zoukankan      html  css  js  c++  java
  • ubuntu 18.4LTS 安装12.1.6赛门铁克防病毒系统

    创建/tools/ 文件夹,并将需要的软件包上传到该目录下

    # mkdir -p /tools/ && cd /tools/

    # tar -xzvf chang.tar.gz

    # cd chang/


    1、安装jre

    # mkdir -p /usr/java/

    # tar -xzvf jre-8u261-linux-x64.tar.gz -C /usr/java/

    # chown -R root.root /usr/java/

    # cat >> /etc/Symantec.conf << EOF

    [Symantec Shared]

    BaseDir=/opt/Symantec

    JAVA_HOME=/usr/java/jre1.8.0_261/bin

    EOF


    jre下载地址:https://www.oracle.com/java/technologies/javase-server-jre8-downloads.html


    2、复制jce

    # apt install unzip

    # unzip jce_policy-8.zip -d jce_policy

    # cp -av jce_policy/UnlimitedJCEPolicyJDK8/* /usr/java/jre1.8.0_261/lib/security/


    jce下载地址:https://www.oracle.com/java/technologies/javase-jce8-downloads.html


    3、安装依赖包

    # apt-get update

    # dpkg --add-architecture i386

    # apt-get install libc6:i386 libx11-6:i386 libncurses5:i386 libstdc++6:i386 -y

    # apt-get install lib32ncurses5 lib32z1 -y

    # apt-get install sharutils -y

    # apt-get install ncompress -y

    # apt-get install linux-headers-$(uname -r) build-essential -y


    4、安装

    # unzip SEP-deb.zip

    # chmod 777 SEP-deb/install.sh

    # SEP-deb/install.sh -i

    Starting to install Symantec Endpoint Protection for Linux

    Performing pre-check...

    dpkg-query: no packages found matching unity

    Pre-check succeeded

    dpkg-query: no packages found matching unity

    Begin installing virus protection component

    Selecting previously unselected package sav.

    (Reading database ... 144383 files and directories currently installed.)

    Preparing to unpack .../SEP-deb/./Repository/sep.deb ...

    Performing pre-check...

    Pre-check is successful

    Unpacking sav (12.1.6867-6400) ...

    Setting up sav (12.1.6867-6400) ...

    Processing triggers for systemd (237-3ubuntu10.38) ...

    Processing triggers for ureadahead (0.100.0-21) ...

    Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

    Virus protection component installed successfully

    Begin installing Auto-Protect component

    Selecting previously unselected package savap.

    (Reading database ... 144442 files and directories currently installed.)

    Preparing to unpack ..././Repository/sepap-x64.deb ...

    Performing pre-check...

    Pre-check is successful

    Unpacking savap (12.1.6867-6400) ...

    Setting up savap (12.1.6867-6400) ...

    Processing triggers for systemd (237-3ubuntu10.38) ...

    Processing triggers for ureadahead (0.100.0-21) ...

    Auto-Protect component installed successfully

    Begin installing GUI component

    Selecting previously unselected package savui.

    (Reading database ... 144465 files and directories currently installed.)

    Preparing to unpack .../SEP-deb/./Repository/sepui.deb ...

    Performing pre-check...

    Pre-check is successful

    Unpacking savui (12.1.6867-6400) ...

    Setting up savui (12.1.6867-6400) ...

    Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

    Processing triggers for mime-support (3.60ubuntu1) ...

    GUI component installed successfully

    Begin installing LiveUpdate component

    Selecting previously unselected package savjlu.

    (Reading database ... 144472 files and directories currently installed.)

    Preparing to unpack ..././Repository/sepjlu.deb ...

    Performing pre-check...

    Pre-check is successful

    Unpacking savjlu (12.1.6867-6400) ...

    Setting up savjlu (12.1.6867-6400) ...

    LiveUpdate component installed successfully

    Begin installing legacy Auto-Protect component

    Legacy Auto-Protect component installed successfully

    Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code

    Build Auto-Protect kernel modules from source code successfully

    Installation completed

    =============================================================

    Daemon status:

    symcfgd [running]

    rtvscand [running]

    smcd [running]

    =============================================================

    Drivers loaded:

    symap_custom_4_15_0_76_generic_x86_64

    symev_custom_4_15_0_76_generic_x86_64

    =============================================================

    Auto-Protect starting

    Protection status:

    Definition: Waiting for update.

    AP: Malfunctioning

    =============================================================

    The log files for installation of Symantec Endpoint Protection for Linux are under ~/:

    sepfl-install.log

    sep-install.log

    sepap-install.log

    sepap-legacy-install.log

    sepui-install.log

    sepjlu-install.log

    sepfl-kbuild.log


    5、让AP变成Enabled状态,需要的三个条件:

    (1)symev和symap两个驱动被正确加载到内核里

    # lsmod | grep -E "symev|symap"

    symap_custom_4_15_0_76_generic_x86_64 49152 28

    symev_custom_4_15_0_76_generic_x86_64 90112 2 symap_custom_4_15_0_76_generic_x86_64


    (2)当前的SEP已经成功加载了一份病毒定义(无论新旧)

    下载地址:

    https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sep

    例如:

    # wget https://definitions.symantec.com/defs/20200813-002-core15unix.sh

    # chmod 777 20200813-002-core15unix.sh

    # ./20200813-002-core15unix.sh


    (3)rtvscand等SEP相关服务已经正常启动

    /etc/init.d/symcfgd status

    /etc/init.d/rtvscand status

    /etc/init.d/smcd status

    /etc/init.d/autoprotect status


    # 启动服务命令

    /etc/init.d/symcfgd start

    /etc/init.d/rtvscand start

    /etc/init.d/smcd start

    /etc/init.d/autoprotect start


    # 关闭服务命令

    /etc/init.d/autoprotect stop

    /etc/init.d/smcd stop

    /etc/init.d/rtvscand stop

    /etc/init.d/symcfgd stop


    6、将服务加入开机自启动

    systemctl enable symcfgd

    systemctl enable rtvscand

    systemctl enable smcd

    systemctl enable autoprotect


    7、其它命令

    # 查看帮助信息

    # /opt/Symantec/symantec_antivirus/sav -h


    # 查看产品版本

    # /opt/Symantec/symantec_antivirus/sav info -p

    12.1.6 (12.1 RU6 MP4) build 6867 (12.1.6867.6400)


    # 开启自动防护

    # /opt/Symantec/symantec_antivirus/sav autoprotect -e


    # 关闭自动防护

    # /opt/Symantec/symantec_antivirus/sav autoprotect -d


    #查看auto-protect是否enable

    /opt/Symantec/symantec_antivirus/sav info -a

    Enabled


    # 查看病毒定义是否升级

    # /opt/Symantec/symantec_antivirus/sav info -d

    08/13/2020 rev. 2


    # 查看扫描信息

    # /opt/Symantec/symantec_antivirus/sav info -s

    General Status: Done

    Manual Scan: Done

    每日调度扫描: Never run


    # 查看扫描日志

    # cat /var/symantec/Logs/AVMan.log

    # cat /var/symantec/Logs/AVMan.log

    00080000 00080000 00000003 00000002 00000002 0000001e

    000000fa 01d6719baf89e92a 01d6719bad937500 01d6719bad937500 00000001 32070D120032,3,2,0,NAS,root,,,,,,,16777216,"Scan s

    tarted on all drives and all extensions.",1597341652,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,00000126 01d6719c02f69112 01d6719c0236f000 01d6719c0236f000 00000001 32070D12030C,2,2,0,NAS,root,,,,,,,16777216,"Scan C

    omplete: Threats: 0 Scanned: 0 Files/Folders/Drives Omitted: 314541",1597341652,,0,0:0:0:314541,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,0000010f 01d671a600cc8248 01d671a360b39c80 01d671a360b39c80 00000001 32070D123739,5,1,2,NAS,root,EICAR Test String,/too

    ls/eicar.com,5,1,1,256,33574980,"",0,,0,,994050048,11101,0,0,0,,,,20200813.002,208156,0,,0,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,0,

    # eicar.com 是从 https://www.eicar.org/?page_id=3950 网站上下载的测试病毒,放入Linux中后被拦截。



    参考文章:

    https://blog.csdn.net/gdlwx/article/details/106709181

    https://545c.com/dir/17401394-28826326-bf937e











  • 相关阅读:
    ERROR Function not available to this responsibility.Change responsibilities or contact your System Administrator.
    After Upgrade To Release 12.1.3 Users Receive "Function Not Available To This Responsibility" Error While Selecting Sub Menus Under Diagnostics (Doc ID 1200743.1)
    产品设计中先熟练使用铅笔 不要依赖Axure
    12.1.2: How to Modify and Enable The Configurable Home Page Delivered Via 12.1.2 (Doc ID 1061482.1)
    Reverting back to the R12.1.1 and R12.1.3 Homepage Layout
    常见Linux版本
    网口扫盲二:Mac与Phy组成原理的简单分析
    VMware 8安装苹果操作系统Mac OS X 10.7 Lion正式版
    VMware8安装MacOS 10.8
    回顾苹果操作系统Mac OS的发展历史
  • 原文地址:https://www.cnblogs.com/LiuChang-blog/p/14704211.html
Copyright © 2011-2022 走看看