Installation And Configuration; Tips; On-Access Scanner Using Preload Libc Library - ESET FILE SECURITY - FOR LINUX BSD AND SOLARIS Installation Manual

will enable the ON_EXEC bit of the Dazuko access mask.
The On-access scanner ensures that all opened, closed and executed files are first scanned by the esets_daemon for viruses.
Depending on the scan results, access to specific files is denied or allowed.
5.2.2

Installation and configuration

The Dazuko kernel module must be compiled and installed within the running kernel before initializing esets_da c . For details
on how to compile and install Dazuko, please see:
http://www.dazuko.org
Once Dazuko is installed, review and edit the [g loba l] and [da c] sections of the ESETS configuration file (esets.cfg). Note that
proper functioning of the On-access scanner is dependent upon configuration of the 'a g ent_ena bled' option within the [da c]
section of this file. Additionally, you must define the file system objects (i.e. directories and files) that are to be monitored by the
On-access scanner. This can be accomplished by defining the parameters of the 'ctl_incl' and 'ctl_excl' options, which are also
located within the [da c] section. After making changes to the esets.cfg file, you can force the newly created configuration to be re-
read by reloading the ESETS daemon.
5.2.3

Tips

To ensure that the Dazuko module loads prior to initialization of the esets_da c daemon, follow these steps:
Place a copy of the Dazuko module in either of the following directories reserved for kernel modules:
/lib/modules
or
/modules
Use the kernel utilities 'depmod' and 'modprobe' (For BSD OS, use 'kldconfig' and 'kldload') to handle dependencies and
successful initialization of the newly added Dazuko module.
In the esets_daemon initialization script '/etc/init.d/esets_daemon', insert the following line before the daemon initialization
statement:
/sbin/modprobe dazuko
For BSD OS's the line
/sbin/kldconfig dazuko
must be inserted into the '/usr/local/etc/rc.d/esets_daemon.sh' script.
W a rning ! It is extremely important that these steps are executed in the exact order given. If the kernel module is not located
within the kernel modules directory it will not properly load, causing system hang-ups.

5.3 On-access scanner using preload LIBC library

In the previous sections we described the integration of the On-access scanner powered by Dazuko with Linux/BSD file system
services. If, however, the use of Dazuko is not feasible, for example for system administrators who maintain critical systems
where:
the source code and/or configuration files related to the running kernel are not available,
the kernel is more monolithic than modular,
the Dazuko module simply does not support the given OS.
In any of these cases, the On-access scanning technique based on the preload LIBC library should be used. See the following
topics in this section for detailed information. Please note that this section is relevant only for Linux OS users and contains
information regarding the operation, installation and configuration of the On-access scanner using the preload library
'libesets_pa c.so' .
11