创建/tools/ 文件夹,并将需要的软件包上传到该目录下
# mkdir -p /tools/ && cd /tools/
# tar -xzvf chang.tar.gz
# cd chang/
1、安装jre
# mkdir -p /usr/java/
# tar -xzvf jre-8u261-linux-x64.tar.gz -C /usr/java/
# chown -R root.root /usr/java/
# cat >> /etc/Symantec.conf << EOF
[Symantec Shared]
BaseDir=/opt/Symantec
JAVA_HOME=/usr/java/jre1.8.0_261/bin
EOF
jre下载地址:https://www.oracle.com/java/technologies/javase-server-jre8-downloads.html
2、复制jce
# apt install unzip
# unzip jce_policy-8.zip -d jce_policy
# cp -av jce_policy/UnlimitedJCEPolicyJDK8/* /usr/java/jre1.8.0_261/lib/security/
jce下载地址:https://www.oracle.com/java/technologies/javase-jce8-downloads.html
3、安装依赖包
# apt-get update
# dpkg --add-architecture i386
# apt-get install libc6:i386 libx11-6:i386 libncurses5:i386 libstdc++6:i386 -y
# apt-get install lib32ncurses5 lib32z1 -y
# apt-get install sharutils -y
# apt-get install ncompress -y
# apt-get install linux-headers-$(uname -r) build-essential -y
4、安装
# unzip SEP-deb.zip
# chmod 777 SEP-deb/install.sh
# SEP-deb/install.sh -i
Starting to install Symantec Endpoint Protection for Linux
Performing pre-check...
dpkg-query: no packages found matching unity
Pre-check succeeded
dpkg-query: no packages found matching unity
Begin installing virus protection component
Selecting previously unselected package sav.
(Reading database ... 144383 files and directories currently installed.)
Preparing to unpack .../SEP-deb/./Repository/sep.deb ...
Performing pre-check...
Pre-check is successful
Unpacking sav (12.1.6867-6400) ...
Setting up sav (12.1.6867-6400) ...
Processing triggers for systemd (237-3ubuntu10.38) ...
Processing triggers for ureadahead (0.100.0-21) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Virus protection component installed successfully
Begin installing Auto-Protect component
Selecting previously unselected package savap.
(Reading database ... 144442 files and directories currently installed.)
Preparing to unpack ..././Repository/sepap-x64.deb ...
Performing pre-check...
Pre-check is successful
Unpacking savap (12.1.6867-6400) ...
Setting up savap (12.1.6867-6400) ...
Processing triggers for systemd (237-3ubuntu10.38) ...
Processing triggers for ureadahead (0.100.0-21) ...
Auto-Protect component installed successfully
Begin installing GUI component
Selecting previously unselected package savui.
(Reading database ... 144465 files and directories currently installed.)
Preparing to unpack .../SEP-deb/./Repository/sepui.deb ...
Performing pre-check...
Pre-check is successful
Unpacking savui (12.1.6867-6400) ...
Setting up savui (12.1.6867-6400) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
GUI component installed successfully
Begin installing LiveUpdate component
Selecting previously unselected package savjlu.
(Reading database ... 144472 files and directories currently installed.)
Preparing to unpack ..././Repository/sepjlu.deb ...
Performing pre-check...
Pre-check is successful
Unpacking savjlu (12.1.6867-6400) ...
Setting up savjlu (12.1.6867-6400) ...
LiveUpdate component installed successfully
Begin installing legacy Auto-Protect component
Legacy Auto-Protect component installed successfully
Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code
Build Auto-Protect kernel modules from source code successfully
Installation completed
=============================================================
Daemon status:
symcfgd [running]
rtvscand [running]
smcd [running]
=============================================================
Drivers loaded:
symap_custom_4_15_0_76_generic_x86_64
symev_custom_4_15_0_76_generic_x86_64
=============================================================
Auto-Protect starting
Protection status:
Definition: Waiting for update.
AP: Malfunctioning
=============================================================
The log files for installation of Symantec Endpoint Protection for Linux are under ~/:
sepfl-install.log
sep-install.log
sepap-install.log
sepap-legacy-install.log
sepui-install.log
sepjlu-install.log
sepfl-kbuild.log
5、让AP变成Enabled状态,需要的三个条件:
(1)symev和symap两个驱动被正确加载到内核里
# lsmod | grep -E "symev|symap"
symap_custom_4_15_0_76_generic_x86_64 49152 28
symev_custom_4_15_0_76_generic_x86_64 90112 2 symap_custom_4_15_0_76_generic_x86_64
(2)当前的SEP已经成功加载了一份病毒定义(无论新旧)
下载地址:
https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sep
例如:
# wget https://definitions.symantec.com/defs/20200813-002-core15unix.sh
# chmod 777 20200813-002-core15unix.sh
# ./20200813-002-core15unix.sh
(3)rtvscand等SEP相关服务已经正常启动
/etc/init.d/symcfgd status
/etc/init.d/rtvscand status
/etc/init.d/smcd status
/etc/init.d/autoprotect status
# 启动服务命令
/etc/init.d/symcfgd start
/etc/init.d/rtvscand start
/etc/init.d/smcd start
/etc/init.d/autoprotect start
# 关闭服务命令
/etc/init.d/autoprotect stop
/etc/init.d/smcd stop
/etc/init.d/rtvscand stop
/etc/init.d/symcfgd stop
6、将服务加入开机自启动
systemctl enable symcfgd
systemctl enable rtvscand
systemctl enable smcd
systemctl enable autoprotect
7、其它命令
# 查看帮助信息
# /opt/Symantec/symantec_antivirus/sav -h
# 查看产品版本
# /opt/Symantec/symantec_antivirus/sav info -p
12.1.6 (12.1 RU6 MP4) build 6867 (12.1.6867.6400)
# 开启自动防护
# /opt/Symantec/symantec_antivirus/sav autoprotect -e
# 关闭自动防护
# /opt/Symantec/symantec_antivirus/sav autoprotect -d
#查看auto-protect是否enable
/opt/Symantec/symantec_antivirus/sav info -a
Enabled
# 查看病毒定义是否升级
# /opt/Symantec/symantec_antivirus/sav info -d
08/13/2020 rev. 2
# 查看扫描信息
# /opt/Symantec/symantec_antivirus/sav info -s
General Status: Done
Manual Scan: Done
每日调度扫描: Never run
# 查看扫描日志
# cat /var/symantec/Logs/AVMan.log
# cat /var/symantec/Logs/AVMan.log
00080000 00080000 00000003 00000002 00000002 0000001e
000000fa 01d6719baf89e92a 01d6719bad937500 01d6719bad937500 00000001 32070D120032,3,2,0,NAS,root,,,,,,,16777216,"Scan s
tarted on all drives and all extensions.",1597341652,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,00000126 01d6719c02f69112 01d6719c0236f000 01d6719c0236f000 00000001 32070D12030C,2,2,0,NAS,root,,,,,,,16777216,"Scan C
omplete: Threats: 0 Scanned: 0 Files/Folders/Drives Omitted: 314541",1597341652,,0,0:0:0:314541,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,0000010f 01d671a600cc8248 01d671a360b39c80 01d671a360b39c80 00000001 32070D123739,5,1,2,NAS,root,EICAR Test String,/too
ls/eicar.com,5,1,1,256,33574980,"",0,,0,,994050048,11101,0,0,0,,,,20200813.002,208156,0,,0,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,0,
# eicar.com 是从 https://www.eicar.org/?page_id=3950 网站上下载的测试病毒,放入Linux中后被拦截。
参考文章:
https://blog.csdn.net/gdlwx/article/details/106709181
https://545c.com/dir/17401394-28826326-bf937e