F-secure LINUX SECURITY 7.02 User Manual

F-Secure Linux Security

Table of Contents

Chapter 1: Welcome ...........................................................................7
How the Product Works ...........................................................................................................8
Protection Against Malware ..........................................................................................8
Host Intrusion Prevention System .................................................................................8
Key Features and Benefits ......................................................................................................9
Superior Protection against Viruses and Worms ..........................................................9
Transparent to End-users ...........................................................................................10
Extensive Alerting Options ..........................................................................................10
F-Secure Linux Security | TOC | 3
Chapter 2: Deployment ....................................................................11
Deployment on Multiple Stand-alone Linux Workstations .....................................................12
Deployment on Multiple Centrally Managed Linux Workstations ..........................................12
Central Deployment Using Image Files .................................................................................12
Chapter 3: Installation .....................................................................15
System Requirements ...........................................................................................................16
Stand-alone Installation .........................................................................................................19
Centrally Managed Installation ..............................................................................................20
Upgrading...............................................................................................................................21
Upgrading from a Previous Product Version ...............................................................21
Upgrading the Evaluation Version ..............................................................................22
Custom Installations...............................................................................................................23
Preparing for Custom Installation.................................................................................23
Unattended Installation ...............................................................................................23
4 | F-Secure Linux Security | TOC
Creating a Backup .................................................................................................................27
Uninstallation .........................................................................................................................27
Chapter 4: Administering the Product ...........................................29
Basics of Using F-Secure Policy Manager ............................................................................30
Accessing the Web User Interface ........................................................................................30
Testing the Antivirus Protection .............................................................................................31
Chapter 5: Using the Product..........................................................33
Summary................................................................................................................................34
Scanning for Viruses...............................................................................................................37
Firewall Protection..................................................................................................................50
Integrity Checking ..................................................................................................................57
General Settings ....................................................................................................................62
I Want to.......................................................................................................................34
Stopping Viruses and Other Malware..........................................................................40
Methods of Protecting the Computer from Malware ...................................................42
What Is a Firewall?......................................................................................................50
What Are Security Profiles?.........................................................................................51
Firewall Rules..............................................................................................................53
Firewall Settings...........................................................................................................56
Known Files List ..........................................................................................................57
Software Installation Mode ..........................................................................................59
Rootkit Prevention .......................................................................................................61
Alerts ...........................................................................................................................62
Automatic Updates ......................................................................................................65
F-Secure Policy Manager Proxies ..............................................................................66
About ...........................................................................................................................66
F-Secure Linux Security | TOC | 5
Chapter 6: Troubleshooting.............................................................67
Installing Required Kernel Modules Manully .........................................................................68
User Interface.........................................................................................................................68
F-Secure Policy Manager.......................................................................................................69
Integrity Checking...................................................................................................................70
Firewall...................................................................................................................................71
Virus Protection......................................................................................................................72
Generic Issues........................................................................................................................74
Appendix A: Command Line Tools..................................................77
fsav ........................................................................................................................................78
fsav-config .............................................................................................................................78
dbupdate ................................................................................................................................80
fsfwc .......................................................................................................................................80
fsic .........................................................................................................................................81
fsims ......................................................................................................................................81
fsma .......................................................................................................................................82
fssetlanguage ........................................................................................................................83
fschooser................................................................................................................................83
Appendix B: Before You Install........................................................85
64-bit Distributions .................................................................................................................86
Distributions Using Prelink......................................................................................................86
Red Hat Enterprise Linux, Miracle Linux, Asianux.................................................................87
Debian....................................................................................................................................88
SUSE......................................................................................................................................89
Turbolinux...............................................................................................................................89
Ubuntu....................................................................................................................................90
Appendix C: Basic Web User Interface ..........................................91
6 | F-Secure Linux Security | TOC
"I Want To"..............................................................................................................................92
Appendix D: Advanced Web User Interface...................................93
Summary................................................................................................................................94
Alerts.......................................................................................................................................94
Virus Protection......................................................................................................................95
Firewall.................................................................................................................................105
Integrity Checking.................................................................................................................107
General Settings...................................................................................................................108
Realtime Scanning.......................................................................................................95
Scheduled Scanning ...................................................................................................99
Manual Scanning ......................................................................................................100
General Settings .......................................................................................................105
Rules .........................................................................................................................106
Network Services ......................................................................................................106
Known Files ..............................................................................................................107
Rootkit Prevention......................................................................................................107
Communications .......................................................................................................108
Automatic Updates.....................................................................................................110
Appendix E: List of Traps...............................................................113
Appendix F: Get More Help ...........................................................119

Welcome

Chapter
1
Topics:
How the Product Works
Key Features and Benefits
Computer viruses are one of the most harmful threats to the security of data on computers. While some viruses are harmless pranks, other viruses can destroy data and pose a real threat.
The product provides an integrated, out-of-the-box ready security solution with a strong real-time antivirus and riskware protection and a host intrusion prevention (HIPS) functionality that provides protection against unauthorized connection attempts from network, unauthorized system modifications, userspace and kernel rootkits. The solution can be easily deployed and managed either using the web user interface or F-Secure Policy Manager.
F-Secure Policy Manager provides a tightly integrated infrastructure for defining and distributing security policies and monitoring the security of different applications from one central location.
8 | F-Secure Linux Security | Welcome

How the Product Works

The product detects and prevents intrusions and protects against malware.
With the default settings, computers are protected right after the installation without any time spent configuring the product.

Protection Against Malware

The product protects the system against viruses and potentially malicious files.
When user downloads a file from the Internet, for example by clicking a link in an e-mail message, the file is scanned when the user tries to open it. If the file is infected, the product protects the system against the malware.
Real-time scanning gives you continuous protection against viruses and riskware items as files are opened, copied, and downloaded from the Web. Real-time scanning functions transparently in the background, looking for viruses whenever you access files on the hard disk, diskettes, or network drives. If you try to access an infected file, the real-time protection automatically stops the virus from executing.
When the real-time scanning has been configured to scan a limited set of files, the manual scanning can be used to scan the full system or you can use the scheduled scanning to scan the full system at regular intervals.
Automatic Updates keep the virus definitions always up-to-date. The virus definition databases are updated automatically after the product has been installed. The virus definitions updates are signed by the F-Secure Anti-Virus Research Team.

Host Intrusion Prevention System

The Host Intrusion Prevention System ( HIPS) detects any malicious activity on the host, protecting the system on many levels.
Integrity Checking protects the system against unauthorized modifications. It is based on the concept of a known good configuration - the product should be installed before the computer is connected to the network to guarantee that the system is in a known good configuration.
You can create a baseline of the system files you want to protect and block modification attempts of protected files for all users.
The firewall component is a stateful packet filtering firewall which is based on Netfilter and iptables. It protects computers against unauthorized connection attempts. You can use
F-Secure Linux Security | Welcome | 9
predefined security profiles which are tailored for common use cases to select the traffic you want to allow and deny.
If an attacker gains a shell access to the system and tries to add a user account to login to the system later, Host Intrusion Prevention System ( HIPS) detects modified system files and alerts the administrator.
If an attacker has gained an access to the system and tries to install a userspace rootkit by replacing various system utilities, HIPS detects modified system files and alerts the administrator.
If an attacker has gained an access to the system and tries to install a kernel rootkit by loading a kernel module for example through /sbin/insmod or /sbin/modprobe, HIPS detects the attempt, prevents the unknown kernel module from loading and alerts the administrator.
If an attacker has gained an access to the system and tries to install a kernel rootkit by modifying the running kernel directly via /dev/kmem, HIPS detects the attempt, prevents write attempts and alerts the administrator.

Key Features and Benefits

The product offers superior protection against viruses and worms and is transparent to end-users.

Superior Protection against Viruses and Worms

The product scans files on any Linux-supported file system. This is the optimum solution for computers that run several different operating systems with a multi-boot utility.
Scans files on any Linux-supported file system.
Note: The real-time scanning is not supported when using an NFS server, but other scan methods work.
Superior detection rate with multiple scanning engines.
A heuristic scanning engine can detect suspicious, potentially malicious files.
The product can detect and categorize riskware items.
The product can be configured so that the users cannot bypass the protection.
Files are scanned for viruses when they are opened or closed and before they are executed.
You can specify what files to scan, how to scan them, what action to take when malicious content is found and how to alert about the infections.
Recursive scanning of archive files.
Virus definition database updates are signed for security.
10 | F-Secure Linux Security | Welcome
Integrated firewall component with predefined security levels. Each security level comprises a set of rules that allow or deny network traffic based on the protocols used.

Transparent to End-users

The product works totally transparently to the end users.
The product has an easy-to-use user interface.
Virus definition databases are updated automatically without any need for end-user intervention.

Protection of Critical System Files

Critical information of system files is stored and automatically checked before access is allowed.
The administrator can protect files against changes so that it is not possible to install, for example, a trojan version of a software.
The administrator can define that all Linux kernel modules are verified before the modules are allowed to be loaded.
An alert is sent to the administrator when a modified system file is found.

Easy to Deploy and Administer

The default settings apply in most systems and the product can be taken into use without any additional configuration.
Security policies can be configured and distributed from one central location.

Extensive Alerting Options

The product has extensive monitoring and alerting functions that can be used to notify any administrator in the company network about any infected content that has been found.
Alerts can be forwarded to F-Secure Policy Manager Console, e-mail and syslog.

Deployment

Topics:
Deployment on Multiple Stand-alone Linux Workstations
Deployment on Multiple Centrally Managed Linux Workstations
Central Deployment Using Image Files
Chapter
2
12 | F-Secure Linux Security | Deployment

Deployment on Multiple Stand-alone Linux Workstations

Centrally Managed installation with F-Secure Policy Manager installed on a separate computer is recommended.
In centrally managed installation mode, F-Secure Policy Manager is used to manage Linux computers. The recommended deployment method is to delegate the installation responsibility to each user and then monitor the installation progress via F-Secure Policy Manager Console. After the installation on a host has completed, the host sends an autoregistration request to F-Secure Policy Manager. You can monitor with F-Secure Policy Manager Console which of the hosts have sent an autoregistration request.
When the company has multiple Linux computers deployed, but they are not managed centrally, users can install the software themselves.
In organizations with few Linux computers, the web user interface can be used to manage Linux workstations instead of F-Secure Policy Manager.

Deployment on Multiple Centrally Managed Linux Workstations

If computers are managed through an existing management framework, it can be used to push the product to computers.
When the company has multiple Linux computers deployed and they are managed through Red Hat network, Ximian Red Carpet, or similar, the software can be pushed to workstations using the existing management framework.

Central Deployment Using Image Files

When the company has a centralized IT department that install and maintains computers, the software can be installed centrally to all computers.
If you are going to install the product on several computers, you can create a disk image file that includes the product and use this image to replicate the software on the computers. Make sure that each computer on which the software is installed will create a new unique identification code.
F-Secure Linux Security | Deployment | 13
Follow these steps to make sure that each computer uses a personalized Unique ID when a disk imaging software is used.
1. Install the system and all the software that should be in the image file, including the product.
2. Configure the product to use the correct F-Secure Policy Manager Server. However, do not
import the host to F-Secure Policy Manager Console if the host has sent an autoregistration request to the F-Secure Policy Manager Server. Only hosts on which the image file will be installed should be imported.
3. Run the following command: /etc/init.d/fsma clearuid The utility program resets the Unique ID in the product installation.
4. Shut down the computer and do not restart the computer before the image file has been created.
5. Create the disk image file.
A new Unique ID is created automatically when the system is restarted. This will happen individually on each computer where the image file is installed.
Computers will send autoregistration requests to F-Secure Policy Manager when they are restarted. These request can be processed as usual.

Installation

Topics:
System Requirements
Stand-alone Installation
Centrally Managed Installation
Upgrading
Custom Installations
Creating a Backup
Uninstallation
Chapter
3
16 | F-Secure Linux Security | Installation

System Requirements

A list of system requirements.
Operating system:
Asianux 2.0, 3.0
Debian 4.0
Miracle Linux 3.0
Red Hat Enterprise Linux 3, 4, 5
SUSE Linux 9.0, 9.3, 10, 10.1
openSUSE 10.2, 10.3
SUSE Linux Enterprise Desktop 10
SUSE Linux Enterprise Server 9, 10
Turbolinux 10, 11
Ubuntu 6.06 LTS (Dapper Drake), 7.10 (Gutsy Gibbon), 8.04 LTS (Hardy Heron)
The following 64-bit (AMD64/EM64T) distributions are supported with 32-bit compatibility packages:
Asianux 2.0
Asianux Server 3.0
Debian 4.0
Fedora Core 7
Red Hat Enterprise Linux 4, 5
SUSE Linux Enterprise Desktop 10
SUSE Linux Enterprise Server 9, 10
openSUSE 10.3
SUSE Linux 10.1
Turbolinux 10, 11
Ubuntu 7.10 (Gutsy Gibbon), 8.04 LTS (Hardy Heron)
Note:
F-Secure has tested the product extensively on the listed distributions. The command line installation mode should
F-Secure Linux Security | Installation | 17
work on any Linux distribution that has glibc 2.3.2 or later and Linux kernel 2.4 or
2.6, but any product upgrades may not work on unsupported platforms.
You should report any issues that you may encounter with other distributions, but we cannot guarantee that they will be fixed.
Kernel version:
Memory:
Note: Konqueror is not a supported browser with the local user interface. It is recommended to use Mozilla or Firefox browsers.
Note About Dazuko Version
The product needs the Dazuko kernel module for the real-time virus protection, integrity checking and rootkit protection. Dazuko is an open-source kernel module that provides an interface for the file access control. More information is at http://www.dazuko.org.
The product installs the Dazuko driver during the product installation.
The product has been tested extensively with the Dazuko version that is included with the product. Operation with other Dazuko versions or Linux distribution provided Dazuko versions is not supported or recommended.
Linux kernel 2.4 or later (for 64-bit support, Linux kernel 2.6 or later)
Glibc 2.3.2 or laterGlibc version
Intel x86, x86-64Processor:
512 MB RAM or more (256 MB RAM for command-line only)
200 MBDisk space:

List of Used System Resources

A summary of the system resources that the product uses.
Installed Files
All files installed by the product are in the following directories:
/opt/f-secure
18 | F-Secure Linux Security | Installation
/etc/opt/f-secure
/var/opt/f-secure
In addition, the installation creates the following symlinks:
/usr/bin/fsav -> /opt/f-secure/fssp/bin/fsav
/usr/bin/fsic -> /opt/f-secure/fsav/bin/fsic
/usr/bin/fsui -> /opt/f-secure/fsav/bin/fsui
/usr/share/man/man1/fsav.1 -> /opt/f-secure/fssp/man/fsav.1
/usr/share/man/man8/fsavd.8 -> /opt/f-secure/fssp/man/fsavd.8
Changed System Files
/etc/passwd: Two new user accounts (fsma and fsaua) are created during the installation
/etc/group: A new group (fsc) is created during the installation
crontab of the root user: The virus definition database update command is added to the root crontab during the installation. Scheduled scanning tasks are added to the crontab when they are created.
Network Resources
When running, the product reserves the following IP ports:
CommentPortProtocolInterface
Web User Interface internal communication port28005tcplo
PostgreSQL alert database28078tcplo
Local Web User Interface access28080tcplo
Remote SSL Web User Interface access (if enabled)28082tcpany
Memory
The Web User Interface reserves over 200 MB of memory, but since the WebUI is not used all the time, the memory is usually swapped out. The other product components sum up to about 128 MB of memory, the on-access scanner uses the majority of it.
The memory consumption depends on the amount of file accesses on the system. If several users are logged in to the system and all of them access lots of files, the memory consumption grows.
F-Secure Linux Security | Installation | 19
CPU
The load on the processor depends on the amount of file accesses on the system, as the on-access scanner scans every file that is opened, closed and executed.
The CPU usage grows when many users are logged in to the system at the same time.
Some software products are designed to access many files and the on-access scanning can slow down these products noticeably.

Stand-alone Installation

The stand-alone installation mode is meant for evaluation use and for environments with few Linux computer where central administration with F-Secure Policy Manager is not necessary.
You must have a compiler and the kernel source installed. Read the distribution-specific instructions in the Appendix B on how to check that the required tools are installed.
You will need to install the product using an account with root privileges.
1. Copy the installation file to your hard disk. Use the following command to extract the installation file: tar zxvf f-secure-linux-security-<version>.<build>.tgz
2. Make sure that the installation file is executable: chmod a+x f-secure-linux-security-<version>.<build>
3. Run the following command to start the installation:
./f-secure-linux-security-<version>.<build>
4. The installation displays the license agreement. If you accept the agreement, answer yes press enter to continue.
The installation is complete.
After the installation, you can configure the product settings using the web browser. Open the following web page: http://localhost:28080/fsecure/webui/
If you need a remote access to the web user interface, run the fsav-config command-line utility to enable it. After you have enabled the remote access, open the following web page: https://host.domain:28082/fsecure/webui/
Where host.domain is either the hostname or the ip address of the computer where the product is running.
For more information about the fsav-config utility and the settings you can configure with it, see the man page for fsav-config.
20 | F-Secure Linux Security | Installation
Note: If you want to disable some features of the product completely, run the fschooser
command-line utility.

Centrally Managed Installation

In centrally managed mode, the product is installed locally, and it is managed with F-Secure Policy Manager that is installed on a separate computer. Centrally managed installation is the recommended installation mode when taking the product into use in a large network environment.
You must have a compiler and the kernel source installed. Read the distribution-specific instructions in the Appendix B on how to check that the required tools are installed.
You must have F-Secure Policy Manager installed on a separate computer before you install the product. For F-Secure Policy Manager Console installation instructions, see the F-Secure Policy Manager Administrator’s Guide.
Note: You cannot use the Anti-Virus mode of F-Secure Policy Manager Console to administer Linux products. Use the Advanced mode.
You will need to install the product using an account with root privileges.
1. Copy the installation file to your hard disk. Use the following command to extract the installation file: tar zxvf f-secure-linux-security-<version>.<build>.tgz
2. Make sure that the installation file is executable: chmod a+x f-secure-linux-security-<version>.<build>
3. Run the following command to start the installation:
./f-secure-linux-security-<version>.<build>
4. The installation displays the license agreement. If you accept the agreement, answer yes press enter to continue.
The installation is complete.
After the installation, you can configure the product settings using the web browser. Open the following web page: http://localhost:28080/fsecure/webui/
If you need a remote access to the web user interface, run the fsav-config command-line utility to enable it. After you have enabled the remote access, open the following web page: https://host.domain:28082/fsecure/webui/
Where host.domain is either the hostname or the ip address of the computer where the product is running.
F-Secure Linux Security | Installation | 21
For more information about the fsav-config utility and the settings you can configure with it, see the man page for fsav-config.
Note: If you want to disable some features of the product completely, run the fschooser command-line utility.

Upgrading

You can upgrade the evaluation version or a previous product version without uninstalling the product.

Upgrading from a Previous Product Version

If you are running version F-Secure Linux Server Security 5.20 or later, you can install the product without uninstalling the previous version. If you have an earlier version, uninstall it before you install the latest version.
The uninstallation preserves all settings and the host identity, so you do not need to import the host to the F-Secure Policy Manager again. Note that the upgrade deletes all alerts generated with the earlier version.
Manual scanning, scheduled scanning and database update settings have changed in version
5.30 and later. If you have modified these settings before the upgrade, you have to make the
same modifications again after the upgrade.
F-Secure Linux Client Security
You cannot upgrade any version of F-Secure Linux Client Security.
Uninstall the previous Client Security product before you install F-Secure Linux Security 7.
F-Secure Linux Server Security 5.5x and F-Secure Anti-Virus for Linux 4-series
Run the installation as usual to upgrade the product.
After the upgrade, you have to reboot the computer. The previous version of the kernel driver is incompatible with new real-time protection features and it is not running after the upgrade. The upgraded driver is loaded after the reboot.
Important: In centrally managed installations, remember to upgrade the MIB in your F-Secure Policy Manager installation.
22 | F-Secure Linux Security | Installation
Note: When you upgrade from F-Secure Linux Server Security 5.xx or earlier, the upgrade
removes your previous keycode and the product is running in the evaluation version. Upgrade the evaluation version to full product version before using the product.
Uninstalling Earlier Version
The earlier version of the product can be uninstalled with the uninstallation command or by deleting program files and directories.
1. If you have version 5.x, run the following command from the command line to uninstall it:
/opt/f-secure/fsav/bin/uninstall-fsav
2. If you have version 4.x, remove the following directories and files to uninstall it:
/opt/f-secure/fsav/ /var/opt/f-secure/fsav/ /etc/opt/f-secure/fsav/ /usr/bin/fsav /usr/share/man/man1/fsav.1 /usr/share/man/man5/fsav.conf.5 /usr/share/man/man5/fsavd.conf.5 /usr/share/man/man8/dbupdate.8 /usr/share/man/man8/fsavd.8 /usr/share/man/man8/fsavschedule.8

Upgrading the Evaluation Version

The evaluation version of the product can be upgraded to the full, licensed version of the product.
If you evaluated a previous version of the product and the evaluation period has expired, uninstall the previous version first.
Follow these instructions if you want to upgrade the evaluation version to the full, licensed version of the product.
1. Open the Web User Interface.
2. Open the About page.
F-Secure Linux Security | Installation | 23
3. Enter the keycode to upgrade to the licensed version of the product. Enter the keycode in
the format you received it, including the hyphens that separate sequences of letters and digits.
After you have entered the keycode, the evaluation version is upgraded to the full version.
To upgrade the evaluation version from the command line, run the following command:
/opt/f-secure/fsav/sbin/convert_to_full_installation.sh
Note: If the evaluation period of the current version of the product has expired before you upgrade to the full version, you have to restart the product after entering the keycode.

Custom Installations

If you do not want to install stand-alone or centrally managed product with the default options, you can do a custom install.

Preparing for Custom Installation

The RPM files can be extracted from the installation package if you need to create a custom installation package.
The product installation package is a self extracting package, which contains the software as RPMs. The RPM files can be extracted from the package as follows:
1. Type the following command: ./f-secure-linux-security-<version>.<build> rpm
2. Install RPM packages.
3. Run the following script: /opt/f-secure/fsav/fsav-config

Unattended Installation

In unattended installation mode, you can provide a set of default settings on the installer command line. This way, you can force the Integrity Checking baseline to be generated as a part of the installation process.
Use the following command line switch during the installation:
--auto MODE [fspms=FSPMSURL adminkey=/PATH/TO/ADMIN.PUB] lang=en|de|ja
[no]remotewui [no]locallogin user=USER kernelverify|nokernelverify pass=PASSPHRASE keycode=KEYCODE
24 | F-Secure Linux Security | Installation
Where MODE is standalone for the standalone installation or managed for the centrally managed installation.
If MODE is managed, you have to provide the URL to F-Secure Policy Manager Server and the location of the administrator public key, for example:
fspms=http://fspms.company.com/ adminkey=/root/admin.pub
Use the following options in the command line:
Select the language for the web user interface.lang
Allow remote access to the web user interface.remotewui
noremotewui
nolocallogin
locallogin
user=USER
pass=PASS
keycode=KEYCODE
For example, to install the product in standalone mode with English web user interface, with no remote access to user interface and not requiring login for local user interface access and not using kernel module verification:
./f-secure-linux-security-<version>.<build> --auto standalone lang=en noremotewui nolocallogin nokernelverify
Do not allow remote access to the web user interface.
Allow local access to the web user interface without login.
Require login for the local access to the web user interface.
Specify the local account to use for the web user interface login.
Turn on the kernel module verification.kernelverify
Turn off the kernel module verification.nokernelverify
Specify the passphrase for the baseline generation.
Specify the keycode for license checks. If no keycode is provided, the product is installed in the evaluation mode.

Installing Command Line Scanner Only

The command line only installation installs only the command line scanner and the automatic update agent.
F-Secure Linux Security | Installation | 25
The installation mode is designed for users migrating from F-Secure Anti-Virus for Linux 4.6x series and for users who do not need the real-time protection, integrity checking, web user interface or central management, for example users running AMaViS mail virus scanner.
Use the following command line when running the installer to install the command line scanner only version of the product:
./f-secure-linux-security-<version>.<build> --command-line-only
You need the following files during the installation
f-secure-automatic-update-agent.<version> .rpm
f-secure-security-platform.<version> .rpm
fssp-common
f-secure-linux-security-<version>.<build>
If you are running an earlier version and you want to upgrade to the latest version, but you want to install the command line scanner only, you have to uninstall the earlier version first.
Use the /etc/opt/f-secure/fssp/fssp.conf configuration file to configure the command line scanner only installation. See the file for detailed descriptions of the available settings.

Using The Product With Samba Servers

The product can protect the whole Samba server in addition to the data on shared directories.
All the protection features of the product are in use for Samba servers.
1. If you have F-Secure Anti-Virus for Samba Server installed, uninstall it before installing the product. Use the following command: /opt/f-secure/fsav/bin/uninstall-fsav
2. Follow the normal installation instructions. The product protects samba shares after the installation, no additional setup is needed. After the installation, the firewall blocks incoming Windows Network share (Samba) access, so you have to change the firewall rules.
3. Change firewall rules to allow Samba traffic.
Use the Firewall Rule Wizard in the Web User interface.
1. Open I want to page and click Create a firewall rule.
2. Select Allow access to a service running on this machine.
3. Select Windows networking (1).
4. Finish the wizard.
5. Run the wizard again and add another rule for Windows networking (2) service.
Use the Firewall Rule Editor in the Advanced Mode of the Web User interface.
26 | F-Secure Linux Security | Installation
In Web User Interface, go to Advanced Mode.1.
2. Select Firewall.
3. On the Firewall page, select profile you want to use to the Profile to edit field.
4. Click Add rule.
5. Enter, for example, [myNetwork] in the Remote Host field and add a short
description for the rule.
6. Select Windows networking (1) from the drop-down menu and click Add service
to this rule to add it as a service.
7. Select Windows networking (2) from the drop-down menu and click Add service
to this rule to add it as a service.
8. Use arrows on the right side of the table to move the rule above the deny rules in the
firewall rules list.
9. Click Save to take new rules in the use.
Use the Firewall Rule Editor in F-Secure Policy Manager Console.
1. In the advanced mode of F-Secure Policy Manager Console, select the host or policy domain that you want to administer.
2. Select Linux Security 7.00 and open the Firewall tab.
3. In the Rules section, check that you have the security level you want to edit.
4. Click Add Before.
5. In the Rule Wizard, allow inbound traffic for the Windows networking (1).
6. Run the Rule Wizard again to add Windows networking (2).
7. Distribute the policy.
Note: If the firewall rules have been edited locally, configure the setting as Final
before you distribute the policy.
When you want to add new rules, you have to disable the firewall temporarily:
1. Change Firewall protection to Disabled or run the following command:
/opt/f-secure/fsav/bin/fsfwc --mode bypass.
2. Select the Security Level you want to edit and edit firewall rules as described.
3. Enable the firewall after you have finished in Web User Interface or run the following
commdand: /opt/f-secure/fsav/bin/fsfwc --mode your_profile, where your_pfofile is the profile edited (block, mobile, home, office, strict or normal).
F-Secure Linux Security | Installation | 27

Creating a Backup

You can backup and restore all product data.
To backup all relevant data, run the following commands:
# /etc/init.d/fsma stop # /etc/init.d/fsaua stop # tar cpsf <backup-filename>.tar /etc/init.d/fsma /etc/init.d/fsaua
/etc/opt/f-secure /var/opt/f-secure /opt/f-secure # /etc/init.d/fsaua start # /etc/init.d/fsma start
To restore data from backup file, run the following commands:
# /etc/init.d/fsma stop # /etc/init.d/fsaua stop # cd / # rm -rf /var/opt/f-secure # tar xpsf <backup-filename>.tar # /etc/init.d/fsaua start # /etc/init.d/fsma start
Make sure that fsma and fsaua users and fsc group exist after the backup has been restored, for exampe by backing up also /etc/passwd, /etc/shadow and /etc/group files.

Uninstallation

You can uninstall the product with the uninstall-fsav command-line command.
Run the following script as root user to uninstall the product
/opt/f-secure/fsav/bin/uninstall-fsav
The uninstall script does not remove configuration files. If you are sure that you do not need them any more, remove all files in the /etc/opt/f-secure/fsma path.

Administering the Product

Topics:
Basics of Using F-Secure Policy Manager
Accessing the Web User Interface
Testing the Antivirus Protection
Chapter
4
30 | F-Secure Linux Security | Administering the Product

Basics of Using F-Secure Policy Manager

In the centralized administration mode, F-Secure Policy Manager Console is used to change settings and view statistics of the F-Secure products.
If your corporate network utilizes F-Secure Policy Manager to configure and manage F-Secure products, you can add the product to the existing F-Secure Policy Manager environment.
Note: You cannot use the Anti-Virus mode of F-Secure Policy Manager Console to administer Linux products. Use the Advanced mode.
Use the settings in the F-Secure Linux Security Settings tabs to configure the product.
Note: You can edit the settings under F-Secure Security Platform for Linux, F-Secure
Management Agent and F-Secure Automatic Update Agent branches to change the
behavior of the product as well.
For more information about F-Secure Policy Manager, see F-Secure Policy Manager Administrator’s Guide.

Accessing the Web User Interface

You can access the Web User Interface from the system tray, or with a web address.
The Web User Interface is available locally in the following address:
http://localhost:28080/fsecure/webui/
If you allow the remote access to the web user interface, you can access it with the following HTTPS address:
https://<host.domain>:28082/
Follow these instructions to add the product icon to the system tray.
1. Install the product icon.
If you are using GNOME, follow these instructions:
1. Right-click on the GNOME panel.
2. Choose Add Panel applet .
Loading...
+ 189 hidden pages