ESET File Security for Linux

bouke · July 15, 2017, 7:17pm

NethServer Version: 7.3.1611
Module: N/A

I managed to install ESET File Security for Linux (hooray).

Dependencies:

yum install glibc.i686
yum install ed

I have installed ESET File Security by using the RPM file:

esets.x86_64.rpm.bin

Now I would like to have real-time protection enabled for certain folders.

I have my reasons, because the results of my first on-demand scan is as follows:

Scan completed at: Sat 15 Jul 2017 08:01:11 PM CEST
Scan time:         16697 sec (4:38:17)
Total:             files - 593850, objects 3216526
Infected:          files - 91, objects 113
Cleaned:           files - 452, objects 694

The above files consist of the shares and mail folders. I have copied all these from the previous SME Server (which was running for over six years without any anti malware protection on the server itself…).

I decided to preload libesets_pac.so (the other option is using dazuko - but that’s just not feasible).

Source: https://forum.eset.com/topic/12326-real-time-protection-on-file-security-for-linux-server/

What I have done is just adding the following directories to the esets.cfg (the config file).

# ctl_incl = "directory"
# Colon separated list of directories to scan files in.
ctl_incl = "/var/lib/nethserver/ibay:/var/lib/nethserver/home:/var/lib/nethserver/vmail"

The next thing I need to do is to preload libesets_pac.so for smb and mail, by adding the following line:

LD_PRELOAD=/opt/eset/esets/lib64/libesets_pac.so

I would like to know where I can find the files which start samba and mail.
This would allow me to add the required line to preload libesets_pac.so when these services are being started.

Many thanks.

robb · July 16, 2017, 8:07am

I found the eset install guide:

From this exerpt you should get on your way:
Linux OS:
/etc/init.d/esets start
BSD OS:
/usr/local/etc/rc.d/esets.sh start
Once the package is installed, you can verify that the main ESETS service is running by using the following command:
Linux OS:
ps -C esets_daemon
BSD OS:
ps -ax | grep esets_daemon
Solaris:
ps -A | grep esets_daemon
After pressing ENTER, you should see the following (or similar) message:
PID TTY TIME CMD
2226 ? 00:00:00 esets_daemon
2229 ? 00:00:00 esets_daemon

Keep in mind that NethServer7 is based on CentOS7 and services are handled a bit differently. You should use systemctl command to start, stop and restart them.
Here is how to handle services correctly: https://ma.ttias.be/enable-disable-service-at-boot-on-centos-7/

dnutan · July 16, 2017, 2:11pm

The services are started through systemd unit files.

For instance, smb.service unit file can be found at [/usr]/lib/systemd/system/smb.service
When the service is enabled a link to this unit is created, in this case as /etc/systemd/system/multi-user.target.wants/smb.service

According to the information on your linked source, I think you could do it like:

systemctl edit smb.service

This will create an override.conf file for the service and reload the daemon after the file is saved. For samba you can try adding this to the file:

[Service]
Environment=LD_PRELOAD=/opt/eset/esets/lib64/libesets_pac.so

This will survive across updates.