1. Manuals
  2. Brands
  3. F-SECURE Manuals
  4. Software
  5. LINUX SECURITY
  6. Manual

F-SECURE LINUX SECURITY Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

F-Secure Linux Security

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the LINUX SECURITY and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for F-SECURE LINUX SECURITY

Summary of Contents for F-SECURE LINUX SECURITY

  • Page 1 F-Secure Linux Security...

  • Page 3: Table Of Contents

    F-Secure Linux Security | TOC | 3 Table of Contents Chapter 1: Welcome ................7 How the Product Works ......................8 Protection Against Malware ..................8 Host Intrusion Prevention System .................8 Key Features and Benefits ......................9 Superior Protection against Viruses and Worms ............9 Transparent to End-users ...................10...
  • Page 4 4 | F-Secure Linux Security | TOC Installing Command Line Scanner Only ..............24 Using The Product With Samba Servers..............25 Creating a Backup .........................27 Uninstallation .........................27 Chapter 4: Administering the Product ...........29 Basics of Using F-Secure Policy Manager ................30 Accessing the Web User Interface ..................30 Testing the Antivirus Protection .....................31...
  • Page 5 F-Secure Linux Security | TOC | 5 Chapter 6: Troubleshooting.............67 Installing Required Kernel Modules Manully .................68 User Interface.........................68 F-Secure Policy Manager.......................69 Integrity Checking........................70 Firewall...........................71 Virus Protection........................72 Generic Issues........................74 Appendix A: Command Line Tools..........77 fsav ............................78 fsav-config ..........................78 dbupdate ..........................80 fsfwc ............................80 fsic ............................81...
  • Page 6 6 | F-Secure Linux Security | TOC "I Want To"..........................92 Appendix D: Advanced Web User Interface........93 Summary..........................94 Alerts............................94 Virus Protection........................95 Realtime Scanning.......................95 Scheduled Scanning ....................99 Manual Scanning ......................100 Firewall..........................105 General Settings .......................105 Rules .........................106 Network Services ......................106 Integrity Checking.........................107 Known Files ......................107 Rootkit Prevention......................107...

  • Page 7: Chapter 1: Welcome

    The solution can be easily deployed and managed either using the web user interface or F-Secure Policy Manager. F-Secure Policy Manager provides a tightly integrated infrastructure for defining and distributing security policies and monitoring the security of different applications from one central location.

  • Page 8: How The Product Works

    8 | F-Secure Linux Security | Welcome How the Product Works The product detects and prevents intrusions and protects against malware. With the default settings, computers are protected right after the installation without any time spent configuring the product. Protection Against Malware The product protects the system against viruses and potentially malicious files.

  • Page 9: Key Features And Benefits

    F-Secure Linux Security | Welcome | 9 predefined security profiles which are tailored for common use cases to select the traffic you want to allow and deny. • If an attacker gains a shell access to the system and tries to add a user account to login to the system later, Host Intrusion Prevention System ( HIPS) detects modified system files and alerts the administrator.

  • Page 10: Transparent To End-Users

    The product has extensive monitoring and alerting functions that can be used to notify any administrator in the company network about any infected content that has been found. • Alerts can be forwarded to F-Secure Policy Manager Console, e-mail and syslog.

  • Page 11: Chapter 2: Deployment

    Chapter Deployment Topics: • Deployment on Multiple Stand-alone Linux Workstations • Deployment on Multiple Centrally Managed Linux Workstations • Central Deployment Using Image Files...

  • Page 12: Deployment On Multiple Stand-Alone Linux Workstations

    The recommended deployment method is to delegate the installation responsibility to each user and then monitor the installation progress via F-Secure Policy Manager Console. After the installation on a host has completed, the host sends an autoregistration request to F-Secure Policy Manager.
  • Page 13 2. Configure the product to use the correct F-Secure Policy Manager Server. However, do not import the host to F-Secure Policy Manager Console if the host has sent an autoregistration request to the F-Secure Policy Manager Server. Only hosts on which the image file will be installed should be imported.

  • Page 15: Chapter 3: Installation

    Chapter Installation Topics: • System Requirements • Stand-alone Installation • Centrally Managed Installation • Upgrading • Custom Installations • Creating a Backup • Uninstallation...

  • Page 16: System Requirements

    16 | F-Secure Linux Security | Installation System Requirements A list of system requirements. Operating system: • Asianux 2.0, 3.0 • Debian 4.0 • Miracle Linux 3.0 • Red Hat Enterprise Linux 3, 4, 5 • SUSE Linux 9.0, 9.3, 10, 10.1 •...

  • Page 17: List Of Used System Resources

    F-Secure Linux Security | Installation | 17 work on any Linux distribution that has glibc 2.3.2 or later and Linux kernel 2.4 or 2.6, but any product upgrades may not work on unsupported platforms. You should report any issues that you may encounter with other distributions, but we cannot guarantee that they will be fixed.
  • Page 18 18 | F-Secure Linux Security | Installation • /etc/opt/f-secure • /var/opt/f-secure In addition, the installation creates the following symlinks: • /usr/bin/fsav -> /opt/f-secure/fssp/bin/fsav • /usr/bin/fsic -> /opt/f-secure/fsav/bin/fsic • /usr/bin/fsui -> /opt/f-secure/fsav/bin/fsui • /usr/share/man/man1/fsav.1 -> /opt/f-secure/fssp/man/fsav.1 • /usr/share/man/man8/fsavd.8 -> /opt/f-secure/fssp/man/fsavd.8 Changed System Files •...

  • Page 19: Stand-Alone Installation

    Stand-alone Installation The stand-alone installation mode is meant for evaluation use and for environments with few Linux computer where central administration with F-Secure Policy Manager is not necessary. You must have a compiler and the kernel source installed. Read the distribution-specific instructions in the Appendix B on how to check that the required tools are installed.

  • Page 20: Centrally Managed Installation

    Centrally Managed Installation In centrally managed mode, the product is installed locally, and it is managed with F-Secure Policy Manager that is installed on a separate computer. Centrally managed installation is the recommended installation mode when taking the product into use in a large network environment.

  • Page 21: Upgrading

    Upgrading from a Previous Product Version If you are running version F-Secure Linux Server Security 5.20 or later, you can install the product without uninstalling the previous version. If you have an earlier version, uninstall it before you install the latest version.

  • Page 22: Upgrading The Evaluation Version

    22 | F-Secure Linux Security | Installation Note: When you upgrade from F-Secure Linux Server Security 5.xx or earlier, the upgrade removes your previous keycode and the product is running in the evaluation version. Upgrade the evaluation version to full product version before using the product.

  • Page 23: Custom Installations

    F-Secure Linux Security | Installation | 23 3. Enter the keycode to upgrade to the licensed version of the product. Enter the keycode in the format you received it, including the hyphens that separate sequences of letters and digits. After you have entered the keycode, the evaluation version is upgraded to the full version.

  • Page 24: Installing Command Line Scanner Only

    Where MODE is standalone for the standalone installation or managed for the centrally managed installation. If MODE is managed, you have to provide the URL to F-Secure Policy Manager Server and the location of the administrator public key, for example: fspms=http://fspms.company.com/ adminkey=/root/admin.pub...

  • Page 25: Using The Product With Samba Servers

    The product can protect the whole Samba server in addition to the data on shared directories. All the protection features of the product are in use for Samba servers. 1. If you have F-Secure Anti-Virus for Samba Server installed, uninstall it before installing the product. Use the following command: /opt/f-secure/fsav/bin/uninstall-fsav 2.
  • Page 26 • Use the Firewall Rule Editor in F-Secure Policy Manager Console. 1. In the advanced mode of F-Secure Policy Manager Console, select the host or policy domain that you want to administer. 2. Select Linux Security 7.00...

  • Page 27: Creating A Backup

    You can uninstall the product with the uninstall-fsav command-line command. Run the following script as root user to uninstall the product /opt/f-secure/fsav/bin/uninstall-fsav The uninstall script does not remove configuration files. If you are sure that you do not need them any more, remove all files in the /etc/opt/f-secure/fsma path.

  • Page 29: Chapter 4: Administering The Product

    Chapter Administering the Product Topics: • Basics of Using F-Secure Policy Manager • Accessing the Web User Interface • Testing the Antivirus Protection...

  • Page 30: Basics Of Using F-Secure Policy Manager

    30 | F-Secure Linux Security | Administering the Product Basics of Using F-Secure Policy Manager In the centralized administration mode, F-Secure Policy Manager Console is used to change settings and view statistics of the F-Secure products. If your corporate network utilizes F-Secure Policy Manager to configure and manage F-Secure products, you can add the product to the existing F-Secure Policy Manager environment.

  • Page 31: Testing The Antivirus Protection

    After the product icon is installed to the system tray, you can access the Web User Interface with it. It is possible to have both F-Secure Policy Manager and the Web User Interface in use at the same time. Note: The user can locally override the settings created with F-Secure Policy Manager...

  • Page 33: Chapter 5: Using The Product

    Chapter Using the Product Topics: The Web User Interface is available locally in the following address: • Summary • Scanning for Viruses http://localhost:28080/fsecure/webui/ • Firewall Protection If you allow the remote access to the web user interface, you • Integrity Checking can access it with the following HTTPS address: •...

  • Page 34: Summary

    34 | F-Secure Linux Security | Using the Product Summary The summary page displays the product status and the latest reports. The product status displays the protection status and any possible errors or malfunctions. You can turn virus protection and integrity protection on and off and change the firewall protection level on the summary screen.
  • Page 35 F-Secure Linux Security | Using the Product | 35 1. Create a new service. a) Select the Network Services in the Advanced mode menu. b) Define a unique name for the service in the Service Name field. c) Enter a descriptive comment in the...
  • Page 36 Automatic Updates F-Secure Automatic Update Agent keeps the protection on your computer updated. F-Secure Automatic Update Agent retrieves the latest updates to your computer when you are connected to the Internet. Information about the latest virus definition database update can be found at: http://www.F-Secure.com/download-purchase/updates.shtml...

  • Page 37: Scanning For Viruses

    F-Secure Linux Security | Using the Product | 37 Important: If you install software without the Software Installation Mode when Integrity Checking monitors updated files, you may be unable to install or use the new software. For example, Integrity Checking may prevent a kernel update from booting properly as new drivers are not in the baseline.
  • Page 38 38 | F-Secure Linux Security | Using the Product Viruses A virus is usually a program that can attach itself to files and replicate itself repeatedly; they can alter and replace the contents of other files in a way that may damage the computer.
  • Page 39 F-Secure Linux Security | Using the Product | 39 • NetTool • Porn-Dialer • Porn-Downloader • Porn-Tool • Proxy • PSWTool • RemoteAdmin • RiskTool • Server-FTP • Server-Proxy • Server-Telnet • Server-Web • Tool List of platforms • Apropos •...

  • Page 40: Stopping Viruses And Other Malware

    40 | F-Secure Linux Security | Using the Product • Solomon • Symantec • TrendMicro • UNIX • • • Win16 • Win32 • Wintol • ZenoSearch Rootkits Rootkits are programs that make other malware difficult to find. Rootkit programs subvert the control of the operating system from its legitimate functions. Usually, a rootkit tries to obscure its installation and prevent its removal by concealing running processes, files or system data from the operating system.
  • Page 41 F-Secure Linux Security | Using the Product | 41 The product can scan specified files and directories, any removable media (such as portable drives) and downloaded content automatically. The product guards the computer for any changes that may indicate malware.

  • Page 42: Methods Of Protecting The Computer From Malware

    42 | F-Secure Linux Security | Using the Product Note: If you have the nautilus-actions package installed, scan actions are integrated into the right-click menu in GNOME file manager. Methods of Protecting the Computer from Malware There are multiple methods of protecting the computer from malware; deciding which method to use depends on how powerful the computer is and how high a level of protection is needed.
  • Page 43 F-Secure Linux Security | Using the Product | 43 Suspected Files Select the primary and secondary actions to take when heuristics scanning engine finds a suspected file. In the I want to... page in the web user interface, click Modify advanced settings...
  • Page 44 44 | F-Secure Linux Security | Using the Product Note: If Scan on open Scan on execute are turned off, nothing is scanned even Scan only executables is enabled. 3. Define Whitelisted executables which may access any files. The virus scan does not block any file accesses from whitelisted executables.
  • Page 45 F-Secure Linux Security | Using the Product | 45 3. Select how to treat password protected archives. Password protected archives cannot be scanned for viruses. • Turn on Treat password protected archives as safe to allow access to password protected archives. The user who opens the password protected archive should have an up-to-date virus protection on the computer if password protected archives are treated as safe.
  • Page 46 46 | F-Secure Linux Security | Using the Product After configuring the risware scanning settings, configure how alerts and reports are handled in Alerts page. Scanning the Computer Manually You can scan the computer for viruses manually to make sure that specified files or every possible file is checked for viruses.
  • Page 47 F-Secure Linux Security | Using the Product | 47 By default, the primary action for suspected files is Report only. 2. Select the secondary action. The secondary action takes place if the primary action cannot be performed. After configuring the suspected file settings, configure how alerts and reports are handled in the Alerts page.
  • Page 48 48 | F-Secure Linux Security | Using the Product In the I want to... page in the Web User Interface, click Modify advanced settings... to view and configure advanced virus scanning settings. 1. Turn on Scan inside archives if you want to scan files inside archives.
  • Page 49 F-Secure Linux Security | Using the Product | 49 Use the following format to specify riskware you want to exclude and separate each entry with a semicolon (;) Category.Platform.Familywhere category, platform or family can be * wildcard. For example, Client-IRC.*.* excludes all riskware entries in the Client-IRC category.

  • Page 50: Firewall Protection

    50 | F-Secure Linux Security | Using the Product 3. Add directories that should be scanned to the Directories to scan box. Add one directory per line. 4. Click Save task to add the scheduled scanning task into the schedule.

  • Page 51: What Are Security Profiles

    F-Secure Linux Security | Using the Product | 51 What Are Security Profiles? Firewall security profiles define the level of protection on the computer. Each security profile has a predefined set of firewall rules, which define the type of traffic that is allowed to or denied from your computer.
  • Page 52 52 | F-Secure Linux Security | Using the Product Security profile Description Disabled Allows all inbound and outbound network traffic. How are security profiles related to firewall rules and services? A security profile consists of several firewall rules. A firewall rule consists of several firewall services.

  • Page 53: Firewall Rules

    F-Secure Linux Security | Using the Product | 53 Firewall Rules Firewall rules define what kind of Internet traffic is allowed or blocked. Each security level has a predefined set of firewall rules, which you cannot change. The selected security level affects the priority which your own rules receive in relation to the predefined rules.
  • Page 54 54 | F-Secure Linux Security | Using the Product • Responder port: the port on the computer where the connection ends. Whether the port on the computer is an initiator port or responder port depends on the direction of the traffic: •...
  • Page 55 F-Secure Linux Security | Using the Product | 55 Select Firewall Rules in the Advanced mode menu to create a firewall rule that uses the service you have defined. b) Select the profile where you want to add a new rule and click...

  • Page 56: Firewall Settings

    56 | F-Secure Linux Security | Using the Product An example of how the priority order works Following examples clarify how you can control which rules are applied to a specific network traffic by changing the order of firewall rules.

  • Page 57: Integrity Checking

    F-Secure Linux Security | Using the Product | 57 4. Add network interfaces to the Trusted network interfaces list and separate each entry with a comma. All traffic to trusted network interfaces is allowed. Integrity Checking Integrity Checking protects important system files against unauthorized modifications.
  • Page 58 58 | F-Secure Linux Security | Using the Product • Select Unmodified to display all baselined files that have not been modified. • Select to display all files in the known files list. 2. If you want to limit the search by the filename, enter any part of the filename of the monitored...

  • Page 59: Software Installation Mode

    F-Secure Linux Security | Using the Product | 59 1. Enter the filename of the file you want to monitor to the Filename field. If you want to add more than one file, separate each filename with a space. 2. Select the protection method you want to use.

  • Page 60: Baseline

    60 | F-Secure Linux Security | Using the Product When the Software Installation Mode is enabled, any process can load any kernel modules regardless whether they are in the baseline or not and any process can change any files in the baseline, whether those files are protected or not.

  • Page 61: Rootkit Prevention

    F-Secure Linux Security | Using the Product | 61 Note: The default list of known files is generated upon installation, and contains the most important system files. The list of files differs between distributions. Run /opt/f-secure/fsav/bin/fslistfiles to retrieve the exact list of files.

  • Page 62: General Settings

    62 | F-Secure Linux Security | Using the Product The kernel module verification protects the system against rootkits by preventing unknown kernel modules from loading. When the kernel module verification is on, only those kernel modules that are listed in the known files list and which have not been modified can be loaded.
  • Page 63 F-Secure Linux Security | Using the Product | 63 Severity Level Syslog priority Description Error Recoverable error on the host. For example, the virus definition database update is older than the previously accepted version. Fatal Error emerg Unrecoverable error on...
  • Page 64 Configuring Alerts Change Communications settings to configure where alerts are sent. In the centrally managed installation mode, make sure that the URL of the F-Secure Policy Manager Server address is correct in the Server Address field. Use Upload Policy Manager Server Certificate field to enter the location of the admin.pub key.

  • Page 65: Automatic Updates

    Automatic Updates F-Secure Automatic Update Agent keeps the protection on your computer updated. F-Secure Automatic Update Agent retrieves the latest updates to your computer when you are connected to the Internet. Information about the latest virus definition database update can be found at: http://www.F-Secure.com/download-purchase/updates.shtml...

  • Page 66: F-Secure Policy Manager Proxies

    When you use F-Secure Policy Manager Proxy as an updates source, F-Secure products can be configured to retrieve virus definition database updates from a local update repository rather than from the central F-Secure Policy Manager Server.

  • Page 67: Chapter 6: Troubleshooting

    Chapter Troubleshooting Topics: • Installing Required Kernel Modules Manully • User Interface • F-Secure Policy Manager • Integrity Checking • Firewall • Virus Protection • Generic Issues...

  • Page 68: Installing Required Kernel Modules Manully

    68 | F-Secure Linux Security | Troubleshooting Installing Required Kernel Modules Manully You may need to install required kernel modules manualy if you forgot to use Software Installation Mode and the system is not working properly or in large installations when some hosts do not include development tools or kernel source.

  • Page 69: F-Secure Policy Manager

    1. Right-click on the GNOME panel. 2. Choose Add Panel applet. 3. Select F-Secure Panel Applet from the list of installed GNOME panel applets. How do I enable the debug log for the web user interface? Add the following setting to /opt/f-secure/fsav/tomcat/conf/logging.properties: .level=FINEST The logfile is in /var/opt/f-secure/fsav/tomcat/catalina.out.

  • Page 70: Integrity Checking

    My network stopped working after I upgraded the product, how can I fix this? You have to upgrade the MIB file in your F-Secure Policy Manager installation, otherwise the upgraded product uses the Server firewall profile, which blocks virtually all traffic.

  • Page 71: Firewall

    F-Secure Linux Security | Troubleshooting | 71 There are too many modified files to update with the user interface. Create a new baseline. Execute the following commands: /opt/f-secure/fsav/bin/fslistfiles | fsic --add - fsic --baseline Do I have to use the same passphrase every time I generate the baseline?

  • Page 72: Virus Protection

    72 | F-Secure Linux Security | Troubleshooting 4. Click Add as a new service and Save. 5. Go to the firewall menu and click Firewall Rules. 6. Click Add new rule. 7. Create the following rule: • Type: ACCEPT •...
  • Page 73 F-Secure Linux Security | Troubleshooting | 73 How do I enable the debug log for real-time virus scanner? In Policy Manager Console, go to Product Settings Advanced and set fsoasd log level Debug. In standalone installation, run the following command: /opt/f-secure/fsma/bin/chtest s 44.1.100.11 9...

  • Page 74: Generic Issues

    74 | F-Secure Linux Security | Troubleshooting /opt/f-secure/fsma/bin/chtest s 45.1.70.10 1 Does the real-time scan scan files when they are renamed or linked? The real-time scan can scan files every time they are opened, closed or executed. It does not scan them when you rename or create or remove a link to a file.
  • Page 75 4. If you are using the centralized administration mode, make sure that the DNS queries return addresses quickly or use IP addresses with F-Secure Policy Manager. The product is unable to contact the database, how can I fix this? Sometimes, after a hard reset for example, the product may be unable to contact the database.
  • Page 76 76 | F-Secure Linux Security | Troubleshooting I get reports that "F-Secure Status Daemon is not running", how can I start it? Sometimes, after a hard reset for example, F-Secure Status Daemon may fail to start. Restart the product to solve the issue: /etc/init.d/fsma restart...

  • Page 77: Appendix A: Command Line Tools

    Appendix Command Line Tools Topics: For more information on command line tools and options, see man pages. • fsav • fsav-config • dbupdate • fsfwc • fsic • fsims • fsma • fssetlanguage • fschooser...

  • Page 78: Fsav

    78 | F-Secure Linux Security | Command Line Tools fsav fsav is a program that scans files for viruses and other malicious code. fsav scans specified targets (files or directories) and reports any malicious code it detects. Optionally, fsav disinfects, renames or deletes infected files.
  • Page 79 If you want to evaluate the product and do not have a keycode, press ENTER. 4. Select between the stand-alone and centrally managed installation. a) In the centrally managed installation, enter the address of the F-Secure Policy Manager Server. Address of F-Secure Policy Manager Server: [http://localhost/]: b) In the centrally managed installation, enter the location of the admin.pub key.

  • Page 80: Dbupdate

    Please insert passphrase for HMAC creation (max 80 characters) dbupdate dbupdate is a shell script for updating F-Secure Anti-Virus virus definition databases. Before you can update virus definition databases manually, you have to disable the periodic database update. Follow these instructions to update virus definition databases manually from the command line: 1.

  • Page 81: Fsic

    F-Secure Linux Security | Command Line Tools | 81 fsic You can create the baseline, add files to the baseline and verify the baseline with the fsic command line tool. 1. To create the baseline, follow these instructions: a) Run the fsic tool with the --baseline option: fsic --baseline b) Enter a passphrase to create the signature.

  • Page 82: Fsma

    82 | F-Secure Linux Security | Command Line Tools fsma You can use fsma command to check the status of the product modules. Run the following command: /etc/init.d/fsma status Module Process Description F-Secure Alert Database Stores alerts to a local...

  • Page 83: Fssetlanguage

    F-Secure Linux Security | Command Line Tools | 83 Module Process Description F-Secure FSAV Web UI Handles the web user /opt/f-secure/fsav/tomcat/bin/ interface. catalina.sh start F-Secure FSAV PostgreSQL Stores alerts that can be / o p t / f - s e c u r e / c o m m o n / p o s t g r e s q l / b i n /...
  • Page 84 84 | F-Secure Linux Security | Command Line Tools Note: Press ctrl+C to cancel your changes.

  • Page 85: Appendix B: Before You Install

    Appendix Before You Install Topics: Note: Some distributions run prelink periodically from cron to make linked libraries run faster. Run this manually • 64-bit Distributions if it is not run automatically before you activate the Integrity • Distributions Using Prelink Checker.

  • Page 86: 64-Bit Distributions

    If you have already installed F-Secure Linux Security, follow these instructions: 1. Run /opt/f-secure/fsav/bin/fsims on from the command line to turn on the software installation mode. In the software installation mode, the product allows modifications to system files.

  • Page 87: Red Hat Enterprise Linux, Miracle Linux, Asianux

    F-Secure Linux Security | Before You Install | 87 To use prelinking, you have to turn on the software installation mode before prelinking and turn it off when prelinking is finished. This allows the prelink to make the changes in system files in a controlled way.

  • Page 88: Debian

    88 | F-Secure Linux Security | Before You Install • kernel-smp-devel To see which kernel is in use, enter the following command: uname -r For the 'F-Icon' System Tray applet to work, the following rpm packages are required: • kdelibs •...

  • Page 89: Suse

    F-Secure Linux Security | Before You Install | 89 sudo apt-get install linux-headers-`uname -r` SUSE The following steps are required to install the product on a computer running SUSE Linux. These instructions have been tested on the following SUSE versions: 9.1, 9.2, 9.3, 10.0, 10.1.

  • Page 90: Ubuntu

    90 | F-Secure Linux Security | Before You Install Turbolinux 11 For Dazuko kernel module compilation, you need to install the same packages as in Turbolinux 10. Use the following commands: cd /usr/src/linux-2.major.minor ./SetupKernelSource.sh architecture make oldconfig where major.minor is the kernel version and architecture is either i686, i686smp64G, or x86_64.

  • Page 91: Appendix C: Basic Web User Interface

    Appendix Basic Web User Interface Topics: Following tables display the settings that appear on the Basic Web User Interface. • "I Want To"...

  • Page 92: I Want To

    92 | F-Secure Linux Security | Basic Web User Interface "I Want To" The following user interface controls appear on the Main User Interface I want to page. Element Description Scan the computer for malware Use this wizard to manually scan for malware.

  • Page 93: Appendix D: Advanced Web User Interface

    Appendix Advanced Web User Interface Topics: Following tables display the settings that appear on the Advanced Web User Interface. • Summary • Alerts • Virus Protection • Firewall • Integrity Checking • General Settings...

  • Page 94: Summary

    94 | F-Secure Linux Security | Advanced Web User Interface Summary The following user interface controls appear on the Advanced User Interface Summary page. Element Description Virus Protection When enabled, all file accesses done by the system is scanned for malware. This also needs to be enabled for on-access integrity checking.

  • Page 95: Virus Protection

    F-Secure Linux Security | Advanced Web User Interface | 95 Element Description * Select Read to view alerts you have already viewed. 2. Select the Severity of security alerts you want to view. For more information, see “Alert Severity Levels”, 38.
  • Page 96 96 | F-Secure Linux Security | Advanced Web User Interface Element Description the file, if successful access is allowed. Rename = Deny access. Rename the infected file to .virus extension. Delete = Deny access. Delete the infected file. Deny access = Deny access. Do not send an alert.
  • Page 97 F-Secure Linux Security | Advanced Web User Interface | 97 Element Description is applied. If also the secondary actions fails an alert is sent describing the failed actions. Files and directories excluded from scanning Directories listed here will not be scanned.
  • Page 98 98 | F-Secure Linux Security | Advanced Web User Interface Element Description Maximum number of nested archives Defines how many levels deep to scan in nested archives. It is not recommended to set this value too high as this will make the product...

  • Page 99: Scheduled Scanning

    F-Secure Linux Security | Advanced Web User Interface | 99 Element Description Deny access = Deny access. Do not send an alert. If the primary action fails, the secondary action is applied. If also the secondary actions fails an alert is sent describing the failed actions.

  • Page 100: Manual Scanning

    100 | F-Secure Linux Security | Advanced Web User Interface Element Description See 'man crontab' for allowed values for Minute, Hour, Day of Month, Month and Day of Week fields. Manual Scanning The following user interface controls appear on the...
  • Page 101 F-Secure Linux Security | Advanced Web User Interface | 101 Element Description Secondary action Specify the secondary action to take when an infection is detected and the primary action has failed. Do nothing = Do nothing. (Only show the infection to the user.) Report only = Only send an alert.
  • Page 102 102 | F-Secure Linux Security | Advanced Web User Interface Element Description If the primary action fails, the secondary action is applied. If also the secondary actions fails an alert is sent describing the failed actions. Secondary Action on Suspected Files...
  • Page 103 F-Secure Linux Security | Advanced Web User Interface | 103 Element Description included in scanning according to what is defined in the other scanning settings Files and directories excluded from scanning Determines whether some paths (either files or directories) will be excluded from scanning.
  • Page 104 104 | F-Secure Linux Security | Advanced Web User Interface Element Description scanning will stop on the first infection. Otherwise the whole archive is scanned. Scan for Riskware Set this on to report and handle riskware detections. Riskware is potential spyware.

  • Page 105: Firewall

    F-Secure Linux Security | Advanced Web User Interface | 105 Element Description Preserve access times If this setting is on, file access times are not modified when they are scanned. If a file is modified due to disinfection, then both access and modify times will change.

  • Page 106: Rules

    106 | F-Secure Linux Security | Advanced Web User Interface Element Description comma. All traffic to and from these interfaces will be allowed. Rules The following user interface controls appear on the Advanced User Interface Firewall Firewall Rules page. Element...

  • Page 107: Integrity Checking

    F-Secure Linux Security | Advanced Web User Interface | 107 Element Description Officially assigned ports are available from: ftp://ftp.iana.org/assignments/port-numbers Integrity Checking Following tables display the integrity checking settings. Known Files The following user interface controls appear on the Advanced User Interface...

  • Page 108: General Settings

    108 | F-Secure Linux Security | Advanced Web User Interface Element Description match baseline, allowing all kernel modules to load. Write protect kernel memory If enabled, integrity checking will write protect kernel memory (/dev/kmem). Report If disabled, integrity checking will not write protect kernel memory (/dev/kmem).
  • Page 109 F-Secure Linux Security | Advanced Web User Interface | 109 Element Description Alert Forwarding Specifies where the alerts are sent based on their severity classification. Server The address of the SMTP server in the form <host>[:<port>] where "host" is the DNS-name or IP-address of the SMTP server, and "port"...

  • Page 110: Automatic Updates

    110 | F-Secure Linux Security | Advanced Web User Interface Automatic Updates The following user interface controls appear on the Advanced User Interface General Automatic Updates page. Element Description Updates enabled Enable or disable automatic checking for new updates. If set to 'Disabled', Automatic Update Agent will not automatically check for any kind of new updates.
  • Page 111 F-Secure Linux Security | Advanced Web User Interface | 111 Element Description to an Update Server or PM proxy go through HTTP proxy. If an HTTP proxy cannot be reached, Automatic Update Agent will fall back to using a direct connection.
  • Page 112 112 | F-Secure Linux Security | Advanced Web User Interface Element Description Database age in days before reminders are Defines how many days must have passed sent since the publishing of currently used virus definitions before the user is reminded of the...

  • Page 113: Appendix E: List Of Traps

    Appendix List of Traps Integrity Checking The list of FSIC traps: Trap Severity Description Number Security alert Integrity checking baseline generated at host Security alert Integrity checking baseline verification failed. Baseline has been compromised or the passphrase used to verify the baseline is incorrect Security alert File failed integrity check...
  • Page 114 114 | F-Secure Linux Security | List of Traps Trap Severity Description Number Informational Database update started Informational Database update finished Security alert On-Access Virus Alert Informational Process started Informational Process stopped Fatal error Process crashed Fatal error Process failed to start...
  • Page 115 F-Secure Linux Security | List of Traps | 115 Virus Definition Database Verification The list of DAAS traps. Trap Severity Description Number Warning Extra files were detected in the database update package Warning The package has been modified Warning Bad or missing manifest file...
  • Page 116 116 | F-Secure Linux Security | List of Traps Trap Severity Description Number Warning The publisher's certificate in the package has been revoked with high severity Warning Bad or missing revocation file Warning There was not enough memory to complete the operation...
  • Page 117 F-Secure Linux Security | List of Traps | 117 Trap Number Severity Description Fatal error Process failed to start Informational Firewall enabled Error Firewall disabled Error Could not set firewall rules Informational Firewall rules updated Anti-virus The list of on-access scanner traps...
  • Page 118 118 | F-Secure Linux Security | List of Traps Trap Severity Description Number Security alert Integrity checking fatal error Security alert Integrity checking hash calculation failed Security alert Integrity checking file attribute check failed Security alert Integrity checked file compromised...

  • Page 119: Appendix F: Get More Help

    Appendix Get More Help The fsdiag report, which is generated by the F-Secure Diagnostics Tool, contains vital information from your system. The information is needed by our support engineers so that they can solve your problem. After you run fsdiag, the fsdiag.tar.gz report file is created on the current directory.
  • Page 120 Man Pages fsav....................2 fsavd................... 32 dbupdate..................48 fsfwc ................... 52 fsic ....................55 fschooser..................62 fsims ................... 64 fssetlanguage ................67 G - 1...

  • Page 121: Fsav

    Linux viruses, macro viruses infecting Microsoft Office files, Win- dows viruses and DOS file viruses. F-Secure Security Platform can also detect spy- ware, adware and other riskware (in selected products). fsav can scan files inside ZIP, ARJ, LHA, RAR, GZIP, TAR, CAB and BZ2 archives and MIME messages.
  • Page 122 CHAPTER G G - 3 Synonym to --virus-action2, deprecated. --action1-exec=PROGRAM F-Secure Security Platform runs PROGRAM if the primary action is set to custom/exec. --action2-exec=PROGRAM F-Secure Security Platform runs PROGRAM if the secondary action is set to custom/exec. --action-timeout={e,c} What to do when the scan times out: Treat the timeout as error (e) or clean (c).
  • Page 123 (/etc/opt/f-secure/fssp/ fssp.conf). fsma: Use the F-Secure Policy Manager based management method optionally specifying the OID used in sending alerts. --databasedirectory=path Read virus definition databases from the directory path. The default is ".". This option cannot be used to change the database directory of fsavd that is running.
  • Page 124 CHAPTER G G - 5 is on. (In previous versions, this option was called 'dumb'.) --exclude=path Do not scan the given path. --exclude-from=file Do not scan paths listed in the file. Paths should be absolute paths ending with a newline character. --extensions=ext,ext,...
  • Page 125 CHAPTER G G - 6 List all files that are scanned. --maxnested=value Should be used together with the --archive option. Set the maximum number of nested archives (an archive containing another archive). If the fsav encounters an archive that contains more nested archives than the specified value, it reports a scan error for the file.
  • Page 126 CHAPTER G G - 7 Ignore password-protected archives. NOTE: Certain password- protected archives are reported as suspected infections instead of password-protected archives. --preserveatime[={on,off,yes,no,1,0}] Preserve the last access time of the file after it is scanned. If the option is enabled, the last access time of the file does not change when it is scanned.
  • Page 127 CHAPTER G G - 8 other executable bits set, it is scanned regardless of the file extension. --scantimeout=value Set a time limit in seconds for a single file scan or disinfection task. If scanning or disinfecting the file takes longer than the specified value, fsav reports a scan error for the file.
  • Page 128 CHAPTER G G - 9 Show the status of the fsavd scanning daemon and exit. If the daemon is running, the exit code is zero. Otherwise, the exit code is non-zero. NOTE: Usually, a scanning daemon which is not running is not an error, as fsav launches the daemon before the scan by default.
  • Page 129 If this option is not set, an error will be reported for large files. --version Show F-Secure Security Platform version, engine versions and dates of database files, and exit. Note Database versions contain date of the databases only. There may be several databases released on same day.
  • Page 130 CHAPTER G G - 11 --virus-action1={report,disinf|clean,rename,delete|remove,abort, custom|exec} Primary action to take when a virus infection is found: report only (to terminal and as an alert), disinfect/clean, rename, delete/ remove, abort scanning or execute a user-defined program (cus- tom/exec). --virus-action2={report,disinf|clean,rename,delete|remove,abort, custom|exec} Secondary action to take if primary action fails.
  • Page 131 CHAPTER G G - 12 Explanation: Partial MIME messages are splitted into several files and cannot be scanned. Typically, the message contains the following header information 'Content- Type: message/partial;'. MIME decompression error. Explanation: Scanned MIME message uses non-standard encoding and cannot be scanned.
  • Page 132 CHAPTER G G - 13 The default primary action is disinfect and the default secondary action is rename. fsav must have write access to the file to be disinfected. Disinfection is not always possible and fsav may fail to disinfect a file. Especially, files inside archives cannot be disinfected.
  • Page 133 CHAPTER G G - 14 fsav warnings are written to the standard error stream (stderr). Warnings do not stop the program. fsav ignores the reason for the warning and the execution continues as normal. Unknown option '<user given option name>' in configuration file <file path> line <line number>...
  • Page 134 CHAPTER G G - 15 Explanation: The mimescanning field in the configuration file has an incorrect value. Resolution: Edit the configuration file and set the mimescanning field to one of the fol- lowing: 1 or 0. Restart fsav to take new values in use. Illegal scan executables value '<user given value>' in configuration file <file path>...
  • Page 135 CHAPTER G G - 16 Maximum scan engine instances value '<user given value>' is out of range in configuration file <file path> line <line number> Explanation: The engineinstancemax field in the configuration file is less than zero or more than LONG_MAX. Resolution: Edit the configuration file.
  • Page 136 CHAPTER G G - 17 Edit configuration file and set the action field to one of the following: report, disinfect, clean, rename, delete, remove, abort, custom or exec. Restart fsav to take new val- ues in use. Unknown syslog facility '<user given value>' in configuration file <file path> line <line number>...
  • Page 137 CHAPTER G G - 18 Invalid socket path '<socket path>': <OS error>. Explanation: The user has given invalid socket path from configuration file or from command-line, either socket does not exist or is not accessible. Resolution: fsav exits with fatal error status (exit code 1). The user has to correct the command-line parameters or configuration file or remove the file from path and start the fsav again.
  • Page 138 CHAPTER G G - 19 not exist, is not accessible or is too long in the configuration file. Resolution: The user has to correct the path and start fsav again. Scan engine directory '<directory path>' is not valid: <OS error message> Explanation: The user has entered a scan engine directory path which either does not exist, is not accessible or is too long from the command-line.
  • Page 139 CHAPTER G G - 20 Explanation: The user has given a file path to the input option which either does not exist or is not accessible. Resolution: The user has to correct command-line options and try again. Illegal command line option value '<user given option>'. Explanation: The user has entered an unknown command-line option from the com- mand-line.
  • Page 140 CHAPTER G G - 21 Explanation: The user has tried to request the server version with version but the request processing failed. Resolution: The server is not running. The product may be installed incorrectly. The installdirectory is either missing or wrong in the configuration file. The system may be low in resources so launching might have failed because of e.g.
  • Page 141 Resolution: The server has died unexpectly. The user should restart the server and try to scan the file again. If the problem persists, the user should send a bug report and a file sample to F-Secure. Update directory '<file path>' is not valid: <OS error message>...
  • Page 142 CHAPTER G G - 23 Resolution: The database update process does not have proper rights to create the flag file and fails. The user has to make sure the update process runs with proper rights or the database directory has proper access rights. Could not open lock file '<file path>'.
  • Page 143 CHAPTER G G - 24 Resolution: fsavd is halted. The user should stop fsavd, remove the update flag file, do database update and start fsavd again. Database update failed, restored old ones. Explanation: The database update process has failed to perform the update but suc- ceeded to restore the database backups.
  • Page 144 CHAPTER G G - 25 Resolution: The user has to move the file to a shorter path and try to scan the file again. <file path>: ERROR: Could not open the file [<scan engine>] Explanation: The scan engine could not open the file for scanning because the scan engine does not have a read access to the file.
  • Page 145 Resolution: The server has died unexpectly. The user should restart fsavd and try to scan the file again. If the problem persists, the user should send a bug report and a file sample to F-Secure. In case of other error messages type of '<filename>: ERROR: <error message>...
  • Page 146 G - 27 to be scanned. If the same error message appears every time the file is scanned, either exclude the file from the scan or send a sample file to F-Secure Anti-Virus Research. See the instructions for more information.
  • Page 147 CHAPTER G G - 28 Suspicious files found; these are not necessarily infected by a virus. Scan error, at least one file scan failed. Program was terminated by pressing CTRL-C, or by a sigterm or suspend event. fsav reports the exit codes in following priority order: 130, 7, 1, 3, 4, 8, 6, 9, 0.
  • Page 148 CHAPTER G G - 29 $ fsav --archive --scantimeout=180 --allfiles /mnt/ smbshare Scan and list files with '.EXE' or '.COM' extension in a directory '/mnt/smbshare': $ fsav --list --extensions='exe,com' /mnt/smbshare Scan and disinfect or rename infected/suspected files without confirmation: $ fsav --virus-action1=disinf --virus-action2=rename - -auto /mnt/smbshare Scan files found by find(1) -command and feed the scan report to the mail(1) com- mand:...
  • Page 149 Bugs Please refer to 'Known Problems' -section in release notes. Authors F-Secure Corporation Copyright Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved. Portions Copyright (c) 2001-2008 Kaspersky Labs. See Also dbupdate(8), fsavd(8)
  • Page 150 CHAPTER G G - 31 For more information, see F-Secure home page.

  • Page 151: Fsavd

    DESCRIPTION fsavd is a scanning daemon for F-Secure Security Platform. In the startup it reads the configuration file (the default configuration file or the file specified in the command line) in the startup and starts to listen to connections to the UNIX domain socket spec- ified in the configuration file.
  • Page 152 PATH as the configuration file instead of the default configuration file (/etc/opt/f-secure/fssp/ fssp.conf). fsma: Use the F-Secure Policy Manager based management method optionally specifying the OID used in sending alerts. --databasedirectory=path Read virus definition databases from the directory path. The default is ".". --enginedirectory=path Load scan engines from the directory path.
  • Page 153 CHAPTER G G - 34 If the path contains non-existing directories, the directories are created and the directory permission is set to read/write/exec permission for owner and read/exec permission for group and others. Created directories will have sticky bit on by default. Directory permissions can be changed with dirmode configura- tion file option.
  • Page 154 G - 35 --help Show command line options and exit. --version Show F-Secure Security Platform version and dates of signature files, and exit. LOGGING fsavd logs scan failures, infected and suspected files to the fsavd's log file defined with the logfile fsavd writes errors during start-up to standard error stream. After successful start-up log entries are written to a log file.
  • Page 155 CHAPTER G G - 36 File <file path> disinfect failed. Explanation: fsavd reports that all the scan engines failed to disinfect the file. File <file path> infected: <infection name> [<scan engine>] Explanation: The scan engine reports that the file was found infected. File <file path>...
  • Page 156 CHAPTER G G - 37 Resolution: fsavd tries to proceed. The user has to edit configuration file and set the archivescanning field to one of the following: 1, 0, on, off, yes, or no. The user has to restart fsavd to take values in effect. Illegal MIME scanning value '<user given value>' in configuration file <file path>...
  • Page 157 CHAPTER G G - 38 Explanation: The scantimeout field in the configuration file is not a valid number. Resolution: fsavd tries to proceed. The user has to edit the configuration file and restart fsavd. Scan timeout value '<user given value>' is out of range in configuration file <file path>...
  • Page 158 CHAPTER G G - 39 Resolution: fsavd tries to proceed. The user has to edit the configuration file and try again. Maximum scan engine instances value '<user given value>' is out of range in configuration file <file path> line <line number> Explanation: The engineinstancemax field in the configuration file is less than zero or more than LONG_MAX.
  • Page 159 CHAPTER G G - 40 Resolution: fsavd has noticed the scan engine has died. fsavd tries to restart the scan engine. If the scan engine was scanning a file, the file is reported to be failed to scan. Database file <file path> not needed and should be deleted. Explanation: The scan engine reports that the database directory contains a depra- cated database file.
  • Page 160 Resolution: fsavd shuts down the scan engine process and tries to restart the scan engine. If problem still occurs, the user may try to update databases or scan engine to resolve the problem. If the problem persists the user needs to contact F-Secure support.
  • Page 161 The problem may be in a file which the scan engine is scanning. If the user can recognize the source as a problematic file, the user should make a bug report and send a file sample to F-Secure. Resolution: fsavd shuts down the scan engine process and restarts the scan engine.
  • Page 162 CHAPTER G G - 43 rect library calls from the library. Resolution: fsavd exits with error status. Scan engine shared libraries are corrupted. Product needs to be re-installed. Options parsing failed. Explanation: The user has given an unknown option or an option value from the com- mand-line.
  • Page 163 CHAPTER G G - 44 Resolution: The user has to correct the path and start fsavd again. Scan engine directory '<directory path>' is not valid in configuration file at line <line number>: <OS error message> Explanation: The user has entered a scan engine directory path which either does not exist, is not accessible or is too long from the configuration file.
  • Page 164 The default configuration file for F-Secure Security Platform <install directory>/etc/fsav Startup file for F-Secure Security Platform <install directory>/databases Directory for Anti-Virus signature database files. <install directory>/lib Directory for Anti-Virus scan engine and F-Secure Security Plat- form shared library files. EXAMPLES...
  • Page 165 Check fsavd, scan engine and database versions: $ fsavd --version Bugs Please refer to 'Known Problems' -section in release notes. AUTHORS F-Secure Corporation Copyright Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved. Portions Copy- right (c) 2001-2007 Kaspersky Labs. SEE ALSO...
  • Page 166 CHAPTER G G - 47 dbupdate(8), fsav(1) For more information, see F-Secure home page.

  • Page 167: Dbupdate

    Agent. Used for fully automatic database updates. DESCRIPTION dbupdate is a shell script for updating F-Secure Security Platform Virus Definition Databases. It can update databases downloaded by F-Secure Automatic Update Agent (a fully automatic background process) or databases transferred to the host by other means (such as ftp).
  • Page 168 G - 49 SCHEDULED UPDATE OVER NETWORK Typically, dbupdate is started from cron(8) frequently with the following command: dbupdate --auto. This takes into use updates that F-Secure Automatic Update Agent has the previously downloaded. OPERATION If new databases are available, database files are copied to updatedirectory.
  • Page 169 An error has occurred. See program output and /var/opt/f- secure/fssp/dbupdate.log for details. Virus definition databases were succesfully updated. BUGS Please refer to 'Known Problems' section in the release notes. AUTHORS F-Secure Corporation Copyright Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved. SEE ALSO...
  • Page 170 CHAPTER G G - 51 fsav(1) and fsavd(8) For more information, see F-Secure home page.

  • Page 171: Fsfwc

    CHAPTER G G - 52 support@F-Secure.com fsfwc (1) fsfwc command line interface for firewall daemon fsfwc options Description With this tool firewall can be set to different security levels. If invoked without any options, it will show current security level and minimum allowed.
  • Page 172 CHAPTER G G - 53 Profile for roadwarririors: ssh and VPN pro- tocols are allowed. DHCP, HTTP, FTP and common email protocols are allowed. All incoming connections are blocked. office Profile for office use. It is assumed that some external firewall exists between Inter- net and the host.
  • Page 173 CHAPTER G G - 54 4Invalid arguments AUTHORS F-Secure Corporation COPYRIGHT Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved. SEE ALSO For more information, see F-Secure home page.

  • Page 174: Fsic

    Command line interface for integrity checker fsic options target ... Description F-Secure Integrity Checker will monitor system integrity against tampering and unau- thorized modification. If invoked without any options, fsic will verify all files in the known files list and report any anomalies.
  • Page 175 CHAPTER G G - 56 inode information is shown. If file differs from baselined information, detailed comparison is shown. --virus-scan={yes=default,no} Scan for viruses when verifying. (default: yes) --auto={yes,no=default} Disable action confirmation. Assumes 'Yes' to all enabled actions. Please note that -- auto=no disables the auto switch, same as if --auto would not have been given at all.
  • Page 176 CHAPTER G G - 57 Enable/disable virus scanning of the files during baselining. Viruses are scanned with options --dumb and --archive. (See fsav(1)) --auto={yes,no=default} Disable the action confirmation. Assumes 'Yes' to all enabled actions. Please note that --auto=no disables the auto switch, same as if --auto would not have been given at all.
  • Page 177 CHAPTER G G - 58 match baselined information. --alert={yes=default,no} Specify whether to send an alert if file differs from baselined information. --ignore={hash,mtime,mode,uid,gid,size} Specify which properties of the file are not monitored. Any combination of properties can be ignored. By default all properties are monitored.
  • Page 178 CHAPTER G G - 59 denied if file does not match with baselined information. '.' on either P or R column means that Protection or Reporting respectively is not enabled. If a change is detected against the baseline, it is reported as follows [Note] .RA /bin/ls Hash does not match baselined hash [Note] .RA /bin/ls inode information does not match base- lined data...
  • Page 179 CHAPTER G G - 60 When --baseline is specified the integrity checker will recalculate hash and inode information for all files known to the integrity checker. Previously generated baseline will be overwritten. User will be asked to confirm adding files to new baseline. For example, /bin/ls: Accept to baseline? (Yes,No,All yes, Disregard new entries) If file has been modified fsic will ask...
  • Page 180 * Files do not match baselined information, or * A virus was detected in one of the files FILES None. EXAMPLES None. NOTES None. BUGS None. AUTHORS F-Secure Corporation COPYRIGHT Copyright (c) 1999-2008 F-Secure Corporation. All Rights Reserved. SEE ALSO For more information, see F-Secure home page.

  • Page 181: Fschooser

    G - 62 support@F-Secure.com fschooser (8) fschooser Command line tool for enabling and disabling some features of F-Secure Linux Security. fschooser Description This tool can be used to completely enable and disable some features of F-Secure Linux Security. The tool is invoked without any parameters and has an interactive prompt where it is possible to enable or disable the features.
  • Page 182 When Web User Interface is disabled, the local alert database will still be running so any alerts received will be available in the Web User Interface when it is re-enabled. BUGS None. AUTHORS F-Secure Corporation COPYRIGHT Copyright (c) 2008 F-Secure Corporation. All Rights Reserved. SEE ALSO For more information, see F-Secure home page.

  • Page 183: Fsims

    G - 64 support@F-Secure.com fsims (8) fsims Command line tool for switching F-Secure Linux Security software installation mode on or off (F-Secure Install Mode Switcher). fsims on|off Description This tool can be used to switch F-Secure Linux Security into software installation mode and back to normal mode after the new software has been installed.
  • Page 184 RETURN VALUES fsims returns the following return values: 0Operation performed successfully. 1User tried to execute fsims without root privileges. FILES None. EXAMPLES None. NOTES None. BUGS None. AUTHORS F-Secure Corporation COPYRIGHT...
  • Page 185 CHAPTER G G - 66 Copyright (c) 2008 F-Secure Corporation. All Rights Reserved. SEE ALSO fsic(1) For more information, see F-Secure home page.

  • Page 186: Fssetlanguage

    Description This tool can be used to set the default language in F-Secure Linux Security's Web User Interface. The user can still change the language in the Web User Interface, but whenever the product is restarted, the default language selected with this tool will be activated.
  • Page 187 Sets German as the default language. RETURN VALUES fssetlanguage always returns 0. FILES None. EXAMPLES None. NOTES None. BUGS None. AUTHORS F-Secure Corporation COPYRIGHT Copyright (c) 2008 F-Secure Corporation. All Rights Reserved. SEE ALSO For more information, see F-Secure home page.
  • Page 188 Config Files fsaua_config ................70 fssp.conf ..................75 H - 69...
  • Page 189 #enable_fsma=yes # Update servers # This directive controls which update server the Automatic Update Agent tries # to fetch the updates from. If this directive is empty, the master server # hosted by F-Secure is used (see Fallback options below).
  • Page 190 H - 71 # In centrally managed mode, this defaults to the Policy Management Server. # The format is as follows: # update_servers=[http://]<address>[:<port>][,[http://]<address>[:<port>]] # Examples: # update_servers=http://pms # update_servers=http://server1,http://backup_server1,http:// backup_server2 #update_servers= # Update proxies # This directive controls which Policy Manager Proxies the Automatic Update # Agent tries to use.
  • Page 191 H - 72 # This directive controls which HTTP proxies are used by the Automatic # Update Agent # The format is as follows: # http_proxies=[http://][user[:passwd]@]<address>[:port][,[http:// ][user[:passwd]@]<address>[:port]] # Examples: # http_proxies=http://proxy1:8080/,http://backup_proxy:8880/ #http_proxies= # Poll interval # This directive specifies (in seconds) how often the Automatic Update Agent # polls the Update Server for updates.
  • Page 192 # Failover timeout # Specifies the timei after which Automatic Update Agent is allowed to check # for updates from update servers hosted by F-Secure. This is the time elapsed # (in seconds) since the last successful connection with your main update # servers.
  • Page 193 H - 74 # Possible values are: # debug - log all messages # informational - log information on each update check plus # normal - log information on each succesful download and all errors # nolog - log nothing # The default is normal #log_level=normal # Log Facility...
  • Page 194 H - 75 fssp.conf # This is a configuration file for F-Secure Security Platform # Copyright (c) 1999-2006 F-Secure Corporation. All Rights Reserved. # Specify whether the product should scan all files or only the files that # match the extensions specified in the ‘Extensions to Scan’ setting.
  • Page 195 H - 76 odsIncludedExtensions .,acm,app,arj,asd,asp,avb,ax,bat,bin,boo,bz2,cab,ceo,chm,cmd,cnv,com, cpl,csc,dat,dll,do?,drv,eml,exe,gz,hlp,hta,htm,html,htt,inf,ini,js,jse,lnk,lzh, map,mdb,mht,mif,mp?,msg,mso,nws,obd,obt,ocx,ov?,p?t,pci,pdf,pgm,pif, pot,pp?,prc,pwz,rar,rtf,sbf,scr,shb,shs,sys,tar,td0,tgz,tlb,tsp,tt6,vbe,vbs,v wp,vxd,wb?,wiz,wml,wpc,ws?,xl?,zip,zl?,{* # Specify whether executables should be scanned. If a file has any # user/group/other executable bits set, it is scanned regardless of the file # extension. # Possible values: # 0 - No # 1 - Yes odsScanExecutables 0 # Determines whether some paths (either files or directories) will be...
  • Page 196 H - 77 # Determines whether some files can be excluded from scanning. Please note # that the files specified here are excluded from scanning even if they would # be included in scanning according to what is defined in the other scanning # settings # Possible values:...
  • Page 197 H - 78 odsFileScanInsideArchives 1 # Defines how many levels deep to scan in nested archives. It is not # recommended to set this value too high as this will make the product more # vulnerable to DoS (Denial of Service) attacks. If an archive has more nested # levels than the limit, a scan error is generated.
  • Page 198 H - 79 odsFileScanInsideMIME 0 # Defines how password-protected archives should be handled. If set to Yes, # password protected archives are considered to be safe and access is allowed. # Otherwise access is not allowed. # Possible values: # 0 - No # 1 - Yes odsFileIgnorePasswordProtected 1 # Defines what happens when the first infection is found inside an...
  • Page 199 H - 80 odsStopOnFirst 0 # Specify the primary action to take when an infection is detected. # Possible values: # 0 - Do nothing # 1 - Report only # 2 - Disinfect # 3 - Rename # 4 - Delete # 5 - Abort scan # 6 - Custom odsFilePrimaryActionOnInfection 2...
  • Page 200 H - 81 odsFileCustomPrimaryAction # Specify the secondary action to take when an infection is detected and # primary action has failed. # Possible values: # 0 - Do nothing # 1 - Report only # 2 - Disinfect # 3 - Rename # 4 - Delete # 5 - Abort scan # 6 - Custom...
  • Page 201 H - 82 # specify. Custom action script or program receives one parameter, full # pathname of the infected file. odsFileCustomSecondaryAction # Specify the primary action to take when suspected infection is detected. # Possible values: # 0 - Do nothing # 1 - Report only # 3 - Rename # 4 - Delete...
  • Page 202 H - 83 # 3 - Rename # 4 - Delete odsFileSecondaryActionOnSuspected 0 # Set this on to report and handle riskware detections. Riskware is potential # spyware. # Possible values: # 0 - No # 1 - Yes odsScanRiskware 1 # Type of riskware that should not be detected.
  • Page 203 H - 84 # Possible values: # 0 - Do nothing # 1 - Report only # 3 - Rename # 4 - Delete odsFilePrimaryActionOnRiskware 1 # Specify the secondary action to take when riskware is detected and the # primary action has failed. # Possible values: # 0 - Do nothing # 1 - Report only...
  • Page 204 H - 85 # resolution). A recommended upper limit would be, for example, 1 minute. odsFileScanTimeout 60 # Specify the action to take after a scan timeout has occurred. # Possible values: # 0 - Report as Scan Error # 2 - Report as Clean File odsFileScanTimeoutAction 0 # Should actions be taken automatically or should user be prompted to confirm...
  • Page 205 H - 86 # Read files to scan from from standard input. # Possible values: # 0 - No # 1 - Yes odsInput 0 # Print out all the files that are scanned, together with their status. # Possible values: # 0 - No # 1 - Yes odsList 0...
  • Page 206 H - 87 # 0 - No # 1 - Yes odsRaw 0 # In standalone mode a new fsavd daemon is launched for every client. Usually # you do not want this because launching the daemon has considerable overhead. # Possible values: # 0 - No # 1 - Yes...
  • Page 207 H - 88 # 1 - Yes odsFollowSymlinks 0 # If enabled, only infected filenames are reported. # Possible values: # 0 - No # 1 - Yes odsSilent 0 # If enabled, only infected filenames are reported. # Possible values: # 0 - No # 1 - Yes odsShort 0...
  • Page 208 H - 89 # If this setting is on, file access times are not modified when they are # scanned. If a file is modified due to disinfection, then both access and # modify times will change. # Possible values: # 0 - No # 1 - Yes odsFilePreserveAccessTimes 0...
  • Page 209 H - 90 # partial MIME messages are considered safe and access is allowed. Partial # MIME messages cannot reliably be unpacked and scanned. # Possible values: # 0 - No # 1 - Yes odsFileIgnorePartialMime 0 # Defines how MIME messages with broken headers should be handled. If set to # ‘Yes’, broken MIME headers will be considered safe and access is allowed.
  • Page 210 H - 91 # option is not set an error will be reported for large files. # Possible values: # 0 - No # 1 - Yes odsFileSkipLarge 0 # If “On”, the Libra scanning engine is used for scanning files. If “Off”, # Libra is not used.
  • Page 211 # Possible values: # 0 - Off # 1 - On odsUseAVP 1 # F-Secure internal. Do not touch. daemonAvpFlags 0x08D70002 # Set this on to enable riskware scanning with the AVP scan engine. If you set # this off, riskware scanning is not available for clients.
  • Page 212 H - 93 # Possible values: # 0 - Off # 1 - On odsAVPRiskwareScanning 1 # Maximum size of MIME message. Files larger than this are not detected # MIME messages. Increasing this number will increase scan time of large # files.
  • Page 213 # F-Secure Internal. Do not change. This is the directory where in-use # databases are kept. daemonDatabaseDirectory /var/opt/f-secure/fssp/databases # F-Secure internal. Do not change. This is the directory into which new # databases are stored before they are taken into use. daemonUpdateDirectory /var/opt/f-secure/fssp/update # F-Secure internal.
  • Page 214 H - 95 daemonEngineDirectory /opt/f-secure/fssp/lib # If “Yes”, fsavd writes a log file. If “No”, no log file is written. # Possible values: # 0 - No # 1 - Yes daemonLogfileEnabled 0 # Log file location: stderr - write log to standard error stream syslog - # write log to syslog facility Anything else is interpreted as a filename to # write log into.
  • Page 215 H - 96 daemonMaxScanProcesses 4 # FSAV will add the current user-id to the path to make it possible for # different users to run independent instances of the server. daemonSocketPath /tmp/.fsav # Octal number specifying the mode (permissions) of the daemon socket. # chmod(1) and chmod(2) unix manual pages.
  • Page 216 H - 97 # Syslog facility to use when logging to syslog. # Possible values: # auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, syslog, user, uucp, local0, local1, local2, local3, local4, local5, local6, local7 - auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, syslog, user, uucp, local0, local1, local2, local3, local4, local5, local6, local7 daemonSyslogFacility daemon # Obsolete setting.
  • Page 217 # 5 - Warning # 6 - Notice # 7 - Info # 8 - Debug # 9 - Everything debugLogLevel 0 # Specify the full name of the debug logfile. debugLogFile /var/opt/f-secure/fssp/fssp.log # The keycode entered during installation. licenseNumber unset...
  • Page 218 /opt/f-secure/fssp # Unix time() when installation done. installationTimestamp 0 # F-Secure internal. Do not change. Text to be printed every day during # evaluation use. naggingText EVALUATION VERSION - FULLY FUNCTIONAL - FREE TO USE FOR 30 DAYS.\nTo purchase license, please check http:// www.F-Secure.com/purchase/\n...
  • Page 219 H - 100 expiredText EVALUATION PERIOD EXPIRED\nTo purchase license, please check http://www.F-Secure.com/purchase/\n...

This manual is also suitable for:

Linux security 7.02

Table of Contents