[opensuse-security] km_antivir (Dazuko) in SLES9 SP3
Hi All, Very recently Novell released patch for km_antivir, immediately i have installed that patch to my SLES9 SP3 (With AppArmor Loaded) box , but i am facing many problems with this module. I have followed the documentation, but things are not worked fine. Then i checked with Dazuko website, they have mentioned a instruction for SuSE boxes in which AppArmor loaded, and the instruction is to use the syscall hooking method. $ ./configure --enable-syscalls --mapfile=/boot/System.map-2.6.5-7.283-default Even though i have followed the above instruction, but still the Dazuko module is not getting loaded. SuSE:~ # modprobe dazuko FATAL: Error inserting dazuko (/lib/modules/2.6.5-7.283-default/extra/dazuko.ko): Invalid argument SuSE:~ # And in the log file , the given bellow message is printed Feb 2 13:53:42 SuSE kernel: dazuko: module not supported by Novell, setting U taint flag. Feb 2 13:53:42 SuSE kernel: dazuko: info: using chroot events for chroot'd processes Feb 2 13:53:42 SuSE kernel: There is already a security framework initialized, register_security failed. Feb 2 13:53:42 SuSE kernel: dazuko: failed to register Anyone can help me what is the issue here ? Thanks & Regards, Shashi Kanth,CISSP --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Fri, Feb 02, 2007 at 02:00:31PM +0530, shashi wrote:
Hi All,
Very recently Novell released patch for km_antivir, immediately i have installed that patch to my SLES9 SP3 (With AppArmor Loaded) box , but i am facing many problems with this module.
Note that we only released the source update for now, the binary module will be in the next SLES 9 kernel update.
I have followed the documentation, but things are not worked fine. Then i checked with Dazuko website, they have mentioned a instruction for SuSE boxes in which AppArmor loaded, and the instruction is to use the syscall hooking method.
$ ./configure --enable-syscalls --mapfile=/boot/System.map-2.6.5-7.283-default
Even though i have followed the above instruction, but still the Dazuko module is not getting loaded.
SuSE:~ # modprobe dazuko FATAL: Error inserting dazuko (/lib/modules/2.6.5-7.283-default/extra/dazuko.ko): Invalid argument SuSE:~ #
And in the log file , the given bellow message is printed
Feb 2 13:53:42 SuSE kernel: dazuko: module not supported by Novell, setting U taint flag. Feb 2 13:53:42 SuSE kernel: dazuko: info: using chroot events for chroot'd processes Feb 2 13:53:42 SuSE kernel: There is already a security framework initialized, register_security failed. Feb 2 13:53:42 SuSE kernel: dazuko: failed to register
Anyone can help me what is the issue here ?
Why do you need the dazuko module? If AppArmor is loaded, dazuko cannot be loaded. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
shashi wrote:
And in the log file , the given bellow message is printed
Feb 2 13:53:42 SuSE kernel: dazuko: module not supported by Novell, setting U taint flag. Feb 2 13:53:42 SuSE kernel: dazuko: info: using chroot events for chroot'd processes Feb 2 13:53:42 SuSE kernel: There is already a security framework initialized, register_security failed. Feb 2 13:53:42 SuSE kernel: dazuko: failed to register
Dazuko and AppArmor cannot share a kernel. They both want to use the LSM security framework, and they can't share it. I'm always curious why people even want an in-kernel antivirus product for Linux. There is no virus threat against Linux in practice. Caveats: * There are threats against Linux, they just aren't viruses. That's what AppArmor is for. * There are Linux machines that serve Windows clients that are vulnerable to viruses. Then you need AV filtering on the Linux server, but you don't need it in the kernel: o If it is a mail server, you need it in the MTA. Use ClamAV or similar. o If it is a file server, use one of the many AV plugins for Samba http://www.google.com/search?q=samba+antivirus&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official So there is no case that I understand where AV filtering is actually required in a Linux kernel, you only ever need user-level AV filtering. Unless maybe you have Windows clients mounting NFS volumes from a Linux server, but I've never seen that. But perhaps I'm missing something. What problem are you trying to solve? Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Hacking is exploiting the gap between "intent" and "implementation" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Crispin Cowan wrote:
shashi wrote:
And in the log file , the given bellow message is printed
Feb 2 13:53:42 SuSE kernel: dazuko: module not supported by Novell, setting U taint flag. Feb 2 13:53:42 SuSE kernel: dazuko: info: using chroot events for chroot'd processes Feb 2 13:53:42 SuSE kernel: There is already a security framework initialized, register_security failed. Feb 2 13:53:42 SuSE kernel: dazuko: failed to register
Dazuko and AppArmor cannot share a kernel. They both want to use the LSM security framework, and they can't share it.
I'm always curious why people even want an in-kernel antivirus product for Linux. There is no virus threat against Linux in practice. Caveats:
* There are threats against Linux, they just aren't viruses. That's what AppArmor is for. * There are Linux machines that serve Windows clients that are vulnerable to viruses. Then you need AV filtering on the Linux server, but you don't need it in the kernel: o If it is a mail server, you need it in the MTA. Use ClamAV or similar. o If it is a file server, use one of the many AV plugins for Samba http://www.google.com/search?q=samba+antivirus&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official
So there is no case that I understand where AV filtering is actually required in a Linux kernel, you only ever need user-level AV filtering. Unless maybe you have Windows clients mounting NFS volumes from a Linux server, but I've never seen that.
But perhaps I'm missing something. What problem are you trying to solve?
I don't have any specific problem to solve, my intention is , as Novell is shipping that software, so lets utilize that. But if Novell is shipping that software, then they should have specific reason too. But i didn't find this software in SLES10 (i think it is removed because of your reason) I was trying to install Avira AntiVir software which runs on top of Dazuko module (I remember that a website published that Avira AntiVir software is one of the top 10 most used free software on the planet, but i don't know how much truth it is).
Crispin
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (3)
-
Crispin Cowan
-
Marcus Meissner
-
shashi