 Rename 4 Delete odsFileSecondaryActionOn...

Страница 204: ...ut 60 Specify the action to take after a scan timeout has occurred Possible values 0 Report as Scan Error 2 Report as Clean File odsFileScanTimeoutAction 0 Should actions be taken automatically or sho...

Страница 205: ...0 No 1 Yes odsInput 0 Print out all the files that are scanned together with their status Possible values 0 No 1 Yes odsList 0 Should infected filenames be printed as they are or should potentially da...

Страница 206: ...this because launching the daemon has considerable overhead Possible values 0 No 1 Yes 2 Auto odsStandalone 2 If No fsav command line client does not follow symlinks If Yes symlinks are followed This...

Страница 207: ...88 1 Yes odsFollowSymlinks 0 If enabled only infected filenames are reported Possible values 0 No 1 Yes odsSilent 0 If enabled only infected filenames are reported Possible values 0 No 1 Yes odsShort...

Страница 208: ...ange Possible values 0 No 1 Yes odsFilePreserveAccessTimes 0 Specifies how MIME messages with broken attachments will be handled If set to Yes files for which MIME decoding fails will be considered sa...

Страница 209: ...1 Yes odsFileIgnorePartialMime 0 Defines how MIME messages with broken headers should be handled If set to Yes broken MIME headers will be considered safe and access is allowed If set to No an error...

Страница 210: ...le values 0 No 1 Yes odsFileSkipLarge 0 If On the Libra scanning engine is used for scanning files If Off Libra is not used Possible values 0 Off 1 On odsUseLibra 1 If On the Orion scanning engine is...

Страница 211: ...scanning files If Off AVP is not used Possible values 0 Off 1 On odsUseAVP 1 F Secure internal Do not touch daemonAvpFlags 0x08D70002 Set this on to enable riskware scanning with the AVP scan engine I...

Страница 212: ...larger than this are not detected as MIME messages Increasing this number will increase scan time of large files daemonMaxMimeMessageSize 10485760 MIME recognition frame size specifies how many bytes...

Страница 213: ...e in use databases are kept daemonDatabaseDirectory var opt f secure fssp databases F Secure internal Do not change This is the directory into which new databases are stored before they are taken into...

Страница 214: ...Possible values 0 No 1 Yes daemonLogfileEnabled 0 Log file location stderr write log to standard error stream syslog write log to syslog facility Anything else is interpreted as a filename to write l...

Страница 215: ...ependent instances of the server daemonSocketPath tmp fsav Octal number specifying the mode permissions of the daemon socket See chmod 1 and chmod 2 unix manual pages daemonSocketMode 0600 If fsavd ha...

Страница 216: ...al2 local3 local4 local5 local6 local7 auth authpriv cron daemon ftp kern lpr mail news syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 daemonSyslogFacility daemon Obsolete se...

Страница 217: ...rt 3 Critical 4 Error 5 Warning 6 Notice 7 Info 8 Debug 9 Everything debugLogLevel 0 Specify the full name of the debug logfile debugLogFile var opt f secure fssp fssp log The keycode entered during i...

Страница 218: ...llation done installationTimestamp 0 F Secure internal Do not change Text to be printed every day during evaluation use naggingText EVALUATION VERSION FULLY FUNCTIONAL FREE TO USE FOR 30 DAYS nTo purc...

Страница 219: ...H 100 expiredText EVALUATION PERIOD EXPIRED nTo purchase license please check http www F Secure com purchase n...

Результаты поиска

Содержание LINUX SECURITY

Отзывы:

Похожие инструкции для LINUX SECURITY

Бренды по названию

Популярные бренды

F-SECURE LINUX SECURITY, Руководство пользователя

Результаты поиска

Содержание LINUX SECURITY

Отзывы:

Похожие инструкции для LINUX SECURITY

Бренды по названию

Популярные бренды