Symantec Endpoint Protection for Linuxのインストールをする機会があったのでメモ。
エンドポイントセキュリティ
https://www.symantec.com/ja/jp/theme.jsp?themeid=endpointsecurity
Symantec Endpoint Protection 12.1.x でサポートされる Linux のカーネル
https://support.symantec.com/ja_JP/article.TECH223240.html
【参考サイト】
How to install Symantec Endpoint Protection 12.1.5 (RU5) on Linux operating system.
https://www.symantec.com/connect/articles/how-install-symantec-endpoint-protection-1215-ru5-linux-operating-system
【検証環境】
・CentOS Linux release 7.3.1611 (Core)
・Kernel:3.10.0-514.6.2.el7.x86_64
・DESKTOP環境無し
・Symantec_Endpoint_Protection_12.1.6_MP7_All_Clients_JP.zip(sep-rpm.zip)
・SEPM管理外
最小限の構成で検証です。
- Oracle JAVAインストール
- 32bitライブラリのインストール
- SEP for Linuxのインストール
- 確認
Symantec Java LiveUpdateはOracle JAVAが必要になります。
下記サイトからOracle JAVAをダウンロードしてインストールしますが、同時にJava Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 8も必要になります。
今回はjdk-8u121-linux-x64.rpm, jce_policy-8.zipをインストールしました。
jdk-8u121-linux-x64.rpm
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# rpm -ivh jdk-8u121-linux-x64.rpm Preparing... ################################# [100%] Updating / installing... 1:jdk1.8.0_121-2000:1.8.0_121-fcs ################################# [100%] Unpacking JAR files... tools.jar... plugin.jar... javaws.jar... deploy.jar... rt.jar... jsse.jar... charsets.jar... localedata.jar... # java -version java version "1.8.0_121" Java(TM) SE Runtime Environment (build 1.8.0_121-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode) |
jce_policy-8.zip
|
1 2 3 4 5 6 7 8 9 10 11 12 |
# mkdir sep # unzip jce_policy-8.zip -d sep Archive: jce_policy-8.zip creating: sep/UnlimitedJCEPolicyJDK8/ inflating: sep/UnlimitedJCEPolicyJDK8/local_policy.jar inflating: sep/UnlimitedJCEPolicyJDK8/README.txt inflating: sep/UnlimitedJCEPolicyJDK8/US_export_policy.jar # cd sep/UnlimitedJCEPolicyJDK8 # cp *.jar /usr/java/jdk1.8.0_121/jre/lib/security cp: overwrite '/usr/java/jdk1.8.0_121/jre/lib/security/US_export_policy.jar'? y cp: overwrite '/usr/java/jdk1.8.0_121/jre/lib/security/local_policy.jar'? y |
SEP for Linuxは32bitプログラムです。そのため必要な32bitプログラムをインストールします。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# yum -y install glibc.i686 libgcc.i686 libX11.i686 (snip) Running transaction Installing : libX11-common-1.6.3-3.el7.noarch 1/7 Installing : libgcc-4.8.5-11.el7.i686 2/7 Installing : glibc-2.17-157.el7_3.1.i686 3/7 Installing : nss-softokn-freebl-3.16.2.3-14.4.el7.i686 4/7 Installing : libXau-1.0.8-2.1.el7.i686 5/7 Installing : libxcb-1.11-4.el7.i686 6/7 Installing : libX11-1.6.3-3.el7.i686 7/7 Verifying : libxcb-1.11-4.el7.i686 1/7 Verifying : nss-softokn-freebl-3.16.2.3-14.4.el7.i686 2/7 Verifying : libX11-1.6.3-3.el7.i686 3/7 Verifying : libXau-1.0.8-2.1.el7.i686 4/7 Verifying : libX11-common-1.6.3-3.el7.noarch 5/7 Verifying : glibc-2.17-157.el7_3.1.i686 6/7 Verifying : libgcc-4.8.5-11.el7.i686 7/7 Installed: glibc.i686 0:2.17-157.el7_3.1 libX11.i686 0:1.6.3-3.el7 libgcc.i686 0:4.8.5-11.el7 Dependency Installed: libX11-common.noarch 0:1.6.3-3.el7 libXau.i686 0:1.0.8-2.1.el7 libxcb.i686 0:1.11-4.el7 nss-softokn-freebl.i686 0:3.16.2.3-14.4.el7 Complete! |
ダウンロードしたプログラムに含まれるsep-rpm.zipをインストールします。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# cd .. # unzip sep-rpm.zip Archive: sep-rpm.zip creating: sep/Configuration/ inflating: sep/Configuration/setup.ini inflating: sep/Configuration/setAid.ini inflating: sep/Configuration/sylink.xml inflating: sep/Configuration/sep_NE.slf inflating: sep/install.sh creating: sep/Legacy/ inflating: sep/Legacy/sepap-legacy-x86_64.rpm inflating: sep/Legacy/sepap-legacy.rpm inflating: sep/pkg.sig creating: sep/Repository/ inflating: sep/Repository/precheckglibc inflating: sep/Repository/JCEUnlimitedlibCheck.class inflating: sep/Repository/sep.rpm inflating: sep/Repository/sepjlu.rpm inflating: sep/Repository/sepap.rpm inflating: sep/Repository/precheckX11 inflating: sep/Repository/sepap-x64.rpm inflating: sep/Repository/sepui.rpm creating: sep/src/ inflating: sep/src/ap-kernelmodule.tar.bz2 # ./install.sh Usage: install.sh [options] the options are: -i install SEP for Linux. -u uninstall SEP for Linux. --prefix <dir> install to alternate location if <dir> exists. Note, this option is only for RPM package. # ./install.sh -i Starting to install Symantec Endpoint Protection for Linux Performing pre-check... Pre-check succeeded Begin installing virus protection component Preparing... ################################# [100%] Performing pre-check... Pre-check is successful Updating / installing... 1:sav-12.1.7166-6700 ################################# [100%] Virus protection component installed successfully Begin installing Auto-Protect component Preparing... ################################# [100%] Performing pre-check... Pre-check is successful Updating / installing... 1:savap-x64-12.1.7166-6700 ################################# [100%] Auto-Protect component installed successfully Begin installing GUI component Preparing... ################################# [100%] Performing pre-check... Pre-check is successful Updating / installing... 1:savui-12.1.7166-6700 ################################# [100%] GUI component installed successfully Begin installing LiveUpdate component Preparing... ################################# [100%] Performing pre-check... Pre-check is successful Updating / installing... 1:savjlu-12.1.7166-6700 ################################# [100%] LiveUpdate component installed successfully Begin installing legacy Auto-Protect component Preparing... ################################# [100%] Performing pre-check... Pre-check is successful Updating / installing... 1:savap-x64-legacy-12.1.7166-6700 ################################# [100%] Legacy Auto-Protect component installed successfully Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code Fail to extract Auto-Protect source code package with error: 2 Installation completed ============================================================= Daemon status: symcfgd [running] rtvscand [running] smcd [running] ============================================================= Error: No drivers are loaded into kernel. ============================================================= Auto-Protect starting Protection status: Definition: Waiting for update. AP: Malfunctioning ============================================================= The log files for installation of Symantec Endpoint Protection for Linux are under ~/: sepfl-install.log sep-install.log sepap-install.log sepap-legacy-install.log sepui-install.log sepjlu-install.log sepfl-kbuild.log |
デーモンも起動してエラーは無いようです。ちなみに環境が整っていないと下記のエラーが表示されます。
|
1 2 3 4 5 6 |
Starting to install Symantec Endpoint Protection for Linux Performing pre-check... Error:Installation requires Oracle Java 1.5 or later whose owner is superuser. Please install the correct version with superuser and Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files, and try again. Error:Installation requires 32bits glibc library. Please install it and try again. Warning:X11 libraries are missing, GUI component will not be installed! Pre-check failed. |
・起動スクリプト
|
1 2 3 4 5 6 7 8 9 |
-r-xr-xr-x 1 root root 13864 Dec 19 21:27 autoprotect -r-xr-xr-x 1 root root 4800 Dec 19 21:28 rtvscand -r-xr-xr-x 1 root root 4946 Dec 19 21:28 smcd -r-xr-xr-x 1 root root 5367 Dec 19 21:28 symcfgd autoprotect 0:off 1:off 2:on 3:on 4:on 5:on 6:off rtvscand 0:off 1:off 2:on 3:on 4:on 5:on 6:off smcd 0:off 1:off 2:on 3:on 4:on 5:on 6:off symcfgd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
DESKTOP環境が無いのでコマンドでの管理になります。
LinuxClient_Guide_SEP12.1.5.pdf
https://www.symantec.com/connect/sites/default/files/LinuxClient_Guide_SEP12.1.5.pdf
基本操作はsavコマンドですがパスが通っていない場合は/opt/Symantec/symantec_antivirus/savになります。
|
1 2 3 4 5 6 7 8 9 10 11 |
# /opt/Symantec/symantec_antivirus/sav info -d 02/23/17 rev. 1 # /opt/Symantec/symantec_antivirus/sav info -e 151.1.2.9 # /opt/Symantec/symantec_antivirus/sav info -p 12.1.6 (12.1 RU6 MP7) build 7166 (12.1.7166.6700) # /opt/Symantec/symantec_antivirus/sav info -s General Status: Done Manual Scan: Done # /opt/Symantec/symantec_antivirus/sav info -a Malfunctioning |
あれれ!? autoprotectが動作していない。
|
1 2 3 |
# systemctl status autoprotect.service (snip) autoprotect[12410]: Starting AP: symev: unable to load kernel support module (UNSUPPORTED-OS-ct-UNK-UNK-3.10.0-514.6.2.el7-x86_64) |
未サポートのカーネルだって(^^;
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# /opt/Symantec/symantec_antivirus/sav -h Usage: sav [OPTIONS] COMMAND Options are: -q | --quiet -h | --help Commands are: autoprotect -e | --enable -d | --disable manualscan -s | --scan <file list> -c | --clscan <file list> -t | --stop scheduledscan -c | --create <ID> -f | --frequency <daily|weekly|monthly> -i | --interval <HH:MM|SUN-SAT|1-31> -t | --time <HH:MM> -m | --missedevents <0|1> -l | --list -n | --info <ID> -d | --delete <ID> -e | --enable <ID> -s | --disable <ID> -p | --stop <ID> liveupdate -u | --update -v | --view -s | --schedule -f | --frequency <continuously|hourly|daily|weekly> -i | --interval <HH|HH:MM|SUN-SAT> -t | --time <HH:MM> -r | --retrywindow <DD|HH|MM> -d | --randomizewindow <DD|HH> quarantine -l | --list -d | --delete <ID> -r | --restore <ID> -p | --repair <ID> -i | --info <ID> definitions -r | --rollback -u | --usenewest info -d | --defs -e | --engine -p | --product -s | --scanner -a | --autoprotect -t | --threats manage -g | --group -h | --heartbeat -i | --import <file> -o | --location -p | --profile -s | --server -t | --time -l | --license log -e | --export [file] -f | --from <start_id> -t | --to <end_id> For more information please refer to the man page or documentation. |