Do the Scan, Man
Posted on Thu 11 November 2004 by alex in general
This afternoon I was mostly installing href="http://www.networkassociates.com/us/products/mcafee/antivirus/fileserver/linuxshield.htm">LinuxShield
on my desktop and the work servers. I've been instructed to be diplomatic when dealing with IT so I just hunkered on down to it. The install actually comes as an RPM so the install is quite simple:
[root@cambridge alex]# rpm -ivh LinuxShield-1.0.0-452.i386.rpm ... [skip 2 pages to EULA I ignored] ... [answer some server questions] .. LinuxShield can still function without the kernel module, but on-access detection of viruses is disabled. nails.initd: Warning - kernel module /lib/modules/2.6.8.1-10mdk/nai/linuxshield.o does not exist starting the LinuxShield daemon... started pid: 674 starting the LinuxShield monitor gateway... started pid: 682 nailswebd: bad group name nobody /opt/NAI/LinuxShield/apache/bin/apachectl startssl: nailswebd could not be started installer: failed to start the LinuxShield services Failed to complete the installation of LinuxShield, please run /opt/NAI/package/LinuxShield/setup [root@cambridge alex]#
Well almost. Obviously the config file for the bundled apache server was b0rken. Seeing as its an RPM I can just find where the config file is and fix the group name.
[root@cambridge alex]# rpm -qil LinuxShield Name : LinuxShield Relocations: /opt/NAI/package/LinuxShield Version : 1.0.0 Vendor: (none) Release : 452 Build Date: Fri 30 Apr 2004 17:35:38 BST Install Date: Thu 11 Nov 2004 14:36:57 GMT Build Host: bell.buildroom Group : Network Associates Source RPM: LinuxShield-1.0.0-452.src.rpm Size : 14022595 License: 2003,2004 Networks Associates Technology Inc. Signature : (none) Packager : Summary : McAfee On-Access & On-Demand Scanning for Linux Description : McAfee On-Access & On-Demand Scanning for Linux /opt/NAI/package/LinuxShield /opt/NAI/package/LinuxShield/license.txt /opt/NAI/package/LinuxShield/release-452.tar.gz /opt/NAI/package/LinuxShield/setup
Hmmm, looks a little sparse to me. In the end I had to use
strace to see where the config file was hidden.
[root@cambridge alex]# strace -f -e trace=open /opt/NAI/LinuxShield/apache/bin/apachectl start open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/libtermcap.so.2", O_RDONLY) = 3 ... [snipped for brevity] ... [pid 29803] open("/opt/NAI/LinuxShield/apache/conf/httpd.conf", O_RDONLY) = 3 ... [more snippage] ... [pid 29803] open("/etc/group", O_RDONLY) = 4 nailswebd: bad group name nobody Process 29802 resumed Process 29803 detached --- SIGCHLD (Child exited) @ 0 (0) --- /opt/NAI/LinuxShield/apache/bin/apachectl start: nailswebd could not be started
So once I had fixed that I could go to the natty little web-based interface and start the scan of my machine going. And the final result:
So a valuable use of my time? Time to go to the beer festival and drink beer ;-)