Frequently Asked Question

To install NOD32 for Linux File Server, you have to install Dazuko with kernel recompile.

Please follow the following steps:

A) How to install Dazuko on Fedora Cores

1) Make sure your Fedora Core installation is up-to-date.
Also make sure you have the necessary packages for building a new kernel RPM: rpm-build redhat-rpm-config gcc. You may verify these with yum:

# yum update
# yum install rpm-build redhat-rpm-config gcc

Installing them in Fedora Core will also require: cpp glibc-devel glibc-headers glibc-kernheaders.

2) Get the source RPM for the latest kernel from your update server
(e.g. http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/SRPMS/kernel-2.6.11-1.14_FC3.src.rpm):

# wget http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/SRPMS/kernel-2.6.11-1.14_FC3.src.rpm

and install it in /usr/src/redhat:

# rpm -ihv kernel-2.6.11-1.14_FC3.src.rpm

3)Edit in /usr/src/redhat/SOURCES/ the config file relevant to your hardware configuration
(e.g. "kernel-2.6.11-i686.config" for a machine with a single 686-class processor). Then configure security capabilities as a module by changing the following line:

CONFIG_SECURITY_CAPABILITIES=y

CONFIG_SECURITY_CAPABILITIES=y to this:

CONFIG_SECURITY_CAPABILITIES=m

4)Optionally, you may also avoid building both the uniprocessor and smp build in order to save space and compiling time.
Edit /usr/src/redhat/SPECS/kernel-2.6.spec and change "buildsmp" or "buildup" to "0", but not both. To disable the extra debug builds add the following entries in the same section of the spec file:

%define debug_package %{nil}
%define _unpackaged_files_terminate_build 0

To change the rpm's name to something more relevant edit the spec file and modify the following lines (e.g. in Fedora Core 3) from something like this:

%if %{FC3}
%define release %(R="$Revision: 1.14 $"; RR="${R##: }"; echo ${RR%%?})_FC3%{rhbsys}
%endif

to something like this:

%if %{FC3}
%define release %(R="$Revision: 1.14 $"; RR="${R##: }"; echo ${RR%%?})_FC3_dazuko
%endif

5) Build a new kernel with rpmbuild for your target processor (in our case, a i686 processor):

# rpmbuild -bb --target=i686 /usr/src/redhat/SPECS/kernel-2.6.spec

This will generate the rpm file(s) for the new kernel in /usr/src/redhat/RPMS/i686 .

6) Install the new kernel from /usr/src/redhat/RPMS/ with the "rpm -ihv" command (this will install the new kernel and the initrd image in /boot and the modules in /lib/modules):

# rpm -ihv /usr/src/redhat/RPMS/i686/kernel-2.6.11-1.14_FC3_dazuko.i686.rpm

The RPM's filename may vary if you haven't followed the optional step 4. If all goes well, the "rpm -ihv" command will also add an entry for the newly compiled kernel and it's initrd file in Grub's menu list. If you use a custom boot manager please refer to it's documentation for further instructions on booting with the new kernel.

7)Reboot and compile/install the "dazuko" module for the new kernel. It should compile with no problem now, but please refer to Dazuko's documentation for details.

Other notes:

The recommended location for the "dazuko.ko" module would be "/lib/modules/2.6.11-1.14_FC3_dazuko/kernel/security/". After copying it there, please execute the "depmod -a" command. Also make sure the "capability" module is not loaded before loading "dazuko".

If you need to create the "dazuko" device in /dev, use this "mknod" command:

# mknod -m 600 /dev/dazuko c `grep dazuko /proc/devices | sed "s/ .*//"` 0

B) Install NOD32 LFS

1)Getting the rpm from https://www.eset.hk/download

The file downloaded will be a .bin file (e.g. nod32lfs-2.06-1.i386.rpm.bin). Change mode to make it able to execute

chmod 755 nod32lfs-2.xx-x.i386.rpm.bin
Execute the bin file , agree the End User agreement then you will get the rpm file
./nod32lfs-2.xx-x.i386.rpm.bin

2) Install NOD32LFS

Extract the nod32lfs package, and run install

On-Access Scanning:
Edit the file /etc/nod32/nod32.cfg, fac session
Look up the ctl_incl line, you can add up to 30 directories to enable real time scanning

Once you reboot your machine, dazuko module may not be loaded. Therefore in the file /etc/init.d/nod32fac, you may need to uncomment the line
/sbin/modprobe -q dazuko
Change the path to dazuko module if necessary.

Update:
Key in your username and password in /etc/nod32/nod32.auth

Run the command /usr/sbin/nod32_update

If you want to check update every hour, create a symbolic link in /etc/cron.hourly

ln -s /usr/sbin/nod32_update /etc/cron.hourly