F-SECURE LINUX SECURITY Manual

Page of 219

Download

Print this page

Bookmark us

F-Secure Linux Security

1 2 3 4 5 6 7 Next › »

Summary of LINUX SECURITY

Page 1
F-secure linux security.
Page 3: Table Of Contents
Table of contents chapter 1: welcome ...........................................................................7 how the product works ...........................................................................................................8 protection against malware ...............................
Page 4
Installing command line scanner only .....................................................................24 using the product with samba servers.....................................................................25 creating a backup ....................................................................
Page 5
Chapter 6: troubleshooting.............................................................67 installing required kernel modules manully .........................................................................68 user interface................................................................................
Page 6
"i want to"..............................................................................................................................92 appendix d: advanced web user interface...................................93 summary...............................................................................
Page 7: Chapter
Chapter 1 welcome computer viruses are one of the most harmful threats to the security of data on computers. While some viruses are harmless pranks, other viruses can destroy data and pose a real threat. Topics: • how the product works • key features and benefits the product provides an integrated, ...
Page 8: How The Product Works
How the product works the product detects and prevents intrusions and protects against malware. With the default settings, computers are protected right after the installation without any time spent configuring the product. Protection against malware the product protects the system against viruses a...
Page 9: Key Features And Benefits
Predefined security profiles which are tailored for common use cases to select the traffic you want to allow and deny. • if an attacker gains a shell access to the system and tries to add a user account to login to the system later, host intrusion prevention system ( hips) detects modified system fi...
Page 10
• integrated firewall component with predefined security levels. Each security level comprises a set of rules that allow or deny network traffic based on the protocols used. Transparent to end-users the product works totally transparently to the end users. • the product has an easy-to-use user inter...
Page 11: Chapter
Chapter 2 deployment topics: • deployment on multiple stand-alone linux workstations • deployment on multiple centrally managed linux workstations • central deployment using image files.
Page 12: Workstations
Deployment on multiple stand-alone linux workstations centrally managed installation with f-secure policy manager installed on a separate computer is recommended. In centrally managed installation mode, f-secure policy manager is used to manage linux computers. The recommended deployment method is t...
Page 13
Follow these steps to make sure that each computer uses a personalized unique id when a disk imaging software is used. 1. Install the system and all the software that should be in the image file, including the product. 2. Configure the product to use the correct f-secure policy manager server. Howev...
Page 15: Chapter
Chapter 3 installation topics: • system requirements • stand-alone installation • centrally managed installation • upgrading • custom installations • creating a backup • uninstallation.
Page 16: System Requirements
System requirements a list of system requirements. Operating system: • asianux 2.0, 3.0 • debian 4.0 • miracle linux 3.0 • red hat enterprise linux 3, 4, 5 • suse linux 9.0, 9.3, 10, 10.1 • opensuse 10.2, 10.3 • suse linux enterprise desktop 10 • suse linux enterprise server 9, 10 • turbolinux 10, 1...
Page 17
Work on any linux distribution that has glibc 2.3.2 or later and linux kernel 2.4 or 2.6, but any product upgrades may not work on unsupported platforms. You should report any issues that you may encounter with other distributions, but we cannot guarantee that they will be fixed. Linux kernel 2.4 or...
Page 18
• /etc/opt/f-secure • /var/opt/f-secure in addition, the installation creates the following symlinks: • /usr/bin/fsav -> /opt/f-secure/fssp/bin/fsav • /usr/bin/fsic -> /opt/f-secure/fsav/bin/fsic • /usr/bin/fsui -> /opt/f-secure/fsav/bin/fsui • /usr/share/man/man1/fsav.1 -> /opt/f-secure/fssp/man/fs...
Page 19: Stand-Alone Installation
Cpu the load on the processor depends on the amount of file accesses on the system, as the on-access scanner scans every file that is opened, closed and executed. The cpu usage grows when many users are logged in to the system at the same time. Some software products are designed to access many file...
Page 20
Note: if you want to disable some features of the product completely, run the fschooser command-line utility. Centrally managed installation in centrally managed mode, the product is installed locally, and it is managed with f-secure policy manager that is installed on a separate computer. Centrally...
Page 21: Upgrading
For more information about the fsav-config utility and the settings you can configure with it, see the man page for fsav-config. Note: if you want to disable some features of the product completely, run the fschooser command-line utility. Upgrading you can upgrade the evaluation version or a previou...
Page 22
Note: when you upgrade from f-secure linux server security 5.Xx or earlier, the upgrade removes your previous keycode and the product is running in the evaluation version. Upgrade the evaluation version to full product version before using the product. Uninstalling earlier version the earlier versio...
Page 23: Custom Installations
3. Enter the keycode to upgrade to the licensed version of the product. Enter the keycode in the format you received it, including the hyphens that separate sequences of letters and digits. After you have entered the keycode, the evaluation version is upgraded to the full version. To upgrade the eva...
Page 24
Where mode is standalone for the standalone installation or managed for the centrally managed installation. If mode is managed, you have to provide the url to f-secure policy manager server and the location of the administrator public key, for example: fspms=http://fspms.Company.Com/ adminkey=/root/...
Page 25
The installation mode is designed for users migrating from f-secure anti-virus for linux 4.6x series and for users who do not need the real-time protection, integrity checking, web user interface or central management, for example users running amavis mail virus scanner. Use the following command li...
Page 26
In web user interface, go to advanced mode . 1. 2. Select firewall . 3. On the firewall page, select profile you want to use to the profile to edit field. 4. Click add rule . 5. Enter, for example, [mynetwork] in the remote host field and add a short description for the rule. 6. Select windows netwo...
Page 27: Creating A Backup
Creating a backup you can backup and restore all product data. To backup all relevant data, run the following commands: # /etc/init.D/fsma stop # /etc/init.D/fsaua stop # tar cpsf .Tar /etc/init.D/fsma /etc/init.D/fsaua /etc/opt/f-secure /var/opt/f-secure /opt/f-secure # /etc/init.D/fsaua start # /e...
Page 29: Chapter
Chapter 4 administering the product topics: • basics of using f-secure policy manager • accessing the web user interface • testing the antivirus protection.
Page 30
Basics of using f-secure policy manager in the centralized administration mode, f-secure policy manager console is used to change settings and view statistics of the f-secure products. If your corporate network utilizes f-secure policy manager to configure and manage f-secure products, you can add t...
Page 31
3. Select f-secure panel applet from the list of installed gnome panel applets. • if you are not using gnome, enter fsui command from the command line. 2. Double-click the product icon in the system tray to open the web user interface. After the product icon is installed to the system tray, you can ...
Page 33: Chapter
Chapter 5 using the product the web user interface is available locally in the following address: http://localhost:28080/fsecure/webui/ topics: • summary • scanning for viruses • firewall protection if you allow the remote access to the web user interface, you can access it with the following https ...
Page 34: Summary
Summary the summary page displays the product status and the latest reports. The product status displays the protection status and any possible errors or malfunctions. You can turn virus protection and integrity protection on and off and change the firewall protection level on the summary screen. Th...
Page 35
1. Create a new service. A) select the network services in the advanced mode menu. B) define a unique name for the service in the service name field. C) enter a descriptive comment in the description field to distinguish this service from other services. D) select a protocol number for the service f...
Page 36
H) click add service to this rule . The service is added to the new rule. I) if you do not want to add other services to the same rule, click add to firewall rules . Each rule must have at least one service. If the rule contains a new service, make sure you have saved the service list in the network...
Page 37: Scanning For Viruses
Important: if you install software without the software installation mode when integrity checking monitors updated files, you may be unable to install or use the new software. For example, integrity checking may prevent a kernel update from booting properly as new drivers are not in the baseline. Ba...
Page 38
Viruses a virus is usually a program that can attach itself to files and replicate itself repeatedly; they can alter and replace the contents of other files in a way that may damage the computer. A virus is a program that is normally installed without users knowledge on the computer. Once there, the...
Page 39
• nettool • porn-dialer • porn-downloader • porn-tool • proxy • pswtool • remoteadmin • risktool • server-ftp • server-proxy • server-telnet • server-web • tool list of platforms • apropos • bat • casino • clearsearch • dos • drweb • dudu • esafe • html • java • js • linux • lop • macro • maxifiles ...
Page 40
• solomon • symantec • trendmicro • unix • vba • vbs • win16 • win32 • wintol • zenosearch rootkits rootkits are programs that make other malware difficult to find. Rootkit programs subvert the control of the operating system from its legitimate functions. Usually, a rootkit tries to obscure its ins...
Page 41
The product can scan specified files and directories, any removable media (such as portable drives) and downloaded content automatically. The product guards the computer for any changes that may indicate malware. How does real-time scanning protect your computer? Real-time scanning protects the comp...
Page 42
Note: if you have the nautilus-actions package installed, scan actions are integrated into the right-click menu in gnome file manager. Methods of protecting the computer from malware there are multiple methods of protecting the computer from malware; deciding which method to use depends on how power...
Page 43
Suspected files select the primary and secondary actions to take when heuristics scanning engine finds a suspected file. In the i want to... Page in the web user interface, click modify advanced settings... To view and configure advanced virus scanning settings. 1. Select the primary action to take ...
Page 44
Note: if scan on open and scan on execute are turned off, nothing is scanned even if scan only executables is enabled. 3. Define whitelisted executables which may access any files. The virus scan does not block any file accesses from whitelisted executables. Note: be sure that you can trust the exec...
Page 45
3. Select how to treat password protected archives. Password protected archives cannot be scanned for viruses. • turn on treat password protected archives as safe to allow access to password protected archives. The user who opens the password protected archive should have an up-to-date virus protect...
Page 46
After configuring the risware scanning settings, configure how alerts and reports are handled in the alerts page. Scanning the computer manually you can scan the computer for viruses manually to make sure that specified files or every possible file is checked for viruses. Action on virus infection d...
Page 47
By default, the primary action for suspected files is report only . 2. Select the secondary action. The secondary action takes place if the primary action cannot be performed. After configuring the suspected file settings, configure how alerts and reports are handled in the alerts page. Select what ...
Page 48
In the i want to... Page in the web user interface, click modify advanced settings... To view and configure advanced virus scanning settings. 1. Turn on scan inside archives if you want to scan files inside archives. Note: when the archive scanning is enabled, some e-mail clients may stop processing...
Page 49
Use the following format to specify riskware you want to exclude and separate each entry with a semicolon (;) category.Platform.Family where category, platform or family can be * wildcard. For example, client-irc.*.* excludes all riskware entries in the client-irc category. After configuring the ris...
Page 50: Firewall Protection
3. Add directories that should be scanned to the directories to scan box. Add one directory per line. 4. Click save task to add the scheduled scanning task into the schedule. A scheduled scan can take several hours, so it is a good idea to run it when the system is idle, for exampe during the night....
Page 51
What are security profiles? Firewall security profiles define the level of protection on the computer. Each security profile has a predefined set of firewall rules, which define the type of traffic that is allowed to or denied from your computer. To some levels you can also add rules that you have c...
Page 52
Description security profile allows all inbound and outbound network traffic. Disabled how are security profiles related to firewall rules and services? A security profile consists of several firewall rules. A firewall rule consists of several firewall services. Services are defined by the protocols...
Page 53
Firewall rules firewall rules define what kind of internet traffic is allowed or blocked. Each security level has a predefined set of firewall rules, which you cannot change. The selected security level affects the priority which your own rules receive in relation to the predefined rules. A firewall...
Page 54
• responder port: the port on the computer where the connection ends. Whether the port on the computer is an initiator port or responder port depends on the direction of the traffic: • if the firewall service is for outbound traffic, the initiator port is the port on your own computer. The responder...
Page 55
Select firewall rules in the advanced mode menu to create a firewall rule that uses the service you have defined. A) b) select the profile where you want to add a new rule and click add new rule to create a new rule. C) select accept or deny as a rule type to choose whether the rule allows or denies...
Page 56
An example of how the priority order works following examples clarify how you can control which rules are applied to a specific network traffic by changing the order of firewall rules. • you have added a rule that denies all outbound ftp traffic. Above the rule in the rules list, you add another rul...
Page 57: Integrity Checking
4. Add network interfaces to the trusted network interfaces list and separate each entry with a comma. All traffic to trusted network interfaces is allowed. Integrity checking integrity checking protects important system files against unauthorized modifications. You can use integrity checking to blo...
Page 58
• select unmodified to display all baselined files that have not been modified. • select all to display all files in the known files list. 2. If you want to limit the search by the filename, enter any part of the filename of the monitored file you want to view in the known files list to the filename...
Page 59
1. Enter the filename of the file you want to monitor to the filename field. If you want to add more than one file, separate each filename with a space. 2. Select the protection method you want to use. • select monitor to only monitor the file. Monitored file may be modified. • select protect to den...
Page 60
When the software installation mode is enabled, any process can load any kernel modules regardless whether they are in the baseline or not and any process can change any files in the baseline, whether those files are protected or not. The real-time scanning is still enabled and it alerts of any malw...
Page 61
Note: the default list of known files is generated upon installation, and contains the most important system files. The list of files differs between distributions. Run /opt/f-secure/fsav/bin/fslistfiles to retrieve the exact list of files. Baseline passphrase the baseline has to be signed to preven...
Page 62: General Settings
The kernel module verification protects the system against rootkits by preventing unknown kernel modules from loading. When the kernel module verification is on, only those kernel modules that are listed in the known files list and which have not been modified can be loaded. If the kernel module ver...
Page 63
Description syslog priority severity level recoverable error on the host. Err error for example, the virus definition database update is older than the previously accepted version. Unrecoverable error on the host that requires emerg fatal error attention from the administrator. For example, a proces...
Page 64
Click alerts to highlight them and click mark highlighted as read to flag them as read. • • click delete highlighted to delete all highlighted alerts. Note: you can delete or mark multiple messages as read simultaneously. Select how old and which alert severity messages you want to edit and click pe...
Page 65
Automatic updates f-secure automatic update agent keeps the protection on your computer updated. F-secure automatic update agent retrieves the latest updates to your computer when you are connected to the internet. Information about the latest virus definition database update can be found at: http:/...
Page 66
D) select whether a virus scan should be launched automatically after the virus definitions have been updated. The virus scan scans all local files and directories and it can take a long time. The scan uses the manual scanning settings. By default, the scan is not launched automatically. 5. Configur...
Page 67: Chapter
Chapter 6 troubleshooting topics: • installing required kernel modules manully • user interface • f-secure policy manager • integrity checking • firewall • virus protection • generic issues.
Page 68: User Interface
Installing required kernel modules manully you may need to install required kernel modules manualy if you forgot to use software installation mode and the system is not working properly or in large installations when some hosts do not include development tools or kernel source. Make sure that the ru...
Page 69: F-Secure Policy Manager
I cannot log in to the web user interface. What can i do? On some distributions, you have to comment (add a hash sign (#) at the beginning of the line) the following line in /etc/pam.D/login : # auth requisite pam_securetty.So the f-icon has a red cross over it, what does it mean? When the f-icon in...
Page 70: Integrity Checking
My network stopped working after i upgraded the product, how can i fix this? You have to upgrade the mib file in your f-secure policy manager installation, otherwise the upgraded product uses the server firewall profile, which blocks virtually all traffic. Integrity checking troubleshooting issues w...
Page 72: Virus Protection
4. Click add as a new service and save . 5. Go to the firewall menu and click firewall rules . 6. Click add new rule . 7. Create the following rule: • type : accept • remote host : [mynetwork] • description : windows networking local browsing • service (select box): windows networking local browsing...
Page 73
How do i enable the debug log for real-time virus scanner? In policy manager console, go to product ➤ settings ➤ advanced and set fsoasd log level to debug. In standalone installation, run the following command: /opt/f-secure/fsma/bin/chtest s 44.1.100.11 9 the log file is in /var/opt/f-secure/fsav/...
Page 74: Generic Issues
/opt/f-secure/fsma/bin/chtest s 45.1.70.10 1 does the real-time scan scan files when they are renamed or linked? The real-time scan can scan files every time they are opened, closed or executed. It does not scan them when you rename or create or remove a link to a file. Generic issues generic troubl...
Page 75
Rm -rf /etc/opt/f-secure/fsma rm -rf /opt/f-secure/fsav rm -rf /opt/f-secure/fsma system is very slow. What is causing this? The real-time virus scan and integrity checking can slow down the system. 1. Use basic linux tools (top and vmstat) to check what is slowing down the system. 2. Make sure that...
Page 76
I get reports that "f-secure status daemon is not running", how can i start it? Sometimes, after a hard reset for example, f-secure status daemon may fail to start. Restart the product to solve the issue: /etc/init.D/fsma restart . Alternatively, you may start f-secure status deamon manually: /opt/f...
Page 77: Appendix
Appendix a command line tools for more information on command line tools and options, see man pages. Topics: • fsav • fsav-config • dbupdate • fsfwc • fsic • fsims • fsma • fssetlanguage • fschooser.
Page 78: Fsav
Fsav fsav is a program that scans files for viruses and other malicious code. Fsav scans specified targets (files or directories) and reports any malicious code it detects. Optionally, fsav disinfects, renames or deletes infected files. Follow these instructions to scan files from the shell: • to sc...
Page 79
1. Use the following command to create the initial product configuration: /opt/f-secure/fsav/fsav-config the script will display some questions. The default value is shown in brackets after the question. Press enter to select the default value. 2. Select the language you want to use in the web user ...
Page 80: Dbupdate
8. Select whether you want add currently installed kernel modules to the integrity checker known files list and generate the baseline. Would you like to enable linux kernel module verification [yes]? 9. Enter the baseline passphrase. Please insert passphrase for hmac creation (max 80 characters) dbu...
Page 81: Fsic
Fsic you can create the baseline, add files to the baseline and verify the baseline with the fsic command line tool. 1. To create the baseline, follow these instructions: a) run the fsic tool with the --baseline option: fsic --baseline b) enter a passphrase to create the signature. A new baseline ha...
Page 82: Fsma
Fsma you can use fsma command to check the status of the product modules. Run the following command: /etc/init.D/fsma status description process module stores alerts to a local database. Alerts can be /opt/f-secure/fsav/sbin/ fsadhd f-secure alert database handler daemon viewed with the web user int...
Page 83: Fssetlanguage
Description process module handles the web user interface. /opt/f-secure/fsav/tomcat/bin/ catalina.Sh start f-secure fsav web ui stores alerts that can be viewed with the web user interface. /opt/f-secure/common/postgresql/bin/ startup.Sh f-secure fsav postgresql daemon fssetlanguage you can use the...
Page 85: Appendix
Appendix b before you install topics: note: some distributions run prelink periodically from cron to make linked libraries run faster. Run this manually • 64-bit distributions if it is not run automatically before you activate the integrity checker. • distributions using prelink • red hat enterprise...
Page 86: 64-Bit Distributions
64-bit distributions some 64-bit distributions do not install 32-bit compatibility libraries by default. Make sure that these libraries are installed. The name of the compatibility library package may vary, see the documentation of the distribution you use for the package name for 32-bit compatibili...
Page 87
To use prelinking, you have to turn on the software installation mode before prelinking and turn it off when prelinking is finished. This allows the prelink to make the changes in system files in a controlled way. For example: # /opt/f-secure/fsav/bin/fsims on # prelink -a # /opt/f-secure/fsav/bin/f...
Page 88: Debian
• kernel-smp-devel to see which kernel is in use, enter the following command: uname -r for the 'f-icon' system tray applet to work, the following rpm packages are required: • kdelibs • compat-libstdc++ install the rpms from system cds either with command rpm -ivh , applications ➤ system settings ➤ ...
Page 89: Suse
Sudo apt-get install linux-headers-`uname -r` suse the following steps are required to install the product on a computer running suse linux. These instructions have been tested on the following suse versions: 9.1, 9.2, 9.3, 10.0, 10.1. Make sure that the following packages are installed. You can use...
Page 90: Ubuntu
Turbolinux 11 for dazuko kernel module compilation, you need to install the same packages as in turbolinux 10. Use the following commands: cd /usr/src/linux-2.Major.Minor ./setupkernelsource.Sh architecture make oldconfig where major.Minor is the kernel version and architecture is either i686 , i686...
Page 91: Appendix
Appendix c basic web user interface following tables display the settings that appear on the basic web user interface. Topics: • "i want to".
Page 92: "i Want To"
"i want to" the following user interface controls appear on the main user interface ➤ i want to page. Description element use this wizard to manually scan for malware. You can select files and/or directories to scan. Scan the computer for malware use this wizard to create a firewall rule. If you cre...
Page 93: Appendix
Appendix d advanced web user interface following tables display the settings that appear on the advanced web user interface. Topics: • summary • alerts • virus protection • firewall • integrity checking • general settings.
Page 94: Summary
Summary the following user interface controls appear on the advanced user interface ➤ summary page. Description element when enabled, all file accesses done by the virus protection system is scanned for malware. This also needs to be enabled for on-access integrity checking. Specifies the currently ...
Page 95: Virus Protection
Description element * select read to view alerts you have already viewed. 2. Select the severity of security alerts you want to view. For more information, see “alert severity levels”, 38. Click alerts to highlight them and click mark highlighted as read to flag them as read messages. Click delete h...
Page 96
Description element the file, if successful access is allowed. Rename = deny access. Rename the infected file to .Virus extension. Delete = deny access. Delete the infected file. Deny access = deny access. Do not send an alert. If both primary and secondary actions fail, access is denied and a secur...
Page 97
Description element is applied. If also the secondary actions fails an alert is sent describing the failed actions. Directories listed here will not be scanned. Files and directories excluded from scanning specify the names of the directories to be excluded from scanning. Use full, absolute path. En...
Page 98
Description element defines how many levels deep to scan in maximum number of nested archives nested archives. It is not recommended to set this value too high as this will make the product more vulnerable to dos (denial of service) attacks if an archive has more nested archives than the limit, a sc...
Page 99
Description element deny access = deny access. Do not send an alert. If the primary action fails, the secondary action is applied. If also the secondary actions fails an alert is sent describing the failed actions. Specify the secondary action to take when secondary riskware action riskware is detec...
Page 100
Description element see 'man crontab' for allowed values for minute, hour, day of month, month and day of week fields. Manual scanning the following user interface controls appear on the advanced user interface ➤ virus protection ➤ manual scanning page. Description element specify the primary action...
Page 101
Description element specify the secondary action to take when an secondary action infection is detected and the primary action has failed. Do nothing = do nothing. (only show the infection to the user.) report only = only send an alert. Disinfect = attempt to disinfect the file. Rename = rename the ...
Page 102
Description element if the primary action fails, the secondary action is applied. If also the secondary actions fails an alert is sent describing the failed actions. Specify the secondary action to take when secondary action on suspected files suspected infection is detected and the primary action h...
Page 103
Description element included in scanning according to what is defined in the other scanning settings determines whether some paths (either files files and directories excluded from scanning or directories) will be excluded from scanning. Use full, absolute path name. Type each path on its own line. ...
Page 104
Description element scanning will stop on the first infection. Otherwise the whole archive is scanned. Set this on to report and handle riskware detections. Riskware is potential spyware. Scan for riskware specify the primary action to take when primary riskware action riskware is detected. Do nothi...
Page 105: Firewall
Description element if this setting is on, file access times are not preserve access times modified when they are scanned. If a file is modified due to disinfection, then both access and modify times will change. Firewall following tables display the firewall settings. General settings the following...
Page 106
Description element comma. All traffic to and from these interfaces will be allowed. Rules the following user interface controls appear on the advanced user interface ➤ firewall ➤ firewall rules page. Description element this table contains the names and descriptions profile to edit of the security ...
Page 107: Integrity Checking
Description element officially assigned ports are available from: ftp://ftp.Iana.Org/assignments/port-numbers integrity checking following tables display the integrity checking settings. Known files the following user interface controls appear on the advanced user interface ➤ integrity checking ➤ kn...
Page 108: General Settings
Description element match baseline, allowing all kernel modules to load. If enabled, integrity checking will write protect write protect kernel memory kernel memory (/dev/kmem). No yes report if disabled, integrity checking will not write protect kernel memory (/dev/kmem). If report only, integrity ...
Page 109
Description element specifies where the alerts are sent based on their severity classification. Alert forwarding the address of the smtp server in the form server [:] where "host" is the dns-name or ip-address of the smtp server, and "port" is the smtp server port number. For details see rfc 2821 sp...
Page 110
Automatic updates the following user interface controls appear on the advanced user interface ➤ general ➤ automatic updates page. Description element enable or disable automatic checking for new updates enabled updates. If set to 'disabled', automatic update agent will not automatically check for an...
Page 111
Description element to an update server or pm proxy go through http proxy. If an http proxy cannot be reached, automatic update agent will fall back to using a direct connection. User-defined http proxy address - this is used http proxy address if 'use http proxy' is set to 'user-defined'. This can ...
Page 113: Appendix
Appendix e list of traps integrity checking the list of fsic traps: description severity trap number integrity checking baseline generated at host security alert 710 integrity checking baseline verification failed. Baseline has security alert 711 been compromised or the passphrase used to verify the...
Page 114
Description severity trap number database update started informational 60 database update finished informational 61 on-access virus alert security alert 100 process started informational 150 process stopped informational 151 process crashed fatal error 152 process failed to start fatal error 153 f-s...
Page 115
Virus definition database verification the list of daas traps. Description severity trap number extra files were detected in the database update package warning 506 the package has been modified warning 512 bad or missing manifest file warning 513 bad or missing manifest file certificate warning 514...
Page 116
Description severity trap number the publisher's certificate in the package has been revoked with high severity warning 531 bad or missing revocation file warning 535 there was not enough memory to complete the operation warning 550 a file i/o error occurred during the operation warning 551 unsuppor...
Page 117
Description severity trap number process failed to start fatal error 153 firewall enabled informational 801 firewall disabled error 802 could not set firewall rules error 803 firewall rules updated informational 804 anti-virus the list of on-access scanner traps description severity trap number proc...
Page 118
Description severity trap number integrity checking fatal error security alert 700 integrity checking hash calculation failed security alert 720 integrity checking file attribute check failed security alert 721 integrity checked file compromised security alert 730 integrity checker prevented a modif...
Page 119: Appendix
Appendix f get more help the fsdiag report, which is generated by the f-secure diagnostics tool, contains vital information from your system. The information is needed by our support engineers so that they can solve your problem. After you run fsdiag , the fsdiag.Tar.Gz report file is created on the...
Page 120
G - 1 g man pages fsav............................................................................................... 2 fsavd........................................................................................... 32 dbupdate...........................................................................
Page 121: Fsav
Chapter g g - 2 support@f-secure.Com fsav (1) fsav command line interface for f-secure security platform fsav options target ... Description fsav is a program that scans files for viruses and other malicious code. Fsav scans specified targets (files or directories) and reports any maliciouscode it d...
Page 122
Chapter g g - 3 synonym to --virus-action2, deprecated. --action1-exec=program f-secure security platform runs program if the primary action is set to custom/exec. --action2-exec=program f-secure security platform runs program if the secondary action is set to custom/exec. --action-timeout={e,c} wha...
Page 123
Chapter g g - 4 file : use the configuration file based management method optionally using path as the configuration file instead of the default configuration file (/etc/opt/f-secure/fssp/ fssp.Conf ). Fsma : use the f-secure policy manager based management method optionally specifying the oid used ...
Page 124
Chapter g g - 5 is on. (in previous versions, this option was called 'dumb'.) --exclude=path do not scan the given path. --exclude-from=file do not scan paths listed in the file. Paths should be absolute paths ending with a newline character. --extensions=ext,ext,... Specify the list of filename ext...
Page 125
Chapter g g - 6 list all files that are scanned. --maxnested=value should be used together with the --archive option. Set the maximum number of nested archives (an archive containing another archive). If the fsav encounters an archive that contains more nested archives than the specified value, it r...
Page 126
Chapter g g - 7 ignore password-protected archives. Note: certain password- protected archives are reported as suspected infections instead of password-protected archives. --preserveatime[={on,off,yes,no,1,0}] preserve the last access time of the file after it is scanned. If the option is enabled, t...
Page 127
Chapter g g - 8 other executable bits set, it is scanned regardless of the file extension. --scantimeout=value set a time limit in seconds for a single file scan or disinfection task. If scanning or disinfecting the file takes longer than the specified value, fsav reports a scan error for the file. ...
Page 128
Chapter g g - 9 show the status of the fsavd scanning daemon and exit. If the daemon is running, the exit code is zero. Otherwise, the exit code is non-zero. Note: usually, a scanning daemon which is not running is not an error, as fsav launches the daemon before the scan by default. The daemon that...
Page 129
Chapter g g - 10 follow symbolic links. Symbolic links are not followed by default. --usedaemon[={on,off,yes,no,1,0}] use the existing daemon to scan files. Fsavd must be running or the command fails. See fsavd(8) for more information. If the connection to the server fails, fsav generates an error. ...
Page 131
Chapter g g - 12 explanation: partial mime messages are splitted into several files and cannot be scanned. Typically, the message contains the following header information 'content- type: message/partial;'. Mime decompression error. Explanation: scanned mime message uses non-standard encoding and ca...
Page 132
Chapter g g - 13 the default primary action is disinfect and the default secondary action is rename. Fsav must have write access to the file to be disinfected. Disinfection is not always possible and fsav may fail to disinfect a file. Especially, files inside archives cannot be disinfected. Infected...
Page 133
Chapter g g - 14 fsav warnings are written to the standard error stream (stderr). Warnings do not stop the program. Fsav ignores the reason for the warning and the execution continues as normal. Unknown option '' in configuration file line explanation: the configuration file contains an unknown opti...
Page 134
Chapter g g - 15 explanation: the mimescanning field in the configuration file has an incorrect value. Resolution: edit the configuration file and set the mimescanning field to one of the fol- lowing: 1 or 0. Restart fsav to take new values in use. Illegal scan executables value '' in configuration ...
Page 135
Chapter g g - 16 maximum scan engine instances value '' is out of range in configuration file line explanation: the engineinstancemax field in the configuration file is less than zero or more than long_max. Resolution: edit the configuration file. Scan timeout value '' is not valid in configuration ...
Page 136
Chapter g g - 17 edit configuration file and set the action field to one of the following: report, disinfect, clean, rename, delete, remove, abort, custom or exec. Restart fsav to take new val- ues in use. Unknown syslog facility '' in configuration file line explanation: the syslogfacility ield in ...
Page 137
Chapter g g - 18 invalid socket path '': . Explanation: the user has given invalid socket path from configuration file or from command-line, either socket does not exist or is not accessible. Resolution: fsav exits with fatal error status (exit code 1). The user has to correct the command-line param...
Page 138
Chapter g g - 19 not exist, is not accessible or is too long in the configuration file. Resolution: the user has to correct the path and start fsav again. Scan engine directory '' is not valid: explanation: the user has entered a scan engine directory path which either does not exist, is not accessi...
Page 139
Chapter g g - 20 explanation: the user has given a file path to the input option which either does not exist or is not accessible. Resolution: the user has to correct command-line options and try again. Illegal command line option value ''. Explanation: the user has entered an unknown command-line o...
Page 140
Chapter g g - 21 explanation: the user has tried to request the server version with version but the request processing failed. Resolution: the server is not running. The product may be installed incorrectly. The installdirectory is either missing or wrong in the configuration file. The system may be...
Page 141
Chapter g g - 22 explanation: the file re-scanning failed because the connection to server is broken. Resolution: the server has died unexpectly. The user should restart the server and try to scan the file again. If the problem persists, the user should send a bug report and a file sample to f-secur...
Page 142
Chapter g g - 23 resolution: the database update process does not have proper rights to create the flag file and fails. The user has to make sure the update process runs with proper rights or the database directory has proper access rights. Could not open lock file ''. Explanation: the database upda...
Page 143
Chapter g g - 24 resolution: fsavd is halted. The user should stop fsavd, remove the update flag file, do database update and start fsavd again. Database update failed, restored old ones. Explanation: the database update process has failed to perform the update but suc- ceeded to restore the databas...
Page 144
Chapter g g - 25 resolution: the user has to move the file to a shorter path and try to scan the file again. : error: could not open the file [] explanation: the scan engine could not open the file for scanning because the scan engine does not have a read access to the file. Resolution: the user has...
Page 145
Chapter g g - 26 resolution: the file is probably corrupted and cannot be scanned. : error: could not write to file [] explanation: the disinfect failed because of write to file failed. Resolution: the file is write-protected, archive or corrupted and cannot be disin- fected. : error: internal error...
Page 146
Chapter g g - 27 to be scanned. If the same error message appears every time the file is scanned, either exclude the file from the scan or send a sample file to f-secure anti-virus research. See the instructions for more information. Exit codes fsav has following exit codes: 0 normal exit; no viruse...
Page 147
Chapter g g - 28 suspicious files found; these are not necessarily infected by a virus. 9 scan error, at least one file scan failed. 130 program was terminated by pressing ctrl-c, or by a sigterm or suspend event. Fsav reports the exit codes in following priority order: 130, 7, 1, 3, 4, 8, 6, 9, 0. ...
Page 148
Chapter g g - 29 $ fsav --archive --scantimeout=180 --allfiles /mnt/ smbshare scan and list files with '.Exe' or '.Com' extension in a directory '/mnt/smbshare': $ fsav --list --extensions='exe,com' /mnt/smbshare scan and disinfect or rename infected/suspected files without confirmation: $ fsav --vi...
Page 149
Chapter g g - 30 check fsav, fsavd, scan engine and database versions: $ fsav --version notes nested archives may cause scan engine failures, if the archive scanning is enabled. The --maxnested option may be used to limit nested archive scanning and to pre- vent scan engine failures. The amount of n...
Page 150
Chapter g g - 31 for more information, see f-secure home page..
Page 151: Fsavd
Chapter g g - 32 support@f-secure.Com fsavd (8) fsavd f-secure security platform daemon fsavd options description fsavd is a scanning daemon for f-secure security platform. In the startup it reads the configuration file (the default configuration file or the file specified in the command line) in th...
Page 152
Chapter g g - 33 file : use the configuration file based management method optionally using path as the configuration file instead of the default configuration file (/etc/opt/f-secure/fssp/ fssp.Conf ). Fsma : use the f-secure policy manager based management method optionally specifying the oid used...
Page 153
Chapter g g - 34 if the path contains non-existing directories, the directories are created and the directory permission is set to read/write/exec permission for owner and read/exec permission for group and others. Created directories will have sticky bit on by default. Directory permissions can be ...
Page 154
Chapter g g - 35 --help show command line options and exit. --version show f-secure security platform version and dates of signature files, and exit. Logging fsavd logs scan failures, infected and suspected files to the fsavd's log file defined with the logfile fsavd writes errors during start-up to...
Page 155
Chapter g g - 36 file disinfect failed. Explanation: fsavd reports that all the scan engines failed to disinfect the file. File infected: [] explanation: the scan engine reports that the file was found infected. File contains suspected infection: [] explanation: the scan engine reports that the file...
Page 156
Chapter g g - 37 resolution: fsavd tries to proceed. The user has to edit configuration file and set the archivescanning field to one of the following: 1, 0, on, off, yes, or no. The user has to restart fsavd to take values in effect. Illegal mime scanning value '' in configuration file line explana...
Page 157
Chapter g g - 38 explanation: the scantimeout field in the configuration file is not a valid number. Resolution: fsavd tries to proceed. The user has to edit the configuration file and restart fsavd. Scan timeout value '' is out of range in configuration file line explanation: the timeout field in t...
Page 158
Chapter g g - 39 resolution: fsavd tries to proceed. The user has to edit the configuration file and try again. Maximum scan engine instances value '' is out of range in configuration file line explanation: the engineinstancemax field in the configuration file is less than zero or more than long_max...
Page 159
Chapter g g - 40 resolution: fsavd has noticed the scan engine has died. Fsavd tries to restart the scan engine. If the scan engine was scanning a file, the file is reported to be failed to scan. Database file not needed and should be deleted. Explanation: the scan engine reports that the database d...
Page 160
Chapter g g - 41 user needs to perform database update and possibly restart fsavd if fsavd fails to start scan engine automatically. Database file is corrupted. Explanation: the scan engine reports that the database file is not a valid database file in the database directory. Resolution: the scan en...
Page 161
Chapter g g - 42 explanation: the scan engine is not responding to the keep-alive messages and it has not reported scan nor initialization statuses for a limited time period (300 sec- onds). The problem may be in a file which the scan engine is scanning. If the user can recognize the source as a pro...
Page 162
Chapter g g - 43 rect library calls from the library. Resolution: fsavd exits with error status. Scan engine shared libraries are corrupted. Product needs to be re-installed. Options parsing failed. Explanation: the user has given an unknown option or an option value from the com- mand-line. Resolut...
Page 163
Chapter g g - 44 resolution: the user has to correct the path and start fsavd again. Scan engine directory '' is not valid in configuration file at line : explanation: the user has entered a scan engine directory path which either does not exist, is not accessible or is too long from the configurati...
Page 164
Chapter g g - 45 stat for database index file failed: explanation: the database directory path (set in the configuration file or from the command-line) is not correct and fsavd cannot find the dbindex.Cpt file. Resolution: fsavd exits with error status. The user has to give the correct database path...
Page 165
Chapter g g - 46 start fsavd as a background daemon process using the default configuration file: $ fsavd start fsavd as a foreground process using the default configuration file: $ fsavd --nodaemon start fsavd as a background daemon process using 'fssp-test.Conf' as a configuration file: $ fsavd --...
Page 166
Chapter g g - 47 dbupdate(8), fsav(1) for more information, see f-secure home page..
Page 167: Dbupdate
Chapter g g - 48 support@f-secure.Com dbupdate (8) dbupdate virus definition database update for f-secure security platform dbupdate --help --auto parameters --help show the short help of command line options and exit. --auto do not download databases synchronously but update data- bases previously ...
Page 168
Chapter g g - 49 scheduled update over network typically, dbupdate is started from cron(8) frequently with the following command: dbupdate --auto . This takes into use updates that f-secure automatic update agent has the previously downloaded. Operation if new databases are available, database files...
Page 169
Chapter g g - 50 51 could not extract update. Extracting database update failed, probably because lack of free disk space. Exit value 0 nothing was updated since no new updates were available. 1 an error has occurred. See program output and /var/opt/f- secure/fssp/dbupdate.Log for details. 2 virus d...
Page 170
Chapter g g - 51 fsav(1) and fsavd(8) for more information, see f-secure home page..
Page 171: Fsfwc
Chapter g g - 52 support@f-secure.Com fsfwc (1) fsfwc command line interface for firewall daemon fsfwc options description with this tool firewall can be set to different security levels. If invoked without any options, it will show current security level and minimum allowed. Options --mode {block,s...
Page 172
Chapter g g - 53 profile for roadwarririors: ssh and vpn pro- tocols are allowed. Dhcp, http, ftp and common email protocols are allowed. All incoming connections are blocked. Office profile for office use. It is assumed that some external firewall exists between inter- net and the host. Any outgoin...
Page 173
Chapter g g - 54 4invalid arguments authors f-secure corporation copyright copyright (c) 1999-2008 f-secure corporation. All rights reserved. See also for more information, see f-secure home page..
Page 174: Fsic
Chapter g g - 55 support@f-secure.Com fsic (1) fsic command line interface for integrity checker fsic options target ... Description f-secure integrity checker will monitor system integrity against tampering and unau- thorized modification. If invoked without any options, fsic will verify all files ...
Page 175
Chapter g g - 56 inode information is shown. If file differs from baselined information, detailed comparison is shown. --virus-scan={yes=default,no} scan for viruses when verifying. (default: yes) --auto={yes,no=default} disable action confirmation. Assumes 'yes' to all enabled actions. Please note ...
Page 176
Chapter g g - 57 enable/disable virus scanning of the files during baselining. Viruses are scanned with options --dumb and --archive. (see fsav(1)) --auto={yes,no=default} disable the action confirmation. Assumes 'yes' to all enabled actions. Please note that --auto=no disables the auto switch, same...
Page 177
Chapter g g - 58 match baselined information. --alert={yes=default,no} specify whether to send an alert if file differs from baselined information. --ignore={hash,mtime,mode,uid,gid,size} specify which properties of the file are not monitored. Any combination of properties can be ignored. By default...
Page 178
Chapter g g - 59 denied if file does not match with baselined information. '.' on either p or r column means that protection or reporting respectively is not enabled. If a change is detected against the baseline, it is reported as follows [note] .Ra /bin/ls hash does not match baselined hash [note] ...
Page 179
Chapter g g - 60 when --baseline is specified the integrity checker will recalculate hash and inode information for all files known to the integrity checker. Previously generated baseline will be overwritten. User will be asked to confirm adding files to new baseline. For example, /bin/ls: accept to...
Page 180
Chapter g g - 61 return value of 3 indicates that one or more of the following happened; * incorrect passphrase, or * files do not match baselined information, or * a virus was detected in one of the files files none. Examples none. Notes none. Bugs none. Authors f-secure corporation copyright copyr...
Page 181: Fschooser
Chapter g g - 62 support@f-secure.Com fschooser (8) fschooser command line tool for enabling and disabling some features of f-secure linux security. Fschooser description this tool can be used to completely enable and disable some features of f-secure linux security. The tool is invoked without any ...
Page 182
Chapter g g - 63 notes when web user interface is disabled, the local alert database will still be running so any alerts received will be available in the web user interface when it is re-enabled. Bugs none. Authors f-secure corporation copyright copyright (c) 2008 f-secure corporation. All rights r...
Page 184
Chapter g g - 65 off switches the software installation mode off. Integrity checking file system baseline is auto- matically regenerated and a new passphrase must be entered. Return values fsims returns the following return values: 0operation performed successfully. 1user tried to execute fsims with...
Page 186: Fssetlanguage
Chapter g g - 67 support@f-secure.Com fssetlanguage (8) fssetlanguage command line tool for setting the default language in web user interface fssetlanguage language description this tool can be used to set the default language in f-secure linux security's web user interface. The user can still chan...
Page 187
Chapter g g - 68 sets german as the default language. Return values fssetlanguage always returns 0. Files none. Examples none. Notes none. Bugs none. Authors f-secure corporation copyright copyright (c) 2008 f-secure corporation. All rights reserved. See also for more information, see f-secure home ...
Page 188
H - 69 h config files fsaua_config ............................................................................... 70 fssp.Conf ..................................................................................... 75.
Page 189
H - 70 h.1 fsaua_config # # configuration for f-secure automatic update agent # # enable fsma # # this directive controls whether automatic update agent works in centrally # managed or standalone mode. # # this option only has effect, if fsma is installed and configured properly # # the default is ‘...
Page 190
H - 71 # in centrally managed mode, this defaults to the policy management server. # # the format is as follows: # update_servers=[http://] # # examples: # update_servers=http://pms # update_servers=http://server1,http://backup_server1,http:// backup_server2 # #update_servers= # update proxies # # t...
Page 191
H - 72 # # this directive controls which http proxies are used by the automatic # update agent # # the format is as follows: # http_proxies=[http://][user[:passwd]@] ][user[:passwd]@] # # examples: # http_proxies=http://proxy1:8080/,http://backup_proxy:8880/ # #http_proxies= # poll interval # # this...
Page 192
H - 73 # specifies whether automatic update agent is allowed to fall back to update # servers hosted by f-secure. # # the default is yes # #failover_to_root=yes # failover timeout # # specifies the timei after which automatic update agent is allowed to check # for updates from update servers hosted ...
Page 193
H - 74 # possible values are: # debug - log all messages # informational - log information on each update check plus # normal - log information on each succesful download and all errors # nolog - log nothing # # the default is normal # #log_level=normal # log facility # # specify the syslog facility...
Page 194
H - 75 h.2 fssp.Conf # # this is a configuration file for f-secure security platform # # copyright (c) 1999-2006 f-secure corporation. All rights reserved. # # # specify whether the product should scan all files or only the files that # match the extensions specified in the ‘extensions to scan’ sett...
Page 195
H - 76 odsincludedextensions .,acm,app,arj,asd,asp,avb,ax,bat,bin,boo,bz2,cab,ceo,chm,cmd,cnv,com, cpl,csc,dat,dll,do?,drv,eml,exe,gz,hlp,hta,htm,html,htt,inf,ini,js,jse,lnk,lzh, map,mdb,mht,mif,mp?,msg,mso,nws,obd,obt,ocx,ov?,p?T,pci,pdf,pgm,pif, pot,pp?,prc,pwz,rar,rtf,sbf,scr,shb,shs,sys,tar,td0,...
Page 196
H - 77 # # determines whether some files can be excluded from scanning. Please note # that the files specified here are excluded from scanning even if they would # be included in scanning according to what is defined in the other scanning # settings # # possible values: # 0 - disabled # 1 - enabled ...
Page 197
H - 78 odsfilescaninsidearchives 1 # # defines how many levels deep to scan in nested archives. It is not # recommended to set this value too high as this will make the product more # vulnerable to dos (denial of service) attacks. If an archive has more nested # levels than the limit, a scan error i...
Page 198
H - 79 odsfilescaninsidemime 0 # # defines how password-protected archives should be handled. If set to yes, # password protected archives are considered to be safe and access is allowed. # otherwise access is not allowed. # # possible values: # 0 - no # 1 - yes # odsfileignorepasswordprotected 1 # ...
Page 199
H - 80 odsstoponfirst 0 # # specify the primary action to take when an infection is detected. # # possible values: # 0 - do nothing # 1 - report only # 2 - disinfect # 3 - rename # 4 - delete # 5 - abort scan # 6 - custom # odsfileprimaryactiononinfection 2 # # if “custom” is chosen as the primary a...
Page 200
H - 81 odsfilecustomprimaryaction # # specify the secondary action to take when an infection is detected and the # primary action has failed. # # possible values: # 0 - do nothing # 1 - report only # 2 - disinfect # 3 - rename # 4 - delete # 5 - abort scan # 6 - custom # odsfilesecondaryactiononinfe...
Page 201
H - 82 # specify. Custom action script or program receives one parameter, full # pathname of the infected file. # odsfilecustomsecondaryaction # # specify the primary action to take when suspected infection is detected. # # possible values: # 0 - do nothing # 1 - report only # 3 - rename # 4 - delet...
Page 202
H - 83 # 3 - rename # 4 - delete # odsfilesecondaryactiononsuspected 0 # # set this on to report and handle riskware detections. Riskware is potential # spyware. # # possible values: # 0 - no # 1 - yes # odsscanriskware 1 # # type of riskware that should not be detected. # odsexcludedriskware ; # # ...
Page 203
H - 84 # # possible values: # 0 - do nothing # 1 - report only # 3 - rename # 4 - delete # odsfileprimaryactiononriskware 1 # # specify the secondary action to take when riskware is detected and the # primary action has failed. # # possible values: # 0 - do nothing # 1 - report only # 3 - rename # 4...
Page 204
H - 85 # resolution). A recommended upper limit would be, for example, 1 minute. # odsfilescantimeout 60 # # specify the action to take after a scan timeout has occurred. # # possible values: # 0 - report as scan error # 2 - report as clean file # odsfilescantimeoutaction 0 # # should actions be tak...
Page 205
H - 86 # # read files to scan from from standard input. # # possible values: # 0 - no # 1 - yes # odsinput 0 # # print out all the files that are scanned, together with their status. # # possible values: # 0 - no # 1 - yes # odslist 0 # # should infected filenames be printed as they are or should po...
Page 206
H - 87 # 0 - no # 1 - yes # odsraw 0 # # in standalone mode a new fsavd daemon is launched for every client. Usually # you do not want this because launching the daemon has considerable overhead. # # possible values: # 0 - no # 1 - yes # 2 - auto # odsstandalone 2 # # if “no”, fsav command line clie...
Page 207
H - 88 # 1 - yes # odsfollowsymlinks 0 # # if enabled, only infected filenames are reported. # # possible values: # 0 - no # 1 - yes # odssilent 0 # # if enabled, only infected filenames are reported. # # possible values: # 0 - no # 1 - yes # odsshort 0 #.
Page 208
H - 89 # if this setting is on, file access times are not modified when they are # scanned. If a file is modified due to disinfection, then both access and # modify times will change. # # possible values: # 0 - no # 1 - yes # odsfilepreserveaccesstimes 0 # # specifies how mime messages with broken a...
Page 209
H - 90 # partial mime messages are considered safe and access is allowed. Partial # mime messages cannot reliably be unpacked and scanned. # # possible values: # 0 - no # 1 - yes # odsfileignorepartialmime 0 # # defines how mime messages with broken headers should be handled. If set to # ‘yes’, brok...
Page 210
H - 91 # option is not set an error will be reported for large files. # # possible values: # 0 - no # 1 - yes # odsfileskiplarge 0 # # if “on”, the libra scanning engine is used for scanning files. If “off”, # libra is not used. # # possible values: # 0 - off # 1 - on # odsuselibra 1 # # if “on”, th...
Page 211
H - 92 # 1 - on # odsuseorion 1 # # if “on”, the avp scanning engine is used for scanning files. If “off”, avp # is not used. # # possible values: # 0 - off # 1 - on # odsuseavp 1 # # f-secure internal. Do not touch. # daemonavpflags 0x08d70002 # # set this on to enable riskware scanning with the av...
Page 212
H - 93 # # possible values: # 0 - off # 1 - on # odsavpriskwarescanning 1 # # maximum size of mime message. Files larger than this are not detected as # mime messages. Increasing this number will increase scan time of large # files. # daemonmaxmimemessagesize 10485760 # # mime recognition frame size...
Page 213
H - 94 # turn this setting on to use house keeping engine. # # possible values: # 0 - off # 1 - on # daemonusehke 1 # # f-secure internal. Do not change. This is the directory where in-use # databases are kept. # daemondatabasedirectory /var/opt/f-secure/fssp/databases # # f-secure internal. Do not ...
Page 214
H - 95 # daemonenginedirectory /opt/f-secure/fssp/lib # # if “yes”, fsavd writes a log file. If “no”, no log file is written. # # possible values: # 0 - no # 1 - yes # daemonlogfileenabled 0 # # log file location: stderr - write log to standard error stream syslog - # write log to syslog facility an...
Page 215
H - 96 # daemonmaxscanprocesses 4 # # fsav will add the current user-id to the path to make it possible for # different users to run independent instances of the server. # daemonsocketpath /tmp/.Fsav # # octal number specifying the mode (permissions) of the daemon socket. See # chmod(1) and chmod(2)...
Page 216
H - 97 # # syslog facility to use when logging to syslog. # # possible values: # auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, syslog, user, uucp, local0, local1, local2, local3, local4, local5, local6, local7 - auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, syslog, user, uucp...
Page 217
H - 98 # 0 - nothing # 1 - emergency # 2 - alert # 3 - critical # 4 - error # 5 - warning # 6 - notice # 7 - info # 8 - debug # 9 - everything # debugloglevel 0 # # specify the full name of the debug logfile. # debuglogfile /var/opt/f-secure/fssp/fssp.Log # # the keycode entered during installation....
Page 218
H - 99 # # the complete path that tells where this product is installed in the # filesystem. # installationdirectory /opt/f-secure/fssp # # unix time() when installation done. # installationtimestamp 0 # # f-secure internal. Do not change. Text to be printed every day during # evaluation use. # nagg...
Page 219
H - 100 expiredtext evaluation period expiredto purchase license, please check http://www.F-secure.Com/purchase/.