Do the Scan, Man

Posted on Thu 11 November 2004 in general

on my desktop and the work servers. I've been instructed to be diplomatic when dealing with IT so I just hunkered on down to it. The install actually comes as an RPM so the install is quite simple:
[root@cambridge alex]# rpm -ivh LinuxShield-1.0.0-452.i386.rpm
...
[skip 2 pages to EULA I ignored]
...
[answer some server questions]
..
LinuxShield can still function without the kernel module, but on-access detection of viruses is disabled.

nails.initd: Warning - kernel module /lib/modules/2.6.8.1-10mdk/nai/linuxshield.o does not exist
starting the LinuxShield daemon...
started pid: 674
starting the LinuxShield monitor gateway...
started pid: 682
nailswebd: bad group name nobody
/opt/NAI/LinuxShield/apache/bin/apachectl startssl: nailswebd could not be started
installer: failed to start the LinuxShield services
Failed to complete the installation of LinuxShield, please run /opt/NAI/package/LinuxShield/setup
[root@cambridge alex]#

Well almost. Obviously the config file for the bundled apache server was b0rken. Seeing as its an RPM I can just find where the config file is and fix the group name.

[root@cambridge alex]# rpm -qil LinuxShield
Name        : LinuxShield                  Relocations: /opt/NAI/package/LinuxShield
Version     : 1.0.0                             Vendor: (none)
Release     : 452                           Build Date: Fri 30 Apr 2004 17:35:38 BST
Install Date: Thu 11 Nov 2004 14:36:57 GMT      Build Host: bell.buildroom
Group       : Network Associates            Source RPM: LinuxShield-1.0.0-452.src.rpm
Size        : 14022595                         License: 2003,2004 Networks Associates Technology Inc.
Signature   : (none)
Packager    :
Summary     : McAfee On-Access & On-Demand Scanning for Linux
Description :
McAfee On-Access & On-Demand Scanning for Linux
/opt/NAI/package/LinuxShield
/opt/NAI/package/LinuxShield/license.txt
/opt/NAI/package/LinuxShield/release-452.tar.gz
/opt/NAI/package/LinuxShield/setup
Hmmm, looks a little sparse to me. In the end I had to use
strace to see where the config file was hidden.
[root@cambridge alex]# strace -f -e trace=open /opt/NAI/LinuxShield/apache/bin/apachectl start
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libtermcap.so.2", O_RDONLY)  = 3
...
[snipped for brevity]
...
[pid 29803] open("/opt/NAI/LinuxShield/apache/conf/httpd.conf", O_RDONLY) = 3
...
[more snippage]
...
[pid 29803] open("/etc/group", O_RDONLY) = 4
nailswebd: bad group name nobody
Process 29802 resumed
Process 29803 detached
--- SIGCHLD (Child exited) @ 0 (0) ---
/opt/NAI/LinuxShield/apache/bin/apachectl start: nailswebd could not be started

So once I had fixed that I could go to the natty little web-based interface and start the scan of my machine going. And the final result:

image0

So a valuable use of my time? Time to go to the beer festival and drink beer ;-)