Installation Guide

LinuxShield
version 1.5.1

McAfee System Protection

Industry-leading intrusion prevention solutions

COPYRIGHT
Copyright 2008 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS
ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP DESIGN (STYLIZED E), DESIGN , (STYLIZED N), ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS, NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

LICENSE INFORMATION License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

Attributions
This product includes or may include: Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). Cryptographic software written by Eric A. Young and software written by Tim J. Hudson. Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. Software originally written by Robert Nordier, Copyright 1996-7 Robert Nordier. Software written by Douglas W. Sauder. Software developed by the Apache Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt. International Components for Unicode ("ICU") Copyright 1995-2002 International Business Machines Corporation and others. Software developed by CrystalClear Software, Inc., Copyright 2000 CrystalClear Software, Inc. FEAD Optimizer technology, Copyright Netopsystems AG, Berlin, Germany. Outside In Viewer Technology 1992-2001 Stellent Chicago, Inc. and/or Outside In HTML Export, 2001 Stellent Chicago, Inc. Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, 1998, 1999, 2000. Software copyrighted by Expat maintainers. Software copyrighted by The Regents of the University of California, 1996, 1989, 1998-2000. Software copyrighted by Gunnar Ritter. Software copyrighted by Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A., 2003. Software copyrighted by Gisle Aas. 1995-2003. Software copyrighted by Michael A. Chase, 1999-2000. Software copyrighted by Neil Winton, 1995-1996. Software copyrighted by RSA Data Security, Inc., 1990-1992. Software copyrighted by Sean M. Burke, 1999, 2000. Software copyrighted by Martijn Koster, 1995. Software copyrighted by Brad Appleton, 1996-1999. Software copyrighted by Michael G. Schwern, 2001. Software copyrighted by Graham Barr, 1998. Software copyrighted by Larry Wall and Clark Cooper, 1998-2000. Software copyrighted by Frodo Looijaard, 1997. Software copyrighted by the Python Software Foundation, Copyright 2001, 2002, 2003. A copy of the license agreement for this software can be found at www.python.org. Software copyrighted by Beman Dawes, 1994-1999, 2002. Software written by Andrew Lumsdaine, Lie-Quan Lee, Jeremy G. Siek 1997-2000 University of Notre Dame. Software copyrighted by Simone Bordet & Marco Cravero, 2002. Software copyrighted by Stephen Purcell, 2001. Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). Software copyrighted by International Business Machines Corporation and others, 1995-2003. Software developed by the University of California, Berkeley and its contributors. Software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). Software copyrighted by Kevlin Henney, 2000-2002. Software copyrighted by Peter Dimov and Multi Media Ltd. 2001, 2002. Software copyrighted by David Abrahams, 2001, 2002. See http://www.boost.org/libs/bind/bind.html for documentation. Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, 2000. Software copyrighted by Boost.org, 1999-2002. Software copyrighted by Nicolai M. Josuttis, 1999. Software copyrighted by Jeremy Siek, 1999-2001. Software copyrighted by Daryle Walker, 2001. Software copyrighted by Chuck Allison and Jeremy Siek, 2001, 2002. Software copyrighted by Samuel Krempp, 2001. See http://www.boost.org for updates, documentation, and revision history. Software copyrighted by Doug Gregor (gregod@cs.rpi.edu), 2001, 2002. Software copyrighted by Cadenza New Zealand Ltd., 2000. Software copyrighted by Jens Maurer, 2000, 2001. Software copyrighted by Jaakko Jrvi (jaakko.jarvi@cs.utu.fi), 1999, 2000. Software copyrighted by Ronald Garcia, 2002. Software copyrighted by David Abrahams, Jeremy Siek, and Daryle Walker, 1999-2001. Software copyrighted by Stephen Cleary (shammah@voyager.net), 2000. Software copyrighted by Housemarque Oy <http://www.housemarque.com>, 2001. Software copyrighted by Paul Moore, 1999. Software copyrighted by Dr. John Maddock, 1998-2002. Software copyrighted by Greg Colvin and Beman Dawes, 1998, 1999. Software copyrighted by Peter Dimov, 2001, 2002. Software copyrighted by Jeremy Siek and John R. Bandela, 2001. Software copyrighted by Joerg Walter and Mathias Koch, 2000-2002. Software copyrighted by Carnegie Mellon University 1989, 1991, 1992. Software copyrighted by Cambridge Broadband Ltd., 2001-2003. Software copyrighted by Sparta, Inc., 2003-2004. Software copyrighted by Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, 2004. Software copyrighted by Simon Josefsson, 2003. Software copyrighted by Thomas Jacob, 2003-2004. Software copyrighted by Advanced Software Engineering Limited, 2004. Software copyrighted by Todd C. Miller, 1998. Software copyrighted by The Regents of the University of California, 1990, 1993, with code derived from software contributed to Berkeley by Chris Torek.

Issued April 2008 / LinuxShield software version 1.5.1

DBN-010-EN

Contents

Introducing LinuxShield
Product features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Whats new in this release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Using this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Getting product information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Contact information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5
5 6 6 7 7 8 9

System Requirements

11

Hardware and software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11 Creating kernel modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Creating 2.4 kernel modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Creating 2.6 kernel modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Installing LinuxShield
Manual installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Silent installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Running LinuxShield . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Handling old certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Removing the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Upgrading from previous LinuxShield versions . . . . . . . . . . . . . . . . . . . . . . . . . . . Integrating with ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PLDP Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

25
25 28 29 29 30 30 31 31

LinuxShield 1.5.1 Installation Guide

Contents

Introducing LinuxShield

LinuxShield detects and removes viruses and other potentially unwanted software on Linux-based systems. This section describes: Product features Whats new in this release Using this guide Getting product information Contact information

Product features
LinuxShield software has the following features: Support for AMD 64 / EM64T (64-bit) platforms. Kernel hooking modules (KHMs) Global File System (GFS) on Red Hat Enterprise Linux 5. Kernel module versioning which provides on-access scanning on new kernels without having to recompile modules. Incremental Virus Signature (DAT) updates. Scanning Comprehensive on-access anti-virus scanning and cleaning using the McAfee scanning engine. On-access scanning for local file systems, NFS and Samba. Kernel-level scan cache for improved performance. Scheduling of on-demand scans. Scheduling of updates for scanning engine and virus definition files. Administration Remote administration using browser-based interface.

LinuxShield 1.5.1 Installation Guide

Introducing LinuxShield
Whats new in this release

Monitoring and configuring of multiple LinuxShield installations from the browser interface. Secure browser interface with authentication and HTTPS (SSL) support. Remote administration and reporting using ePolicy Orchestrator. Reporting Real-time statistics. Detailed database for detected items and system events. Ability to query the database by date range or individual field values, for example, virus name. Results of query can be exported to a CSV file. Configurable email notification for detected items, out-of-date virus definition files, configuration changes, and system events. Diagnostic report for use when reporting a problem with the product.

Whats new in this release

This release of LinuxShield includes the following new enhancements: Support for updating virus signatures (DATs) and scanning engine from ePolicy Orchestrator version 3.6.1 and 4.0 repositories. Support for updating virus signatures (DATs) and scanning engine from HTTP and local repositories. Support for specifying a list of FTP, HTTP, and/or local repositories for updating virus signatures (DATs) and scanning engine. Support for LinuxShield deployment and installation from ePolicy Orchestrator version 3.6.1 and 4.0. Support for installing HotFixes and Patches for LinuxShield from ePolicy Orchestrator version 3.6.1 and 4.0. McAfee Agent 4.0 support. Support for VmWare and Xen.

Using this guide

This guide provides information on installing your product. These topics are included: Introducing LinuxShield An overview of the product, with a description of new or changed features; an overview of this guide; McAfee contact information. System Requirements The system requirements necessary to install LinuxShield successfully; instructions on creating kernel modules.

LinuxShield 1.5.1 Installation Guide

Introducing LinuxShield
Using this guide

Installing LinuxShield Procedures to install the software manually and silently, instructions on how to remove the software from your computer and upgrade from a pre-release or previous version of the software.

Audience
This information is intended for network administrators who are responsible for their companys anti-virus and security program.

Conventions
This guide uses the following conventions:
Bold Condensed
All words from the interface, including options, menus, buttons, and dialog box names. Example: Type the User name and Password of the appropriate account. Courier The path of a folder or program; text that represents something the user types exactly (for example, a command at the system prompt). Examples: The default location for the program is: C:\Program Files\McAfee\EPO\3.5.0 Run this command on the client computer: scan --help Italic For emphasis or when introducing a new term; for names of product documentation and topics (headings) within the material. Example: Refer to the VirusScan Enterprise Product Guide for more information. Blue A web address (URL) and/or a live link. Example: Visit the McAfee web site at: http://www.mcafee.com <TERM> Angle brackets enclose a generic term. Example: In the console tree, right-click <SERVER>. Note: Supplemental information; for example, another method of executing the same command. Tip: Suggestions for best practices and recommendations from McAfee for threat prevention, performance and efficiency. Caution: Important advice to protect your computer system, enterprise, software installation, or data. Warning: Important advice to protect a user from bodily harm when using a hardware product.

Note

Tip

Caution

Warning

LinuxShield 1.5.1 Installation Guide

Introducing LinuxShield
Getting product information

Getting product information

Unless otherwise noted, product documentation comes as Adobe Acrobat .PDF files, available on the product CD or from the McAfee download site. Installation Guide System requirements and instructions for installing and starting the software. Product Guide Introduction to the product and its features; detailed instructions for configuring the software; information on deployment, recurring tasks, and operating procedures. Help High-level and detailed information accessed from the software application. Configuration Guide For use with ePolicy Orchestrator. Procedures for configuring and managing supported products through the ePolicy Orchestrator management software. Release Notes ReadMe. Product information, resolved issues, any known issues, and last-minute additions or changes to the product or its documentation. License Agreement The McAfee License Agreement booklet that includes all the license types you can purchase for your product. The License Agreement presents general terms and conditions for use of the licensed product. Contacts Contact information for McAfee services and resources: technical support, customer service, Security Headquarters (AVERT), beta program, and training.

LinuxShield 1.5.1 Installation Guide

Introducing LinuxShield
Contact information

Contact information
Threat Center: McAfee Avert Labs
http://www.mcafee.com/us/threat_center/default.asp Avert Labs Threat Library http://vil.nai.com Avert Labs WebImmune & Submit a Sample (Logon credentials required) https://www.webimmune.net/default.asp Avert Labs DAT Notification Service http://vil.nai.com/vil/signup_DAT_notification.aspx

Download Site http://www.mcafee.com/us/downloads/

Product Upgrades (Valid grant number required) Security Updates (DATs, engine) HotFix and Patch Releases For Security Vulnerabilities (Available to the public) For Products (ServicePortal account and valid grant number required) Product Evaluation McAfee Beta Program

Technical Support

http://www.mcafee.com/us/support/ KnowledgeBase Search http://knowledge.mcafee.com/ McAfee Technical Support ServicePortal (Logon credentials required) https://mysupport.mcafee.com/eservice_enu/start.swe

Customer Service
Web http://www.mcafee.com/us/support/index.html http://www.mcafee.com/us/about/contact/index.html Phone US, Canada, and Latin America toll-free: +1-888-VIRUS NO or +1-888-847-8766 Monday Friday, 8 a.m. 8 p.m., Central Time

Professional Services
Enterprise: http://www.mcafee.com/us/enterprise/services/index.html Small and Medium Business: http://www.mcafee.com/us/smb/services/index.html

LinuxShield 1.5.1 Installation Guide

Introducing LinuxShield
Contact information

10

System Requirements
Hardware and software

This section includes the following topics: Hardware and software requirements. Creating kernel modules on page 21.

Hardware and software requirements

The following hardware and software are required. All platforms Monitor screen with a recommended minimum resolution of 1024 x 768. Minimum hardware requirements for 32-bit platforms Intel Pentium II with 128 MB RAM, and 40 MB free space on the hard drive. Typical hardware requirements for 32-bit platforms Intel Pentium 4 with 256 MB RAM, and 200 MB free space on the hard drive. Minimum hardware requirements for 64-bit platforms Intel Pentium 4 EM64T or AMD 64 with 256 MB RAM, and 40 MB free space on the hard drive. Typical hardware requirements for 64-bit platforms Intel Pentium 4 EM64T or AMD 64 with 512 MB RAM, and 200 MB free space on the hard drive. Supported operating systems for 32-bit platforms Novell Linux Desktop 9 Novell Linux Small Business Suite 9 Novell Open Enterprise Server 1 running SuSE Linux Enterprise Server 9 SP1 Red Hat Enterprise 2.1 Advanced Server, Workstation, Enterprise Server Red Hat Enterprise 3.0 Advanced Server, Workstation, Enterprise Server Red Hat Enterprise 4.0 Advanced Server, Workstation, Enterprise Server, Desktop

11

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Red Hat Enterprise 5.0 Server, Desktop SuSE Enterprise 8 Server United Linux 1.0 SuSE Linux Enterprise Server 9 SuSE Linux Enterprise Server/Desktop 10 Novell Open Enterprise Server 2 running SuSE Linux Enterprise Server 10 SP1 Supported operating systems for 64-bit platforms Red Hat Enterprise 4.0 Advanced Server, Workstation, Enterprise Server, Desktop Red Hat Enterprise 5.0 Advanced Platform, Desktop SuSE Linux Enterprise Server 9 SuSE Linux Enterprise Server/Desktop 10 Novell Open Enterprise Server 2 running SuSE Linux Enterprise Server 10 SP1 Supported browsers Internet Explorer 5.5, 6.0 and 7.0 Konqueror 3.5.1 Mozilla 0.9.9, 1.0.1, 1.2.1, 1.4, and 1.6 Firefox 1.0, 1.5, and 2.0 Supported ePolicy Orchestrator Server 3.6.1 or later Supported kernels The following kernel modules are provided in this release. If your kernel is not listed here, see About kernel support on page 20 and Creating kernel modules on page 21.
Table 2-1 Kernel modules supported on 32-bit platforms for Red Hat
Red Hat Enterprise 2.1 kernel-2.4.9-e.3 kernel-smp-2.4.9-e.3 kernel-enterprise-2.4.9-e.3 kernel-2.4.9-e.12 kernel-smp-2.4.9-e.12 kernel-2.4.9-e.38 kernel-smp-2.4.9-e.38 kernel-enterprise-2.4.9-e.38 kernel-2.4.9-e.40 kernel-smp-2.4.9-e.40 kernel-enterprise-2.4.9-e.40 Red Hat Enterprise 3.0 kernel-2.4.21-4.EL kernel-smp-2.4.21-4.EL kernel-hugemem-2.4.21-4.EL kernel-2.4.21-9.0.1.EL kernel-smp-2.4.21-9.0.1.EL kernel-hugemem-2.4.21-9.0.1.EL kernel-2.4.21-9.0.3.EL kernel-smp-2.4.21-9.0.3.EL kernel-hugemem-2.4.21-9.0.3.EL kernel-2.4.21-15.EL kernel-smp-2.4.21-15.EL kernel-hugemem-2.4.21-15.EL Red Hat Enterprise 4.0 kernel-2.6.9-5.EL kernel-smp-2.6.9-5.EL kernel-hugemem-2.6.9-5.EL kernel-2.6.9-11.EL kernel-smp-2.6.9-11.EL kernel-hugemem-2.6.9-11.EL kernel-2.6.9-22.EL kernel-smp-2.6.9-22.EL kernel-hugemem-2.6.9-22.EL kernel-2.6.9-22.0.1.EL kernel-smp-2.6.9-22.0.1.EL kernel-hugemem-2.6.9-22.0.1.EL Red Hat Enterprise 5.0 kernel-2.6.18-8.el5 kernel-2.6.18-8.el5PAE kernel-2.6.18-8.1.1.el5 kernel-2.6.18-8.1.1.el5PAE kernel-2.6.18-8.1.3.el5 kernel-2.6.18-8.1.3.el5PAE kernel-2.6.18-8.1.4.el5 kernel-2.6.18-8.1.4.el5PAE kernel-2.6.18-8.1.6.el5 kernel-2.6.18-8.1.6.el5PAE

12

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Table 2-1 Kernel modules supported on 32-bit platforms for Red Hat (continued)
Red Hat Enterprise 2.1 kernel-2.4.9-e.41 kernel-smp-2.4.9-e.41 kernel-enterprise-2.4.9-e.41 kernel-2.4.9-e.43 kernel-smp-2.4.9-e.43 kernel-enterprise-2.4.9-e.43 kernel-2.4.9-e.48 kernel-smp-2.4.9-e.48 kernel-enterprise-2.4.9-e.48 Red Hat Enterprise 3.0 kernel-2.4.21-15.0.2.EL kernel-smp-2.4.21-15.0.2.EL kernel-hugemem-2.4.21-15.0.2.EL kernel-2.4.21-15.0.3.EL kernel-smp-2.4.21-15.0.3.EL kernel-hugemem-2.4.21-15.0.3.EL kernel-2.4.21-15.0.4.EL kernel-smp-2.4.21-15.0.4.EL kernel-hugemem-2.4.21-15.0.4.EL Red Hat Enterprise 4.0 kernel-2.6.9-22.0.2.EL kernel-smp-2.6.9-22.0.2.EL kernel-hugemem-2.6.9-22.0.2.EL kernel-2.6.9-34.EL kernel-smp-2.6.9-34.EL kernel-hugemem-2.6.9-34.EL kernel-2.6.9-34.0.1.EL Red Hat Enterprise 5.0 kernel-2.6.18-8.1.8.el5 kernel-2.6.18-8.1.8.el5PAE

13

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Table 2-1 Kernel modules supported on 32-bit platforms for Red Hat (continued)
Red Hat Enterprise 2.1 kernel-2.4.9-e.49 kernel-smp-2.4.9-e.49 kernel-enterprise-2.4.9-e.49 kernel-2.4.9-e.62 kernel-smp-2.4.9-e.62 kernel-enterprise-2.4.9-e.62 kernel-2.4.9-e.65 kernel-smp-2.4.9-e.65 kernel-enterprise-2.4.9-e.65 Red Hat Enterprise 3.0 kernel-2.4.21-20.EL kernel-smp-2.4.21-20.EL kernel-hugemem-2.4.21-20.EL kernel-2.4.21-20.0.1.EL kernel-smp-2.4.21-20.0.1.EL kernel-hugemem-2.4.21-20.0.1.EL kernel-2.4.21-27.EL kernel-smp-2.4.21-27.EL kernel-hugemem-2.4.21-27.EL Red Hat Enterprise 4.0 kernel-smp-2.6.9-34.0.1.EL kernel-hugemem-2.6.9-34.0.1.EL kernel-2.6.9-34.0.2.EL kernel-smp-2.6.9-34.0.2.EL kernel-hugemem-2.6.9-34.0.2.EL kernel-2.6.9-42.EL kernel-smp-2.6.9-42.EL Red Hat Enterprise 5.0 kernel-2.6.18-8.el5 kernel-2.6.18-8.el5PAE kernel-2.6.18-8.el5xen kernel-2.6.18-8.1.1.el5 kernel-2.6.18-8.1.1.el5PAE kernel-2.6.18-8.1.1.el5xen

14

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Table 2-1 Kernel modules supported on 32-bit platforms for Red Hat (continued)
Red Hat Enterprise 2.1 kernel-2.4.9-e.68 kernel-smp-2.4.9-e.68 kernel-enterprise-2.4.9-e.68 kernel-2.4.9-e.70 kernel-smp-2.4.9-e.70 kernel-enterprise-2.4.9-e.70 kernel-2.4.9-e.71 kernel-smp-2.4.9-e.71 kernel-enterprise-2.4.9-e.71 kernel-2.4.9-e.72 kernel-smp-2.4.9-e.72 kernel-enterprise-2.4.9-e.72 Red Hat Enterprise 3.0 kernel-2.4.21-27.0.1.EL kernel-smp-2.4.21-27.0.1.EL kernel-hugemem-2.4.21-27.0.1.EL kernel-2.4.21-27.0.2.EL kernel-smp-2.4.21-27.0.2.EL kernel-hugemem-2.4.21-27.0.2.EL kernel-2.4.21-32.0.1.EL kernel-smp-2.4.21-32.0.1.EL kernel-hugemem-2.4.21-32.0.1.EL kernel-2.4.21-37.EL kernel-smp-2.4.21-37.EL kernel-hugemem-2.4.21-37.EL kernel-2.4.21-40.EL kernel-smp-2.4.21-40.EL kernel-hugemem-2.4.21-40.EL kernel-2.4.21-47.EL kernel-smp-2.4.21-47.EL kernel-hugemem-2.4.21-47.EL kernel-2.4.21-47.0.1.EL kernel-smp-2.4.21-47.0.1.EL kernel-hugemem-2.4.21-47.0.1.EL kernel-2.4.21-50.EL kernel-smp-2.4.21-50.EL kernel-hugemem-2.4.21-50.EL kernel-2.4.21-51.EL kernel-smp-2.4.21-51.EL kernel-hugemem-2.4.21-51.EL kernel-2.4.21-52.EL kernel-smp-2.4.21-52.EL kernel-hugemem-2.4.21-52.EL kernel-2.4.21-53.EL kernel-smp-2.4.21-53.EL kernel-hugemem-2.4.21-53.EL Red Hat Enterprise 4.0 kernel-hugemem-2.6.9-42.EL kernel-2.6.9-42.0.2.EL kernel-smp-2.6.9-42.0.2.EL kernel-hugemem-2.6.9-42.0.2.EL kernel-2.6.9-42.0.3.EL kernel-smp-2.6.9-42.0.3.EL kernel-hugemem-2.6.9-42.0.3.EL kernel-2.6.9-42.0.8.EL kernel-smp-2.6.9-42.0.8.EL kernel-hugemem-2.6.9-42.0.8.EL kernel-2.6.9-42.0.10.EL kernel-smp-2.6.9-42.0.10.EL kernel-hugemem-2.6.9-42.0.10.EL kernel-2.6.9-55.EL kernel-smp-2.6.9-55.EL kernel-hugemem-2.6.9-55.EL kernel-2.6.9-55.0.2.EL kernel-smp-2.6.9-55.0.2.EL kernel-hugemem-2.6.9-55.0.2.EL kernel-2.6.9-55.0.6.EL kernel-smp-2.6.9-55.0.6.EL kernel-hugemem-2.6.9-55.0.6.EL kernel-2.6.9-55.0.9.EL kernel-smp-2.6.9-55.0.9.EL kernel-hugemem-2.6.9-55.0.9.EL kernel-2.6.9-67.EL kernel-smp-2.6.9-67.EL kernel-hugemem-2.6.9-67.EL kernel-2.6.9-67.0.4.EL kernel-smp-2.6.9-67.0.4.EL kernel-hugemem-2.6.9-67.0.4.EL kernel-2.6.9-67.0.7.EL kernel-smp-2.6.9-67.0.7.EL kernel-hugemem-2.6.9-67.0.7.EL kernel-2.6.9-67.0.15.EL kernel-smp-2.6.9-67.0.15.EL kernel-hugemem-2.6.9-67.0.15.EL Red Hat Enterprise 5.0 kernel-2.6.18-8.1.3.el5 kernel-2.6.18-8.1.3.el5PAE kernel-2.6.18-8.1.3.el5xen kernel-2.6.18-8.1.4.el5 kernel-2.6.18-8.1.4.el5PAE kernel-2.6.18-8.1.4.el5xen kernel-2.6.18-8.1.6.el5 kernel-2.6.18-8.1.6.el5PAE kernel-2.6.18-8.1.6.el5xen kernel-2.6.18-8.1.8.el5 kernel-2.6.18-8.1.8.el5PAE kernel-2.6.18-8.1.8.el5xen kernel-2.6.18-8.1.10.el5 kernel-2.6.18-8.1.10.el5PAE kernel-2.6.18-8.1.10.el5xen kernel-2.6.18-8.1.14.el5 kernel-2.6.18-8.1.14.el5PAE kernel-2.6.18-8.1.14.el5xen kernel-2.6.18-8.1.15.el5 kernel-2.6.18-8.1.15.el5PAE kernel-2.6.18-8.1.15.el5xen kernel-2.6.18-53.el5 kernel-2.6.18-53.el5PAE kernel-2.6.18-53.el5xen kernel-2.6.18-53.1.4.el5 kernel-2.6.18-53.1.4.el5PAE kernel-2.6.18-53.1.4.el5xen kernel-2.6.18-53.1.6.el5 kernel-2.6.18-53.1.6.el5PAE kernel-2.6.18-53.1.6.el5xen kernel-2.6.18-53.1.13.el5 kernel-2.6.18-53.1.13.el5PAE kernel-2.6.18-53.1.13.el5xen kernel-2.6.18-53.1.14.el5 kernel-2.6.18-53.1.14.el5PAE kernel-2.6.18-53.1.14.el5xen kernel-2.6.18-53.1.19.el5 kernel-2.6.18-53.1.19.el5PAE kernel-2.6.18-53.1.19.el5xen

15

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Table 2-2 Kernel modules supported on 32-bit platforms for SuSE

SuSE Enterprise 8 SuSE Enterprise 9.0 /Novell Linux Desktop 9.0 kernel-default-2.6.5-7.97 kernel-smp-2.6.5-7.97 kernel-bigsmp-2.6.5-7.97 kernel-default-2.6.5-7.111 kernel-smp-2.6.5-7.111 kernel-bigsmp-2.6.5-7.111 kernel-default-2.6.5-7.139 kernel-smp-2.6.5-7.139 kernel-bigsmp-2.6.5-7.139 kernel-default-2.6.5-7.145 kernel-smp-2.6.5-7.145 kernel-bigsmp-2.6.5-7.145 kernel-default-2.6.5-7.147 kernel-smp-2.6.5-7.147 SuSE Enterprise Desktop 10 kernel-default-2.6.16-21.0.8 kernel-smp-2.6.16-21.0.8 kernel-bigsmp-2.6.16-21.0.8 kernel-default-2.6.16-21.0.15 kernel-smp-2.6.16-21.0.15 kernel-bigsmp-2.6.16-21.0.15 kernel-default-2.6.16-21.0.25 kernel-smp-2.6.16-21.0.25 kernel-bigsmp-2.6.16-21.0.25 kernel-default-2.6.16-27.0.6 kernel-smp-2.6.16-27.0.6 kernel-bigsmp-2.6.16-27.0.6 SuSE Enterprise Server 10 kernel-default-2.6.16-21.0.8 kernel-smp-2.6.16-21.0.8 kernel-bigsmp-2.6.16-21.0.8 kernel-xen-2.6.16-21.0.8 kernel-xenpae-2.6.16-21.0.8 kernel-default-2.6.16-21.0.15 kernel-smp-2.6.16-21.0.15 kernel-bigsmp-2.6.16-21.0.15 kernel-xen-2.6.16-21.0.15 kernel-xenpae-2.6.16-21.0.15 kernel-default-2.6.16-21.0.25 kernel-smp-2.6.16-21.0.25 kernel-bigsmp-2.6.16-21.0.25 kernel-xen-2.6.16-21.0.25 kernel-xenpae-2.6.16-21.0.25 kernel-default-2.6.16-27.0.6 kernel-smp-2.6.16-27.0.6 kernel-bigsmp-2.6.16-27.0.6 kernel-xen-2.6.16-27.0.6 kernel-xenpae-2.6.16-27.0.6 k_smp-2.4.21-231 k_deflt-2.4.21-241 k_smp-2.4.21-241 k_deflt-2.4.21-251 k_smp-2.4.21-251 k_deflt-2.4.21-261 k_smp-2.4.21-261 kernel-bigsmp-2.6.5-7.147 kernel-default-2.6.5-7.151 kernel-smp-2.6.5-7.151 kernel-bigsmp-2.6.5-7.151 kernel-default-2.6.5-7.191 kernel-smp-2.6.5-7.191 kernel-bigsmp-2.6.5-7.191 kernel-default-2.6.5-7.193 kernel-default-2.6.16-27.0.9 kernel-smp-2.6.16-27.0.9 kernel-bigsmp-2.6.16-27.0.9 kernel-default-2.6.16-46.0.12 kernel-smp-2.6.16-46.0.12 kernel-bigsmp-2.6.16-46.0.12 kernel-default-2.6.16-27.0.9 kernel-smp-2.6.16-27.0.9 kernel-bigsmp-2.6.16-27.0.9 kernel-xen-2.6.16-27.0.9 kernel-xenpae-2.6.16-27.0.9 kernel-default-2.6.16-46.0.12 kernel-smp-2.6.16-46.0.12 kernel-bigsmp-2.6.16-46.0.12 kernel-xen-2.6.16-46.0.12 kernel-xenpae-2.6.16-46.0.12 k_deflt-2.4.21-266 k_smp-2.4.21-266 k_deflt-2.4.21-273 k_smp-2.4.21-273 k_deflt-2.4.21-278 k_smp-2.4.21-278 kernel-smp-2.6.5-7.193 kernel-bigsmp-2.6.5-7.193 kernel-default-2.6.5-7.201 kernel-smp-2.6.5-7.201 kernel-bigsmp-2.6.5-7.201 kernel-default-2.6.5-7.202.7 kernel-smp-2.6.5-7.202.7 kernel-default-2.6.16-46.0.14 kernel-smp-2.6.16-46.0.14 kernel-bigsmp-2.6.16-46.0.14 kernel-default-2.6.16-46.0.14 kernel-smp-2.6.16-46.0.14 kernel-bigsmp-2.6.16-46.0.14 kernel-xen-2.6.16-46.0.14 kernel-xenpae-2.6.16-46.0.14

k_smp-2.4.19-113 k_deflt-2.4.19-120 k_deflt-2.4.21-198 k_smp-2.4.21-198 k_deflt-2.4.21-203 k_smp-2.4.21-203 k_deflt-2.4.21-215 k_smp-2.4.21-215 k_deflt-2.4.21-226 k_smp-2.4.21-226 k_deflt-2.4.21-231

16

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Table 2-2 Kernel modules supported on 32-bit platforms for SuSE (continued)
SuSE Enterprise 8 SuSE Enterprise 9.0 /Novell Linux Desktop 9.0 kernel-bigsmp-2.6.5-7.202. 7 kernel-default-2.6.5-7.244 kernel-smp-2.6.5-7.244 kernel-bigsmp-2.6.5-7.244 kernel-default-2.6.5-7.252 kernel-smp-2.6.5-7.252 kernel-bigsmp-2.6.5-7.252 k_smp-2.4.21-295 k_deflt-2.4.21-304 k_smp-2.4.21-304 k_deflt-2.4.21-306 k_smp-2.4.21-306 k_deflt-2.4.21-309 k_smp-2.4.21-309 k_deflt-2.4.21-314 k_smp-2.4.21-314 kernel-default-2.6.5-7.257 kernel-smp-2.6.5-7.257 kernel-bigsmp-2.6.5-7.257 kernel-default-2.6.5-7.267 kernel-smp-2.6.5-7.267 kernel-bigsmp-2.6.5-7.267 kernel-default-2.6.5-7.276 kernel-smp-2.6.5-7.276 kernel-bigsmp-2.6.5-7.276 kernel-default-2.6.5-7.282 kernel-smp-2.6.5-7.282 kernel-bigsmp-2.6.5-7.282 kernel-default-2.6.5-7.283 kernel-smp-2.6.5-7.283 kernel-bigsmp-2.6.5-7.283 kernel-default-2.6.5-7.286 kernel-smp-2.6.5-7.286 kernel-bigsmp-2.6.5-7.286 kernel-default-2.6.5-7.287.3 kernel-smp-2.6.5-7.287.3 kernel-bigsmp-2.6.5-7.287. 3 kernel-default-2.6.5-7.308 kernel-smp-2.6.5-7.308 kernel-bigsmp-2.6.5-7.308 kernel-default-2.6.5-7.311 kernel-smp-2.6.5-7.311 kernel-bigsmp-2.6.5-7.311 kernel-default-2.6.16-54.2.3 kernel-smp-2.6.16-54.2.3 kernel-bigsmp-2.6.16-54.2.3 kernel-default-2.6.16.60-0.9 kernel-smp-2.6.16.60-0.9 kernel-bigsmp-2.6.16.60-0.9 kernel-default-2.6.16-54.2.3 kernel-smp-2.6.16-54.2.3 kernel-bigsmp-2.6.16-54.2.3 kernel-xen-2.6.16-54.2.3 kernel-xenpae-2.6.16-54.2.3 kernel-default-2.6.16.60-0.9 kernel-smp-2.6.16.60-0.9 kernel-bigsmp-2.6.16.60-0.9 kernel-xen-2.6.16.60-0.9 kernel-xenpae-2.6.16.60-0.9 kernel-default-2.6.16-53.0.16 kernel-smp-2.6.16-53.0.16 kernel-bigsmp-2.6.16-53.0.16 kernel-default-2.6.16-53.0.16 kernel-smp-2.6.16-53.0.16 kernel-bigsmp-2.6.16-53.0.16 kernel-xen-2.6.16-53.0.16 kernel-xenpae-2.6.16-53.0.16 SuSE Enterprise Desktop 10 kernel-default-2.6.16-53.0.8 kernel-smp-2.6.16-53.0.8 kernel-bigsmp-2.6.16-53.0.8 SuSE Enterprise Server 10 kernel-default-2.6.16-53.0.8 kernel-smp-2.6.16-53.0.8 kernel-bigsmp-2.6.16-53.0.8 kernel-xen-2.6.16-53.0.8 kernel-xenpae-2.6.16-53.0.8

k_deflt-2.4.21-281 k_smp-2.4.21-281 k_deflt-2.4.21-286 k_smp-2.4.21-286 k_deflt-2.4.21-292 k_smp-2.4.21-292 k_deflt-2.4.21-295

17

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Table 2-3 Kernel modules supported on 64-bit platforms for Red Hat
Red Hat Enterprise 4.0 kernel-2.6.9-5.EL kernel-smp-2.6.9-5.EL kernel-2.6.9-11.EL kernel-smp-2.6.9-11EL kernel-2.6.9-22.EL kernel-smp-2.6.9-22.EL kernel-2.6.9-22.0.1EL kernel-smp-2.6.9-22.0.1EL kernel-2.6.9-22.0.2.EL kernel-smp-2.6.9-22.0.2EL kernel-2.6.9-34.EL kernel-smp-2.6.9-34.EL kernel-2.6.9-34.0.1.EL kernel-smp-2.6.9-34.0.1.EL kernel-2.6.9-34.0.2.EL kernel-smp-2.6.9-34.0.2.EL kernel-2.6.9-42.EL Red Hat Enterprise 5.0 kernel-2.6.18-8.el5 kernel-2.6.18-8.1.1.el5 kernel-2.6.18-8.1.3.el5 kernel-2.6.18-8.1.4.el5 kernel-2.6.18-8.1.6.el5 kernel-2.6.18-8.1.8.el5 kernel-2.6.18-8.1.10.el5 kernel-2.6.18-8.1.10.el5xen kernel-2.6.18-8.1.14.el5 kernel-2.6.18-8.1.14.el5xen kernel-2.6.18-8.1.15.el5 kernel-2.6.18-8.1.15.el5xen kernel-2.6.18-53.el5 kernel-2.6.18-53.el5xen kernel-2.6.18-53.1.4.el5 kernel-2.6.18-53.1.4.el5xen

18

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Table 2-3 Kernel modules supported on 64-bit platforms for Red Hat (continued)
Red Hat Enterprise 4.0 kernel-smp-2.6.9-42.EL kernel-2.6.9-42.0.2.EL kernel-smp-2.6.9-42.0.2.EL kernel-2.6.9-42.0.3.EL kernel-smp-2.6.9-42.0.3.EL kernel-2.6.9-42.0.8.EL Red Hat Enterprise 5.0 kernel-2.6.18-53.1.6.el5 kernel-2.6.18-53.1.6.el5PAE kernel-2.6.18-53.1.6.el5xen kernel-2.6.18-53.1.13.el5 kernel-2.6.18-53.1.13.el5PAE kernel-2.6.18-53.1.13.el5xen

kernel-smp-2.6.9-42.0.8.EL kernel-2.6.9-42.0.10.EL kernel-smp-2.6.9-42.0.10.EL kernel-2.6.9-55.EL kernel-smp-2.6.9-55.EL kernel-2.6.9-55.0.2.EL kernel-smp-2.6.9-55.0.2.EL kernel-2.6.9-55.0.6.EL kernel-smp-2.6.9-55.0.6.EL kernel-2.6.9-55.0.9.EL kernel-smp-2.6.9-55.0.9.EL kernel-2.6.9-67.EL kernel-smp-2.6.9-67.EL kernel-2.6.9-67.0.4.EL kernel-smp-2.6.9-67.0.4.EL kernel-hugemem-2.6.9-67.0.4.EL kernel-2.6.9-67.0.7.EL kernel-smp-2.6.9-67.0.7.EL kernel-hugemem-2.6.9-67.0.7.EL kernel-2.6.9-67.0.15.EL kernel-smp-2.6.9-67.0.15.EL kernel-hugemem-2.6.9-67.0.15.EL

kernel-2.6.18-53.1.14.el5 kernel-2.6.18-53.1.14.el5PAE kernel-2.6.18-53.1.14.el5xen kernel-2.6.18-53.1.19.el5 kernel-2.6.18-53.1.19.el5PAE kernel-2.6.18-53.1.19.el5xen

Table 2-4 Kernel modules supported on 64-bit platforms for SuSE

SuSE Enterprise 9 kernel-default-2.6.5-7.97 kernel-smp-2.6.5-7.97 kernel-default-2.6.5-7.139 kernel-smp-2.6.5-7.139 kernel-default-2.6.5-7.147 SuSE Enterprise Desktop 10 kernel-default-2.6.16-21.0.8 kernel-smp-2.6.16-21.0.8 kernel-default-2.6.16-21.0.15 kernel-smp-2.6.16-21.0.15 SuSE Enterprise Server 10 kernel-default-2.6.16-21.0.8 kernel-smp-2.6.16-21.0.8 kernel-xen-2.6.16-21.0.8 kernel-default-2.6.16-21.0.15 kernel-smp-2.6.16-21.0.15 kernel-xen-2.6.16-21.0.15 kernel-smp-2.6.5-7.147 kernel-default-2.6.5-7.151 kernel-smp-2.6.5-7.151 kernel-default-2.6.5-7.191 kernel-smp-2.6.5-7.191 kernel-default-2.6.16-21.0.25 kernel-smp-2.6.16-21.0.25 kernel-default-2.6.16-21.0.25 kernel-smp-2.6.16-21.0.25 kernel-xen-2.6.16-21.0.25

19

LinuxShield 1.5.1 Installation Guide

System Requirements
Hardware and software requirements

Table 2-4 Kernel modules supported on 64-bit platforms for SuSE (continued)
SuSE Enterprise 9 kernel-default-2.6.5-7.193 kernel-smp-2.6.5-7.193 kernel-default-2.6.5-7.201 kernel-smp-2.6.5-7.201 kernel-default-2.6.5-7.202.7 SuSE Enterprise Desktop 10 kernel-default-2.6.16-27.0.6 kernel-smp-2.6.16-27.0.6 kernel-default-2.6.16-27.0.9 kernel-smp-2.6.16-27.0.9 SuSE Enterprise Server 10 kernel-default-2.6.16-27.0.6 kernel-smp-2.6.16-27.0.6 kernel-xen-2.6.16-27.0.6 kernel-default-2.6.16-27.0.9 kernel-smp-2.6.16-27.0.9 kernel-xen-2.6.16-27.0.9 kernel-smp-2.6.5-7.202.7 kernel-default-2.6.5-7.244 kernel-smp-2.6.5-7.244 kernel-default-2.6.5-7.252 kernel-smp-2.6.5-7.252 kernel-default-2.6.5-7.257 kernel-smp-2.6.5-7.257 kernel-default-2.6.5-7.267 kernel-smp-2.6.5-7.267 kernel-default-2.6.5-7.276 kernel-smp-2.6.5-7.276 kernel-default-2.6.5-7.282 kernel-smp-2.6.5-7.282 kernel-default-2.6.5-7.283 kernel-smp-2.6.5-7.283 kernel-default-2.6.5-7.286 kernel-smp-2.6.5-7.286 kernel-default-2.6.5-7.287.3 kernel-smp-2.6.5-7.287.3 kernel-default-2.6.5-7.308 kernel-smp-2.6.5-7.308 kernel-default-2.6.5-7.311 kernel-smp-2.6.5-7.311 kernel-default-2.6.16-54.2.3 kernel-smp-2.6.16-54.2.3 kernel-default-2.6.16-60-0.9 kernel-smp-2.6.16-60-0.9 kernel-default-2.6.16-54.2.3 kernel-smp-2.6.16-54.2.3 kernel-xen-2.6.16-54.2.3 kernel-default-2.6.16-60-0.9 kernel-smp-2.6.16-60-0.9 kernel-xen-2.6.16-60-0.9 kernel-default-2.6.16-53.0.8 kernel-smp-2.6.16-53.0.8 kernel-default-2.6.16-53.0.16 kernel-smp-2.6.16-53.0.16 kernel-default-2.6.16-53.0.8 kernel-smp-2.6.16-53.0.8 kernel-xen-2.6.16-53.0.8 kernel-default-2.6.16-53.0.16 kernel-smp-2.6.16-53.0.16 kernel-xen-2.6.16-53.0.16 kernel-default-2.6.16-46.0.12 kernel-smp-2.6.16-46.0.12 kernel-default-2.6.16-46.0.14 kernel-smp-2.6.16-46.0.14 kernel-default-2.6.16-46.0.12 kernel-smp-2.6.16-46.0.12 kernel-xen-2.6.16-46.0.12 kernel-default-2.6.16-46.0.14 kernel-smp-2.6.16-46.0.14 kernel-xen-2.6.16-46.0.14

About kernel support The LinuxShield installation includes on-access kernel modules for the versions of Red Hat and SuSE that we support. See the tables in Supported kernels on page 12 to get the full list of kernels. We provide these modules for the original kernel versions that are shipped with the distribution, and for the latest official kernel updates provided by Red Hat and SuSE at the time of this release. Our updates for their later kernels will be available from http://mysupport.nai.com. Source code for the kernel modules is also available on your product CD, or from our product download site. (See Contact information on page 9.) The availability of this source code allows you to respond to security patches as quickly as your specific environment and company policy dictates. However, we are unable to provide support for customized kernel modules because we cannot test them or reproduce specific issues.

20

LinuxShield 1.5.1 Installation Guide

System Requirements
Creating kernel modules

Creating kernel modules

McAfee does not support creating custom kernel modules.
Note

To build a LinuxShield kernel module from source, you need the source for your kernel. Most vendor-supplied kernels include a kernel source package, that usually installs the source into /usr/src/linux-<kernel version>. If you are not familiar with building the Linux kernel, we recommend that you refer to tutorials available on the Internet. Alternatively, follow the procedure in Creating 2.4 kernel modules or Creating 2.6 kernel modules.

Creating 2.4 kernel modules

1 Put your source tree into a known clean state to remove generated files and non-standard configuration. To do this, run make mrproper from the top-level directory of your kernel source tree, as in the following commands:
cd <kernel source dir> make mrproper

2 Configure the kernel source. You need the configuration file that was used to compile your kernel. If you are using a vendor-supplied kernel, the /boot directory normally contains a copy of the configuration file, which has a config prefix or a .config extension. 3 Copy the configuration file to the file .config in the top-level directory of your kernel source tree, and run make oldconfig, as in these commands:
cp <kernel config file> .config make oldconfig

If a message prompts you for any configuration items, your configuration file is incomplete, and you need to ask the supplier about the correct answers. 4 Check the version information in the top-level kernel Makefile. In particular, check that EXTRAVERSION is set appropriately. Sometimes the version information is set to a custom value in vendor-supplied source. The definition for KERNELRELEASE when expanded should match the contents of /proc/sys/kernel/osrelease assuming that you are building modules for the kernel that is currently running. The standard definition for KERNELRELEASE is:
KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)$(EXTRAVERSION)

5 Generate some dependency information and header files. Type the following command:
make dep

6 Build the kernel by typing this command:

make bzImage

This step creates generated files that are necessary for module compilation.

21

LinuxShield 1.5.1 Installation Guide

System Requirements
Creating kernel modules

As a minimum, you can build the generated configuration header files using make include/config/MARKER, but this might not work for all kernel versions and configurations.
You are now ready to build the LinuxShield kernel modules. The Makefile provided to build the LinuxShield modules requires 3.80 or later of GNU Make. Check your version of make by using make --version. If you have version 3.79 or earlier, you need to upgrade.

Note

7 Unpack the source files into an empty directory, and use the kernel build system to build the modules:
cd <LinuxShield source directory> make -C <kernel source dir> SUBDIRS=`pwd` modules

If there are no errors, you have two kernel modules lshook.o and linuxshield.o. 8 Copy the modules into your LinuxShield module directory (called /opt/NAI/LinuxShield/lib/modules by default). The modules in this directory are prefixed with the kernel version for which they were compiled. For example, if /proc/sys/kernel/osrelease contains 2.4.21-xyz, the modules are named 2.4.21-xyz-lshook.o and 2.4.21-xyz-linuxshield.o. If you have multiple kernels that cannot be distinguished by the contents of
/proc/sys/kernel/osrelease (the same as the output of uname -r), you need to

use the file kernel.version in the same directory. This file can contain multiple lines. Each has the form:
<prefix>:<build version>

Here <prefix> is a unique string derived from the kernel version. Given a version of 2.4.nn<extra>, the prefix is 2.4.nn<unique tag><extra>, where the unique tag does not contain : for example:
2.4.21-ls-xyz:#1 SMP Sun May 16 12:27:32 UTC 2004

Here <build version> is the contents of /proc/sys/kernel/version (or the output of uname -v) when the matching kernel is running. During LinuxShield startup, if kernel modules are identified as matching the running kernel, symbolic links are created in the directory /lib/modules/`uname -r`/nai. The targets of these links can determine which module files have been loaded.

Creating 2.6 kernel modules

1 Put your source tree into a known clean state to remove any generated files and any non-standard configuration. To do this, run make mrproper from the top-level directory of your kernel source tree:
cd <kernel source directory> make mrproper

2 Configure the kernel source. You need the configuration file that was used to compile your kernel.

22

LinuxShield 1.5.1 Installation Guide

System Requirements
Creating kernel modules

Note

If you are using a vendor-supplied kernel, the /boot directory normally contains a copy of the configuration file, which has a config- prefix or a .config extension.

3 Copy the configuration file to the file .config in the top-level directory of your kernel source tree, and run make oldconfig:
cp <kernel config file> .config make oldconfig

If asked for any configuration items, your configuration file is incomplete, and you need to ask the supplier about the correct answers. 4 Check the version information in the top-level kernel Makefile. In particular, check that EXTRAVERSION is set appropriately. Sometimes the version information is set to a custom value in vendor-supplied source. The definition for KERNELRELEASE when expanded should match the contents of /proc/sys/kernel/osrelease assuming that you are building modules for the kernel that is currently running. The standard definition for KERNELRELEASE is:
KERNELRELEASE=$(VERSION).$(PATCHLEVEL).$(SUBLEVEL)$(EXTRAVERSION)$(EXTRAVERSION)

5 Build the kernel by typing this command:

make bzImage

This step creates generated files that are necessary for module compilation.
You are now ready to build the LinuxShield kernel modules. The Makefile provided to build the LinuxShield modules requires 3.80 or later of GNU Make. Check your version of make by using make --version. If you have version 3.79 or earlier, you need to upgrade.

Note

6 Unpack the source files into an empty directory, and use the kernel build system to build the modules:
cd <LinuxShield source directory> make -C <kernel source dir> SUBDIRS=`pwd` modules

If there are no errors, you have two kernel modules lshook.ko and linuxshield.ko. 7 Copy these modules into your LinuxShield module directory (called /opt/NAI/LinuxShield/lib/modules by default).
The modules in this directory are prefixed with the kernel version for which they were compiled. For example, if /proc/sys/kernel/osrelease contains 2.6.9-xyz, the modules will be named 2.6.9-xyz-lshook.ko and 2.6.9-xyz-linuxshield.ko.

Note

If you have multiple kernels that cannot be distinguished by the contents of

/proc/sys/kernel/osrelease (the same as the output of uname -r), you need to

use the file kernel.version in the same directory. This file can contain multiple lines, each having the form:
<prefix>:<build version>

23

LinuxShield 1.5.1 Installation Guide

System Requirements
Creating kernel modules

Here <prefix> is a unique string that is derived from the kernel version. Given a version of 2.6.nn<extra>, the prefix is 2.6.nn<unique tag><extra>, where the unique tag does not contain :, for example:
2.6.9-ls-xyz:#1 SMP Sun May 16 12:27:32 UTC2004

Here <build version> is the contents of /proc/sys/kernel/version (or the output of uname -v) when the matching kernel is running. During LinuxShield startup, if kernel modules are identified as matching the running kernel, symbolic links are created in the directory /lib/modules/`uname -r`/nai. The targets of these links can determine which module files have been loaded. 8 Rename the modules to have .o extension instead of .ko extension.

24

Installing LinuxShield
Installing, upgrading and removing the software

You can install LinuxShield manually on hosts (see Manual installation on page 25) or you can use a script (see Silent installation on page 28). The following topics are included: Running LinuxShield on page 29. Removing the software on page 30. Integrating with ePolicy Orchestrator on page 31. Related topics Upgrading from previous LinuxShield versions on page 30.

Manual installation
During installation, you are prompted to supply a password and other information. For most of the questions, you can accept the default value that is offered. To set up email notification for alerts if it is required, you need an MTA (Mail Transfer Agent) configured, and the following information: Email address of the LinuxShield administrator. Address for the SMTP host. TCP/IP port number for the SMTP host. To install McAfee Runtime: 1 Download the MFErt.i686.rpm file. 2 At the command prompt, type:
rpm -ivh MFErt.i686.rpm

To install McAfee Agent (MA): 3 Download the MFEcma.i686.rpm file. 4 At the command prompt, type:
rpm -ivh MFEcma.i686.rpm

25

LinuxShield 1.5.1 Installation Guide

Installing LinuxShield
Manual installation

5 Answer the questions when prompted. These include whether installing CMA in managed or unmanaged mode.
For more information on deploying LinuxShield in managed mode, refer the LinuxShield Configuration guide.

Note

6 To confirm that the McAfee agent is running correctly, type:

/etc/init.d/cma status

To install LinuxShield:
Before installing LinuxShield, you must have McAfee Runtime and McAfee Agent already installed on the computer. See Installing McAfee Runtime and Installing McAfee Agent.

Note

7 Download the rpm file. 8 At the command prompt, type:

rpm -ivh LinuxShield-1.5.1-<version>.<arch>.rpm

where <version> is a version number such as 108, and <arch> is i386 for 32-bit platforms and x86-64 for 64-bit platforms. 9 Answer the questions when prompted. Accept the default values, or type your own. 10 When prompted to start the LinuxShield services, select the default option, y. 11 To confirm that the system is running correctly, type:
/etc/init.d/nails status

To install LinuxShield 1.5.1 on Novel Open Enterprise Server 1 or 2 1 Remove LinuxShield (if installed) using the command:
rpm -e LinuxShield

2 From the Novell eDirectory server use iManager and create a user called nails and a group called nailsgroup. 3 Add the user nails a member of the nailsgroup. Enable the user and group using the Linux User Management. 4 Provide nails user with administrative privileges on all the NSS volumes.
rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>
Tip

You need to provide administrative privileges to the nails user, every time a new NSS volume is created.

5 Download the MFErt.i686.rpm and MFEcma.i686.rpm file. 6 Install McAfee Runtime and McAfee Agent using the commands:
rpm -ivh MFErt.i686.rpm rpm -ivh MFEcma.i686.rpm

Answer the questions when prompted. These include the IP address of the ePolicy Orchestrator server, and port number for the agent-to-server connection.

26

LinuxShield 1.5.1 Installation Guide

Installing LinuxShield
Manual installation

7 Install LinuxShield using the command:

rpm -ivh LinuxShield-1.5.1-<version>.<Arch>.rpm

8 Type nailsgroup for the Linux group for LinuxShield administrator. 9 Type nails for the LinuxShield user. 10 Answer the questions when prompted. Accept the default values, or type your own. 11 When prompted to start the LinuxShield services, select the default option, y.

27

LinuxShield 1.5.1 Installation Guide

Installing LinuxShield
Silent installation

Silent installation
Note

Before installing LinuxShield, you must have McAfee Runtime and McAfee Agent already installed on the computer. See Installing McAfee Runtime and Installing McAfee Agent.

1 Create the file nails.options in the root home directory. For example:
SILENT_ACCEPTED_EULA=yes SILENT_INSTALLDIR=/opt/NAI/LinuxShield SILENT_RUNTIMEDIR=/var/opt/NAI/LinuxShield SILENT_ADMIN=admin@example.com SILENT_HTTPHOST=192.168.255.200 SILENT_HTTPPORT=55443 SILENT_MONITORPORT=65443 SILENT_SMTPHOST=example.example.com. SILENT_SMTPPORT=25 SILENT_NAILS_USER=nails SILENT_NAILS_GROUP=nailsgroup SILENT_CREATE_USER=no SILENT_CREATE_GROUP=no SILENT_RUN_WITH_MONITOR=yes SILENT_QUARANTINEDIR=/quarantine SILENT_START_PROCESSES=yes SILENT_CONTINUE_INSTALL_ON_PAM_ERROR=no Use SILENT_CONTINUE_INSTALL_ON_PAM_ERROR only when 32-bit PAM libraries are not present. If you set this flag to yes and continue without Pluggable Authentication Module (PAM) libraries, the installation of LinuxShield monitor component is skipped, and the web interface will not be available. However, you can still manage the LinuxShield host using ePolicy Orchestrator or the web interface of some other LinuxShield host. See information about configuring LinuxShield in the Product Guide.

Note

2 As root, create a user nails as a member of a group nailsgroup.

Before installing LinuxShield, make sure that there is no user as nails and no group as nailsgroupin the computer.

Note

3 At the command prompt, type:

rpm -ivh LinuxShield-1.5.1-<version>.<arch>.rpm

28

LinuxShield 1.5.1 Installation Guide

Installing LinuxShield
Running LinuxShield

where <version> is a version number such as 108, and <arch> is i386 for 32-bit platforms and x86-64 for 64-bit platforms. 4 After performing the installation, use the command passwd to assign a password to the user, nails. To manage several hosts from one browser location, each host must have the same user name and password. To install LinuxShield 1.5.1 on Novel Open Enterprise Server 1 or 2 in Silent Mode: 1 From the Novell eDirectory server use iManager and create a user called nails and a group called nailsgroup. 2 Add the user nails a member of the nailsgroup. Enable the user and group using the Linux User Management. 3 Provide nails user with administrative privileges on all the NSS volumes. 4 In nails.options file, check if the following parameters are:
SILENT_NAILS_USER=nails SILENT_NAILS_GROUP=nailsgroup

5 Follow rest of the steps as mentioned in Silent Installation section.

Running LinuxShield
1 To open the LinuxShield browser interface, use a supported browser:
https://<hostname>:<port number>

where <hostname> is the name of the host on which LinuxShield is installed. By default, the port number is 55443. 2 On the logon page, type the user name, nails and enter the password that you specified during installation. 3 If you see messages caused by the use of certificates, see Handling old certificates.

Handling old certificates

LinuxShield has its own certificate that it adds to the browser the first time that you connect. If you add this certificate permanently, then install a new version of LinuxShield, you might experience an error, stating that the certificate that the site is providing is not correct. This happens because the certificate is different from the one stored in your browser. Every installation creates a specific certificate for the host, and associates the certificate with the IP address or the name that you have provided. If the certificate does not match the stored certificate, the browser displays an error. To fix this, remove the old certificate and accept the new one when prompted. The steps are described for each supported browser. Konqueror 1 Open Konqueror.

29

LinuxShield 1.5.1 Installation Guide

Installing LinuxShield
Removing the software

2 At Settings, select Configure Konqueror. 3 At the new window, click the icon on the left side, called Crypto. 4 On the right pane, click the Peer SSL Certificate tab to display every certificate that you have saved. 5 Select and remove the Network Associates certificate. When you log on again, you are prompted with the new certificate. Mozilla 1 Open Mozilla. 2 Select Edit | Preferences. 3 Expand Privacy & Security. 4 Select Certificate on the left side, and click Manage Certificates from the right pane. 5 On the new window, select the Authority tab and scroll to find Network Associates. 6 Expand this, and find the certificate displaying the IP address of the host or the host name. Select the certificate and delete it. These steps should remove the certificate, and allow you to import the new certificate associated with the host. Internet Explorer Microsoft Internet Explorer does not save the certificate, but it will prompt you to accept the certificate every time that you log on.

Removing the software

1 Remove the software, using:
rpm -e LinuxShield rpm -e MFEcma rpm -e MFErt

2 Reboot the computer to remove the LinuxShield kernel modules.

You do not need to reboot immediately because the LinuxShield kernel modules do not interrupt functioning of any other running service.

Note

Upgrading from previous LinuxShield versions

1 Download the MFErt.i686.rpm and MFEcma.i686.rpm file.
If you have NWA (Non-Windows Agent) installed on this computer, make sure to uninstall NWA before proceeding to the next step.

Note

2 Install McAfee Runtime and McAfee Agent using the commands:

30

LinuxShield 1.5.1 Installation Guide

Installing LinuxShield
Integrating with ePolicy Orchestrator

rpm -ivh MFErt.i686.rpm rpm -ivh MFEcma.i686.rpm

Answer the questions when prompted. These include the IP address of the ePolicy Orchestrator server, and port number for the agent-to-server connection. 3 At the command prompt, type:
rpm -U LinuxShield-1.5.1-<version>.<arch>.rpm

where <version> is a version number such as 108, and <arch> is i386 for 32-bit platforms and x86-64 for 64-bit platforms. 4 To confirm that the system is running, type:
/etc/init.d/nails status

Integrating with ePolicy Orchestrator

ePolicy Orchestrator 3.6 The following NAP files need to be added to the ePolicy Orchestrator repository:
MSA_400LNX.nap McAfee Agent NAP file. LinuxShield151.nap product NAP file. LinuxShield151_reports.nap product event-reporting NAP file.

ePolicy Orchestrator 4.0 The following extensions need to be added to the ePolicy Orchestrator server:
LYNXSHLD1510.ZIP LYNXSHLD1510PARSER.ZIP See the LinuxShield Configuration Guide and ePolicy Orchestrator Product Guide for details.

Note

PLDP Process
PLDP is a Novell Partner Linux Driver process which allows automatic updates of LinuxShield Kernel Hooking modules when kernel updates happens. This process is supported on SLES 9 kernel 2.6.5-7.282 and above.

31

LinuxShield 1.5.1 Installation Guide

Installing LinuxShield
PLDP Process

To enable PLDP on SLES 9:

Partner drivers provided by Novell are signed with a driver build key and is not present by default on SLES9 or NLD. While updating the drivers, integrity check errors may appear. You need to import the driver build key to resolve the integrity check errors. To resolve integrity check errors: Type rpm -qa gpg-pubkey* If the output does not include the line gpg-pubkey-7e2e3b05-44748aba, the driver build key has not been imported. Then use the following Link to create the pgp key on your computer. http://developer.novell.com/wiki/index.php/Adding_Keys

Note

1 Install LinuxShield. 2 Install McAfee-LinuxShield rpm from /opt/NAI/package/LinuxShield directory. When kernel update occurs, the McAfee-LinuxShield rpm automatically upgrades to the latest version available at the download site: http://forgeftp.novell.com/driver-process/pub/update/mcafee/sle9/common/
Install the kernel-update-tool and update to yast2-packagemanager version 2.9.70-0.3 or above.

Note

To enable PLDP on SLE10: 1 Install McAfee-LinuxShield-kmp-<flavour>-1.5.1_2.6.16.21_0.8-0.<arch>.rpm from /opt/NAI/package/LinuxShield.

LinuxShield 1.5.1 supports PLDP on SLE10 and is based on Novell readiness. Novell is currently working on providing PLDP support for LinuxShield 1.5.1 on SLE10.

Note

32