on-access scanner for the server version

[Dublin]

hi, can anybody help me debug this piece of SW:
http://lion.asw.cz/~mensik/avast4guard-2.0.1b.tar.gz

it's on-access scanner for linux/freebsd servers
it requires dazko (www.dazuko.org) and avast4server packages to be installed

[Lisandro]

I'm trying to help...
1. Downloading both (avast and Dazuko). Ok.

2. Installing Dazuko:
su
Password:
./configure

a) Configuration:

Code: [Select]

checking host system type... Linux
checking for make utility... ok (make)
checking for C compiler... ok (cc)
kernel source in /lib/modules/2.6.15-26-386/build... yes
acquiring Linux kernel code configuration... ok
checking if Linux is RSBAC patched... no
checking if devfs is enabled... no
discovered host system... Linux (2.6.15)
checking if security module support is enabled... yes
verifying capabilities are not built-in... ok
locating LSM API header... ok
identifying LSM API... ok
identifying device API... ok
inspecting class type... ok (class)
inspecting suspend function... ok (suspend1)
checking whether __d_path() is exported... yes
disabling ON_CLOSE events (not available for Linux 2.6)
configure: creating Makefile
configure: creating library/Makefile
configure: creating example_c/Makefile

./configure successful

=======================
 Configuration summary
=======================

module events = ON_OPEN ON_EXEC
devfs support = no
rsbac support = no
stacking support = yes
local __d_path() = no
module debug = no
library 1.x compatibility = yes

b) Make command:

make

Code: [Select]

make -C /lib/modules/2.6.15-26-386/build include/linux/version.h include/asm scripts
make[1]: Entrando no diretório `/usr/src/linux-headers-2.6.15-26-386'
  CHK     include/linux/version.h
make[1]: `include/asm' está atualizado.
make[1]: Saindo do diretório `/usr/src/linux-headers-2.6.15-26-386'
make -C /lib/modules/2.6.15-26-386/build SUBDIRS="/home/tech/Download/dazuko-2.2.2" modules
make[1]: Entrando no diretório `/usr/src/linux-headers-2.6.15-26-386'
  CC [M]  /home/tech/Download/dazuko-2.2.2/dazuko_core.o
  CC [M]  /home/tech/Download/dazuko-2.2.2/dazuko_transport.o
  CC [M]  /home/tech/Download/dazuko-2.2.2/dazuko_linux26_lsm.o
  CC [M]  /home/tech/Download/dazuko-2.2.2/dazuko_linux26.o
  LD [M]  /home/tech/Download/dazuko-2.2.2/dazuko.o
  Building modules, stage 2.
  MODPOST
  CC      /home/tech/Download/dazuko-2.2.2/dazuko.mod.o
  LD [M]  /home/tech/Download/dazuko-2.2.2/dazuko.ko
make[1]: Saindo do diretório `/usr/src/linux-headers-2.6.15-26-386'
touch dummy_rule

3. Trying to insert the module I get error...

/sbin/insmod dazuko.ko

Code: [Select]

insmod: error inserting 'dazuko.ko': -1 Invalid parameters
What does "insmod: error inserting './dazuko.ko': -1 Invalid parameters" mean?
This is a general error. Please look in /var/log/messages to see what the real problem is. Usually kernel messages are logged to this file.

I'll go there...

Code: [Select]

Aug  7 22:49:00 localhost kernel: [17180902.360000] dazuko: failed to register
Aug  7 22:55:25 localhost kernel: [17181287.828000] dazuko: failed to register
Aug  7 22:56:09 localhost kernel: [17181331.968000] dazuko: failed to register
Aug  7 22:58:22 localhost kernel: [17181464.724000] dazuko: failed to register
Aug  7 23:00:10 localhost kernel: [17181572.408000] dazuko: failed to register

Seems the times I've tried to add the module to Kernel...
But, and now, what can I do...

Dublin, be patient with me...

[Lisandro]

Dazuko seems to be compatible with avast... But I still do not succeed...
http://www.dazuko.org/applications.shtml

Changing to root (and not su) does not help....

Code: [Select]

root@Delta:~# cd /home/tech/Download/dazuko-2.2.2
root@Delta:/home/tech/Download/dazuko-2.2.2# /sbin/insmod dazuko.ko
insmod: error inserting 'dazuko.ko': -1 Invalid parameters
root@Delta:/home/tech/Download/dazuko-2.2.2#

2.1 What are the known issues with Debian GNU/Linux?

The "dazuko-source" package that is available through apt-get for the current stable release, sarge, is very old (1.2.2). It is recommended that you download the latest stable version from the Dazuko Downloads site.

For Debian unstable and testing, the latest stable version of the "dazuko-source" package is available via apt-get.

John Ogness is the current maintainer for the Debian "dazuko-source" package.

For the current stable release, you can download the latest stable version as a Debian package here:

dazuko-source_2.2.2-1_all.deb

The Debian package requires "module-assistant". This will automatically compile and install Dazuko. Here is the procedure:

# apt-get install module-assistant
# dpkg -i dazuko-source_2.2.2-1_all.deb
# m-a a-i dazuko

This will compile and install the Dazuko kernel module. You can load the module with:

# modprobe dazuko

Following these instructions, the only 'fail' (error) is the last one...

Code: [Select]

FATAL: Error inserting dazuko (/lib/modules/2.6.15-26-386/kernel/dazuko/dazuko.ko): Invalid argument
with the same error on /var/log/messages:

Code: [Select]

Aug  7 23:21:28 localhost kernel: [17182850.928000] dazuko: failed to register
Aug  7 23:24:08 localhost kernel: [17183010.996000] dazuko: failed to register

[Dublin]

I've found that 'capability' module must be loaded after 'dazuko' module.
I think you just need to unload capability, inser Dazuko and then insert capability.

rmmod capability
insmod dazuko.ko
modprobe capability

It may help, I hope

[Dublin]

Here's improved version:
http://lion.asw.cz/~mensik/avast4guard-2.0.1b2.tar.gz

[Lisandro]

Executing:

Code: [Select]

cat /proc/modulesI got:

Code: [Select]

dazuko 60552 0 - Live 0xf8cf5000So, I suppose Dazuko is running...

Now downloading and installing the new deb file for avast guard.

Trouble. Got this while running:

Code: [Select]

./configure --prefix=/usr --with-dazuko=/home/tech/Download/avast/dazuko-2.2.2

Code: [Select]

checking dazukoio.h usability... no
checking dazukoio.h presence... no
checking for dazukoio.h... no
configure: error: required library and/or header file not found, install Dazuko 2.1.0 or higher

[Dublin]

if dazukoio.h file is installed in /usr/include directory and if libdazuko.a file in /usr/lib directory, please skip '--with-dazuko' option!

otherwise if you enable the option, configure script will check for dazukoio.h and library/libdazuko.a files in specified directory. Please, first check that these files are located in /home/tech/Download/avast/dazuko-2.2.2 directory.

[Dublin]

Here's DEMO license file for the daemon valid this month:
http://lion.asw.cz/~mensik/License.dat

[Lisandro]

Please, first check that these files are located in /home/tech/Download/avast/dazuko-2.2.2 directory.

dazukoio.h is on the extracted folder of Dazuko.
libdazuko.a ,,, can't find...

[Lisandro]

dazukoio.h is on the extracted folder of Dazuko.
libdazuko.a ,,, can't find...

Strange... while running:
root@Delta:/home/tech/Download/avast/dazuko-2.2.2# ./configure --prefix=/usr

I've got these errors at the end:
checking dazukoio.h usability... no
checking dazukoio.h presence... no
checking for dazukoio.h... no

But the file is here: /home/tech/Download/avast/dazuko-2.2.2/dazukoio.h

Dublin, can you send these files by email to me?

[Lisandro]

Man... this is difficult...
Try all over again and the same error...

Dublin, isn't a command like
apt-get install dazuko

Or a deb file for it?

[anbu]

i found some rpm files in suse repository

http://ftp.jaist.ac.jp/pub/Linux/SuSE/suse/update/10.1/rpm/src/hbedv-dazuko-2.1.1-3.1.src.rpm

hope this helps

you can convert rpm to deb using alien converter

[Dublin]

Tech,
1) go to dazuko-2.2.2 directory
2) compile Dazuko (run: ./configure ; make )
3) install dazuko.ko kernel module (by running: make install)
4) copy dazukoio.h file into /usr/include directory
5) copy library/libdazuko.a file into /usr/lib directory

6) then go to avast4guard-2.0.1b2 directory
7) run ./configure --prefix=/usr
install avastguard (run: make install )
7) consult avast4guard-2.0.1b2/INSTALL file for postinstallation steps

[Lisandro]

1) go to dazuko-2.2.2 directory

Ok.

2) compile Dazuko (run: ./configure ; make )

Code: [Select]

./configure successful

=======================
 Configuration summary
=======================
[s][/s]
module events = ON_OPEN ON_EXEC
devfs support = no
rsbac support = no
stacking support = yes
local __d_path() = no
module debug = no
library 1.x compatibility = yes

Code: [Select]

make: `dummy_rule' is updated.

3) install dazuko.ko kernel module (by running: make install)

Code: [Select]

mkdir -p /lib/modules/2.6.15-26-386/extra
cp dazuko.ko /lib/modules/2.6.15-26-386/extra
/sbin/depmod -ae

4) copy dazukoio.h file into /usr/include directory

Done.

5) copy library/libdazuko.a file into /usr/lib directory

Dublin, you've forgot (?)

cd example_c
make

Code: [Select]

cd ../library && make
make[1]: Entrando no diretório `/home/tech/Download/avast/dazuko-2.2.2/library'
cc -Wall -O -I.. -c ../dazukoio_core.c -o dazukoio_core.o
cc -Wall -O -I.. -c ../dazukoio_trusted_core.c -o dazukoio_trusted_core.o
cc -Wall -O -I.. -c ../dazuko_transport.c -o dazuko_transport.o
cc -Wall -O -I.. -c ../dazukoio_unix.c -o dazukoio_unix.o
cc -Wall -O -I.. -c ../dazukoio_linux_compat1.c -o dazukoio_linux_compat1.o
ar r libdazuko.a dazukoio_core.o dazukoio_trusted_core.o dazuko_transport.o dazukoio_unix.o dazukoio_linux_compat1.o
ar: criando libdazuko.a
ranlib libdazuko.a
make[1]: Saindo do diretório `/home/tech/Download/avast/dazuko-2.2.2/library'
cc -Wall -O -I.. -L../library -o example example.c -ldazuko
cc -Wall -O -I.. -L../library -pthread -o example_mt example_mt.c -ldazuko

Then you have the file /dazuko-2.2.2/library/libdazuko.a file to copy into /usr/lib directory[

6) then go to avast4guard-2.0.1b2 directory

Ok.

7) run ./configure --prefix=/usr

Shit...

Code: [Select]

checking for dazukoio.h... no
configure: error: required library and/or header file not found, install Dazuko 2.1.0 or higherWhere is dazukoio.h and where do I have to copy it?
It is in two different places:
/home/tech/Download/avast/dazuko-2.2.2
and
/usr/include
Strange?
I've copied it into /usr/lib ... but get nothing... except...

Code: [Select]

checking for dazukoio.h... no
configure: error: required library and/or header file not found, install Dazuko 2.1.0 or higher

install avastguard (run: make install )

Waiting your instructions...

7) consult avast4guard-2.0.1b2/INSTALL file for postinstallation steps

Either...

[Dublin]

I don't really know, what's the cause.
Maybe try to change permissions of dazukoio.h and libdazuko.a files to 0755.
./configure --prefix=/usr works in my box if there's dazukoio.h file in /usr/include directory, but it doesn't if I remove the file.