Linux用ウイルス対策製品のServerProtect for Linuxをインストールしてみました
ServerProtect for Linux
http://jp.trendmicro.com/jp/products/enterprise/sp-linux/
インストールする環境は
- OS
- Kernel
Red Hat Enterprise Linux Server release 6.3 (Santiago)
2.6.32-279.el6.x86_64
最新版はServerProtect for Linux 3.0で下記のサイトからダウンロードできます
http://downloadcenter.trendmicro.com/index.php?regs=jp&clk=latest&clkval=3388&lang_loc=13
今回利用したプログラムは
SPLX3-RHEL6.tgz
http://files.trendmicro.com/products/splx/SPLX3_RHEL6.tgz
「本モジュールをインストールした段階では、Service Pack 1 Patch 3 適用済の状態となります。」とありますのでこれ以降のパッチもダウンロードします
splx-30-lx-en-sp1-patch4.tar.gz
http://files.trendmicro.com/jp/ucmodule/splx/30/sp1_patch4/splx_30_lx_en_sp1_patch4.tar.gz
splx-30-lx-en-criticalpatch1366.tar.gz
http://files.trendmicro.com/jp/ucmodule/splx/30/criticalpatch/b1366/splx_30_lx_en_criticalpatch1366.tar.gz
さらにリアルタイムスキャンを機能させるためにKernel Hook Module(KHM)を下記のサイトから探してダウンロードします
ServerProtect for Linux 3 Kernel Support
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=111&lang_loc=1#fragment-111
今回はRHEL6用2.6.32-279.el6.x86-64を使用します
http://files.trendmicro.com/products/kernel/splx_kernel_module-3.0.1.0008.rhel6_2.6.32-279.el6.x86_64.tar.gz
これらのプログラムをインストールするサーバの適当なフォルダにコピーしておきます
- SPLX3_RHEL6.tgzの解凍
- SProtectLinux-3.0.binインストール
- 必要なライブラリのインストール
- 再度インストールの実行
- splx_30_lx_en_sp1_patch4.tar.gz適用
- splx_30_lx_en_criticalpatch1366.tar.gz適用
- KHMのコピー
- 自動起動の確認
- サービス再起動
|
1 2 3 4 5 6 7 8 |
[root@host1 ServerProtect3.0]# tar xvfz SPLX3_RHEL6.tgz SProtectLinux-3.0.bin md5sum [root@host1 ServerProtect3.0]# ls -l -rw-r--r-- 1 root root 154960982 7月 21 01:01 2013 SPLX3_RHEL6.tgz -r-xr--r-- 1 root root 154939191 7月 26 22:18 2011 SProtectLinux-3.0.bin -rw-r--r-- 1 root root 61 8月 15 10:47 2011 md5sum |
ライセンス許諾にyesのあとインストールが始まります
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@host1 ServerProtect3.0]# ./SProtectLinux-3.0.bin NOTICE: Trend Micro licenses its products in accordance with certain terms and conditions. By breaking the seal on the CD jacket in the Software package or (snip) DISTRIBUTION IS SUBJECT TO CIVIL AND CRIMINAL PENALTIES. SPLX version 3.0 Released June 29, 2007 Do you agree to the above license terms? (yes or no)yes Installing ServerProtect for Linux: Unpacking... Installing rpm file... エラー: 依存性の欠如: libz.so.1 は SProtectLinux-3.0-1353.x86_64 に必要とされています libuuid.so.1 は SProtectLinux-3.0-1353.x86_64 に必要とされています |
あら、エラーがでてしまいました
ServerProtect for Linuxは32bitプログラムなので32bitのライブラリが必要になります
必要なライブラリ一覧が下記のサイトのQ&Aにありました
Red Hat Enterprose Linux、CentOS 64ビット環境でServerProtect for Linux 3.0のインストール時に依存性チェックエラーが発生する
http://esupport.trendmicro.com/solution/ja-jp/1302795.aspx
今回不足していたのはlibuuid-2.17.2-12.7.el6.i686.rpmとzlib-1.2.3-27.el6.i686.rpmでしたので、この2つをインストール後に再度実行してみます
・ライセンス許諾でyes
・Control Manager(集中管理用ソフト)に登録するかでNo
・アクティベーションコードは無いので[Ctrl+D]でスキップ
・ウィルスに感染したらその情報をTrendに送信するかでNo
で取り敢えずインストールに成功しました。FAILEDが出ているのはこのカーネル用のKHMが無いからです
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
(snip) SPLX version 3.0 Released June 29, 2007 Do you agree to the above license terms? (yes or no) yes Installing ServerProtect for Linux: Unpacking... Installing rpm file... 準備中... ########################################### [100%] 1:SProtectLinux ########################################### [100%] Do you wish to connect this SPLX server to Trend Micro Control Manager? (y/n) [y] n Activate ServerProtect to continue scanning and security updates. Activation is a two-step process that you can complete during or after installation. Step 1. Register Use the Registration Key that came with your product to register online (https://olr.trendmicro.com/redirect/product_register.aspx). (Please skip this step if the product is already registered.) Step 2. Activate Type the Activation Code received after registration to activate ServerProtect. (Press [Ctrl+D] to abort activation.) Activation Code: World Virus Tracking Program Trend Micro consolidates virus-scanning results from worldwide customers, compiles real-time statistics, and displays them on the Virus Map (http://www.trendmicro.com/map). Use this map to view virus trends for each continent and selected countries. Yes, I would like to join the World Virus Tracking Program. I understand that when a virus is detected on my system, aggregated detection information, including virus names and number of detections, will be sent to the World Virus Tracking Program. It will not send out company names, individual names, machine names, site names, IP addresses, or any other identifying information. I understand that I can disable this automatic reporting function at any time by changing the configuration to "No" within the product's management console. No, I don't want to participate. Please input your choice [Yes] : No Starting services... Starting ServerProtect for Linux: Checking configuration file: [ OK ] Starting splxcore: Starting Entity: [ OK ] Loading splx kernel module: [FAILED] Starting vsapiapp: [FAILED] ServerProtect for Linux core started. [ OK ] Starting splxhttpd: Starting splxhttpd: [ OK ] ServerProtect for Linux httpd started. [ OK ] ServerProtect for Linux started. ServerProtect has not been activated. You must activate your product to enable scanning and security updates. The virus notification program is not started. This program only starts in K Desktop Environment (KDE). Start this program using the Quick Access console in KDE. ServerProtect for Linux installation completed. |
修正パッチを適用します
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
[root@host1 ServerProtect3.0]# tar xvfz splx_30_lx_en_sp1_patch4.tar.gz splx_30_lx_en_sp1_patch4.bin [root@host1 ServerProtect3.0]# ls -l splx_30_lx_en_sp1_patch4.bin -r-xr-xr-x 1 root root 81938667 1月 4 20:57 2012 splx_30_lx_en_sp1_patch4.bin [root@host1 ServerProtect3.0]# ./splx_30_lx_en_sp1_patch4.bin Installing ServerProtect for Linux 3.0 Service Pack 1 patch 4: Patch 4 must remove the previous SPLX 3.0 Patch RPM information from the RPM Database to avoid inconsistencies if a rollback is required. The removed RPM information will be stored in /opt/TrendMicro/SProtectLinux/Version.ini For more detailed information, please refer to the patch readme file. Do you want to continue and remove the previous RPM information? (yes or no) yes rpm: アンインストールするパッケージが指定されていません。 Unpacking... Installing rpm file... 準備中... ########################################### [100%] 1:splx-3.0-sp1-patch4 ########################################### [100%] Shutting down ServerProtect for Linux: Shutting down splxcore: Shutting down vsapiapp [FAILED] Unloading splx kernel module: [FAILED] Shutting down entity: [ OK ] ServerProtect for Linux core stopped normally. [ OK ] Shutting down splxhttpd: Shutting down splxhttpd: [ OK ] ServerProtect for Linux httpd stopped normally. [ OK ] ServerProtect for Linux stopped normally. Starting ServerProtect for Linux: Checking configuration file: [ OK ] Starting splxcore: Starting Entity: [ OK ] Loading splx kernel module: [FAILED] Starting vsapiapp: [FAILED] ServerProtect for Linux core started. [ OK ] Starting splxhttpd: Starting splxhttpd: [ OK ] ServerProtect for Linux httpd started. [ OK ] ServerProtect for Linux started. ServerProtect has not been activated. You must activate your product to enable scanning and security updates. ServerProtect for Linux 3.0 Service Pack 1 patch 4 installation completed. |
修正パッチsplx_30_lx_en_criticalpatch1366.tar.gzを適用します
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
[root@host1 ServerProtect3.0]# tar xvfz splx_30_lx_en_criticalpatch1366.ta r.gz splx_30_lx_en_criticalpatch1366/ splx_30_lx_en_criticalpatch1366/RedHat/ splx_30_lx_en_criticalpatch1366/RedHat/x86_64/ splx_30_lx_en_criticalpatch1366/RedHat/x86_64/libProductLibrary.so splx_30_lx_en_criticalpatch1366/RedHat/x86_64/CMconfig splx_30_lx_en_criticalpatch1366/RedHat/x86_64/EncryptAgentPassword splx_30_lx_en_criticalpatch1366/RedHat/x86_64/entity splx_30_lx_en_criticalpatch1366/RedHat/x86_64/splxmain splx_30_lx_en_criticalpatch1366/RedHat/x86_64/SPLX_CM_UI.zip splx_30_lx_en_criticalpatch1366/RedHat/i686/ splx_30_lx_en_criticalpatch1366/RedHat/i686/libProductLibrary.so splx_30_lx_en_criticalpatch1366/RedHat/i686/CMconfig splx_30_lx_en_criticalpatch1366/RedHat/i686/EncryptAgentPassword splx_30_lx_en_criticalpatch1366/RedHat/i686/entity splx_30_lx_en_criticalpatch1366/RedHat/i686/splxmain splx_30_lx_en_criticalpatch1366/RedHat/i686/SPLX_CM_UI.zip splx_30_lx_en_criticalpatch1366/RedHat6/ splx_30_lx_en_criticalpatch1366/RedHat6/x86_64/ splx_30_lx_en_criticalpatch1366/RedHat6/x86_64/libProductLibrary.so splx_30_lx_en_criticalpatch1366/RedHat6/x86_64/CMconfig splx_30_lx_en_criticalpatch1366/RedHat6/x86_64/EncryptAgentPassword splx_30_lx_en_criticalpatch1366/RedHat6/x86_64/entity splx_30_lx_en_criticalpatch1366/RedHat6/x86_64/splxmain splx_30_lx_en_criticalpatch1366/RedHat6/x86_64/SPLX_CM_UI.zip splx_30_lx_en_criticalpatch1366/RedHat6/i686/ splx_30_lx_en_criticalpatch1366/RedHat6/i686/libProductLibrary.so splx_30_lx_en_criticalpatch1366/RedHat6/i686/CMconfig splx_30_lx_en_criticalpatch1366/RedHat6/i686/EncryptAgentPassword splx_30_lx_en_criticalpatch1366/RedHat6/i686/entity splx_30_lx_en_criticalpatch1366/RedHat6/i686/splxmain splx_30_lx_en_criticalpatch1366/RedHat6/i686/SPLX_CM_UI.zip splx_30_lx_en_criticalpatch1366/cp_deploy_script.sh splx_30_lx_en_criticalpatch1366/SuSE/ splx_30_lx_en_criticalpatch1366/SuSE/x86_64/ splx_30_lx_en_criticalpatch1366/SuSE/x86_64/libProductLibrary.so splx_30_lx_en_criticalpatch1366/SuSE/x86_64/CMconfig splx_30_lx_en_criticalpatch1366/SuSE/x86_64/EncryptAgentPassword splx_30_lx_en_criticalpatch1366/SuSE/x86_64/entity splx_30_lx_en_criticalpatch1366/SuSE/x86_64/splxmain splx_30_lx_en_criticalpatch1366/SuSE/x86_64/SPLX_CM_UI.zip splx_30_lx_en_criticalpatch1366/SuSE/i686/ splx_30_lx_en_criticalpatch1366/SuSE/i686/libProductLibrary.so splx_30_lx_en_criticalpatch1366/SuSE/i686/CMconfig splx_30_lx_en_criticalpatch1366/SuSE/i686/EncryptAgentPassword splx_30_lx_en_criticalpatch1366/SuSE/i686/entity splx_30_lx_en_criticalpatch1366/SuSE/i686/splxmain splx_30_lx_en_criticalpatch1366/SuSE/i686/SPLX_CM_UI.zip [root@host1 ServerProtect3.0]# cd splx_30_lx_en_criticalpatch1366/ [root@host1 splx_30_lx_en_criticalpatch1366]# ls -l 合計 20 drwxr-xr-x 4 root root 4096 8月 24 10:56 2012 RedHat drwxr-xr-x 4 root root 4096 8月 24 10:56 2012 RedHat6 drwxr-xr-x 4 root root 4096 8月 24 10:56 2012 SuSE -rwxr-xr-x 1 root root 5878 9月 28 20:18 2012 cp_deploy_script.sh [root@host1 splx_30_lx_en_criticalpatch1366]# ./cp_deploy_script.sh Check system ...... Starting to deploy critical patch. Please wait. The current installation of ServerProtect on your system is SProtectLinux-3.0-1353.x86_64. Shutting down ServerProtect for Linux: Shutting down splxcore: Shutting down vsapiapp [FAILED] Unloading splx kernel module: [FAILED] Shutting down entity: [ OK ] ServerProtect for Linux core stopped normally. [ OK ] Shutting down splxhttpd: Shutting down splxhttpd: [ OK ] ServerProtect for Linux httpd stopped normally. [ OK ] ServerProtect for Linux stopped normally. Starting ServerProtect for Linux: Checking configuration file: [ OK ] Starting splxcore: Starting Entity: [ OK ] Loading splx kernel module: [FAILED] Starting vsapiapp: [FAILED] ServerProtect for Linux core started. [ OK ] Starting splxhttpd: Starting splxhttpd: [ OK ] ServerProtect for Linux httpd started. [ OK ] ServerProtect for Linux started. ServerProtect has not been activated. You must activate your product to enable scanning and security updates. Successfully deployed critical patch. |
ダウンロードしたsplx_kernel_module-3.0.1.0008.rhel6_2.6.32-279.el6.x86_64.tar.gzを解凍してKHMを所定の場所にコピーします
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@host1 ServerProtect3.0]# tar xvfz splx_kernel_module-3.0.1.0008.rhel6_2.6.32-279.el6.x86_64.tar.gz splxmod-2.6.32-279.el6.x86_64.x86_64.o splxmod-2.6.32-279.el6.x86_64.x86_64.o.md5 [root@host1 ServerProtect3.0]# ls -l -rw-r--r-- 1 root root 1811013 6月 25 11:50 2012 splxmod-2.6.32-279.el6.x86_64.x86_64.o -rw-r--r-- 1 root root 73 6月 25 12:01 2012 splxmod-2.6.32-279.el6.x86_64.x86_64.o.md5 [root@host1 ServerProtect3.0]# cp splxmod-2.6.32-279.el6.x86_64.x86_64.o / opt/TrendMicro/SProtectLinux/SPLX.module/ [root@host1 ServerProtect3.0]# ls -l /opt/TrendMicro/SProtectLinux/SPLX.module/ 合計 8576 -rw-r--r-- 1 root root 1811013 8月 4 14:24 2013 splxmod-2.6.32-279.el6.x86_64.x86_64.o -rw-r--r-- 1 root root 888013 8月 4 13:59 2013 splxmod-2.6.32-71.18.2.el6.i686.i686.o -rw-r--r-- 1 root root 1811571 8月 4 13:59 2013 splxmod-2.6.32-71.18.2.el6.x86_64.x86_64.o -rw-r--r-- 1 root root 887553 8月 4 13:59 2013 splxmod-2.6.32-71.el6.i686.i686.o -rw-r--r-- 1 root root 1810963 8月 4 13:59 2013 splxmod-2.6.32-71.el6.x86_64.x86_64.o -r-------- 1 root root 1554537 7月 26 21:59 2011 splxmod.tgz drw-r--r-- 4 root root 4096 8月 4 13:59 2013 src |
|
1 2 |
[root@ ServerProtect3.0]# chkconfig --list splx splx 0:off 1:off 2:off 3:on 4:on 5:on 6:off |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
[root@host1 ServerProtect3.0]# service splx restart Shutting down ServerProtect for Linux: Shutting down splxcore: Shutting down vsapiapp [FAILED] Unloading splx kernel module: [FAILED] Shutting down entity: [ OK ] ServerProtect for Linux core stopped normally. [ OK ] Shutting down splxhttpd: Shutting down splxhttpd: [ OK ] ServerProtect for Linux httpd stopped normally. [ OK ] ServerProtect for Linux stopped normally. Starting ServerProtect for Linux: Checking configuration file: [ OK ] Starting splxcore: Starting Entity: [ OK ] Loading splx kernel module: [FAILED] Starting vsapiapp: [FAILED] ServerProtect for Linux core started. [ OK ] Starting splxhttpd: Starting splxhttpd: [ OK ] ServerProtect for Linux httpd started. [ OK ] ServerProtect for Linux started. ServerProtect has not been activated. You must activate your product to enable scanning and security updates. |
ただし商品を購入してアクティベーションコードを登録しないとリアルタイムスキャンもスケジュールスキャンも利用できないみたいなので評価版と言いつつも何も評価できないですね。手動スキャンはできるかな?
ちなみに管理画面はWebブラウザで下記のURLを指定します
http://Server IP:14942/
https://Server IP:14943/
デフォルトのパスワードは無しでメニューなどすべて英語になっています