Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: antivirus for sun solaris
Top Forums UNIX for Dummies Questions & Answers antivirus for sun solaris Post 33712 by BSeanD on Thursday 16th of January 2003 05:50:02 AM
Old 01-16-2003
Both sites come up:

Not Found
The requested URL /antivirussSS.html was not found on this server.

Apache/1.3.27 Server at www.solaris4you.dk Port 80


Smilie
 

8 More Discussions You Might Find Interesting

1. Solaris

Sun Solaris Sun Java Desktop

Ok I a n00b, not gunna hide it so here goes - Sun Solaris, V.10 i386 - during the setup, I can choose a screen resolution that looks great with 65k colors and all. However, when all is said and done 4 disks and a reboot later, I get hanious 640x480 @ 256 only. If I choose the Sun Java Desktop... (20 Replies)
Discussion started by: Spooky
20 Replies

2. UNIX for Dummies Questions & Answers

Sun Solaris 10: How do I create a bootup disc? The Sun website confuses me

Hey there, I am starting a Computer Science Foundation year at the end of this month and am trying to get a little bit ahead of the game. I have always wanted to learn Unix and am currently struggling with creating a boot disc to run Solaris (I have chosen to study this) from as opposed to... (0 Replies)
Discussion started by: Jupiter
0 Replies

3. Cybersecurity

Antivirus Programm for Solaris Desktop

Hello, I´m searching a antivirus solution for Solaris Desktop PC´s (Intel). Can anyone tell me more about some producer?? Thanks Volker (6 Replies)
Discussion started by: kingossi
6 Replies

4. Solaris

Sun Fire 280R Sun Solaris CRT/Monitor requirements

I am new to Sun. I brought Sun Fire 280R to practice UNIX. What are the requirements for the monitor/CRT? Will it burn out old non-Sun CRTs? Does it need LCD monitor? Thanks. (3 Replies)
Discussion started by: bramptonmt
3 Replies

5. Solaris

useful links and help resources for Sun's products and Sun's Solaris

Hi all, Those links might help anyone Knowledge base Video tutorials (0 Replies)
Discussion started by: h@foorsa.biz
0 Replies

6. Solaris

Sun Solaris not able to ping Sun Solaris

I have a Sun Blade 2500 with SUN 5.9 OS installed. I can ping other machines(windowsXP/2003) from my SUN machines but not able to ping each other SUN machines which i have newly installed. (7 Replies)
Discussion started by: z_haseeb
7 Replies

7. Solaris

Antivirus for Solaris 8

Hi- I am looking for a best open source antivirus software for solaris other than clamav. We have been using clamav but it doesnot work on old solaris 8 systems..compiling the clamav and installing it on old solaris 8 systems resulted in system crash.Our business don't have any plan for OS upgrade... (3 Replies)
Discussion started by: lakshmanknr
3 Replies

8. Solaris

Patching Procedure in Solaris 10 with sun cluster having Solaris zone

Hi Gurus I am not able to find the patching procedure for solaris 10 ( sol10 u11) to latest patchset with sun cluster having failover zones so that same I should follow. Take an instance, there are sol1 and sol2 nodes and having two failover zones like sozone1-rg and sozone2-rg and currently... (1 Reply)
Discussion started by: nick101
1 Replies

LEARN ABOUT CENTOS

antivirus_selinux

antivirus_selinux(8)					     SELinux Policy antivirus					      antivirus_selinux(8)

NAME

       antivirus_selinux - Security Enhanced Linux Policy for the antivirus processes

DESCRIPTION

       Security-Enhanced Linux secures the antivirus processes via flexible mandatory access control.

       The  antivirus  processes  execute with the antivirus_t SELinux type. You can check if you have these processes running by executing the ps
       command with the -Z qualifier.

       For example:

       ps -eZ | grep antivirus_t

ENTRYPOINTS

       The antivirus_t SELinux type can be entered via the antivirus_exec_t file type.

       The default entrypoint paths for the antivirus_t domain are the following:

       /usr/sbin/amavisd.*,    /usr/sbin/clamd,    /usr/bin/clamscan,	  /usr/bin/clamdscan,	  /usr/bin/freshclam,	  /usr/sbin/clamav-milter,
       /usr/lib/AntiVir/antivir

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy  governs	the  access  confined  processes  have	to files.  SELinux antivirus policy is very flexible allowing users to setup their
       antivirus processes in as secure a method as possible.

       The following process types are defined for antivirus:

       antivirus_t

       Note: semanage permissive -a antivirus_t can be used to make the process type antivirus_t permissive. SELinux does not deny access to  per-
       missive process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux	policy is customizable based on least access required.	antivirus policy is extremely flexible and has several booleans that allow
       you to manipulate the policy and run antivirus with the tightest access possible.

       If you want to allow antivirus programs to read non security files on a system, you must turn  on  the  antivirus_can_scan_system  boolean.
       Disabled by default.

       setsebool -P antivirus_can_scan_system 1

       If  you	want  to  determine  whether  can antivirus programs use JIT compiler, you must turn on the antivirus_use_jit boolean. Disabled by
       default.

       setsebool -P antivirus_use_jit 1

       If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the  authlo-
       gin_nsswitch_use_ldap boolean. Disabled by default.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to allow all daemons to write corefiles to /, you must turn on the daemons_dump_core boolean. Disabled by default.

       setsebool -P daemons_dump_core 1

       If you want to enable cluster mode for daemons, you must turn on the daemons_enable_cluster_mode boolean. Enabled by default.

       setsebool -P daemons_enable_cluster_mode 1

       If you want to allow all daemons to use tcp wrappers, you must turn on the daemons_use_tcp_wrapper boolean. Disabled by default.

       setsebool -P daemons_use_tcp_wrapper 1

       If you want to allow all daemons the ability to read/write terminals, you must turn on the daemons_use_tty boolean. Disabled by default.

       setsebool -P daemons_use_tty 1

       If  you	want  to  deny	any  process  from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load modules, you must turn on  the	domain_kernel_load_modules  boolean.  Disabled	by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default.

       setsebool -P kerberos_enabled 1

       If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.

       setsebool -P nis_enabled 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Enabled by default.

       setsebool -P nscd_use_shm 1

NSSWITCH DOMAIN

       If  you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for the antivirus_t, you must
       turn on the authlogin_nsswitch_use_ldap boolean.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to allow confined applications to run with kerberos for the antivirus_t, you must turn on the kerberos_enabled boolean.

       setsebool -P kerberos_enabled 1

MANAGED FILES

       The SELinux process type antivirus_t can manage files labeled with the following file types.  The paths listed are the  default	paths  for
       these file types.  Note the processes UID still need to have DAC permissions.

       antivirus_db_t

	    /var/clamav(/.*)?
	    /var/amavis(/.*)?
	    /var/lib/clamd.*
	    /var/lib/amavis(/.*)?
	    /var/lib/clamav(/.*)?
	    /var/virusmails(/.*)?
	    /var/opt/f-secure(/.*)?
	    /var/spool/amavisd(/.*)?
	    /var/lib/clamav-unofficial-sigs(/.*)?

       antivirus_home_t

       antivirus_log_t

	    /var/log/clamd.*
	    /var/log/clamav.*
	    /var/log/freshclam.*
	    /var/log/amavisd.log.*
	    /var/log/clamav/freshclam.*

       antivirus_tmp_t

       antivirus_var_run_t

	    /var/run/clamd.*
	    /var/run/clamav.*
	    /var/run/amavis(d)?(/.*)?
	    /var/run/amavis(d)?/clamd.pid
	    /var/run/amavisd-snmp-subagent.pid

       cluster_conf_t

	    /etc/cluster(/.*)?

       cluster_var_lib_t

	    /var/lib/pcsd(/.*)?
	    /var/lib/cluster(/.*)?
	    /var/lib/openais(/.*)?
	    /var/lib/pengine(/.*)?
	    /var/lib/corosync(/.*)?
	    /usr/lib/heartbeat(/.*)?
	    /var/lib/heartbeat(/.*)?
	    /var/lib/pacemaker(/.*)?

       cluster_var_run_t

	    /var/run/crm(/.*)?
	    /var/run/cman_.*
	    /var/run/rsctmp(/.*)?
	    /var/run/aisexec.*
	    /var/run/heartbeat(/.*)?
	    /var/run/cpglockd.pid
	    /var/run/corosync.pid
	    /var/run/rgmanager.pid
	    /var/run/cluster/rgmanager.sk

       root_t

	    /
	    /initrd

       snmpd_var_lib_t

	    /var/agentx(/.*)?
	    /var/net-snmp(/.*)
	    /var/lib/snmp(/.*)?
	    /var/net-snmp(/.*)?
	    /var/lib/net-snmp(/.*)?
	    /var/spool/snmptt(/.*)?
	    /usr/share/snmp/mibs/.index

       systemd_passwd_var_run_t

	    /var/run/systemd/ask-password(/.*)?
	    /var/run/systemd/ask-password-block(/.*)?

FILE CONTEXTS

       SELinux requires files to have an extended attribute to define the file type.

       You can see the context of a file using the -Z option to ls

       Policy  governs the access confined processes have to these files.  SELinux antivirus policy is very flexible allowing users to setup their
       antivirus processes in as secure a method as possible.

       EQUIVALENCE DIRECTORIES

       antivirus policy stores data with multiple different file context types under the /var/lib/clamav directory.  If you would  like  to  store
       the  data  in  a  different  directory you can use the semanage command to create an equivalence mapping.  If you wanted to store this data
       under the /srv dirctory you would execute the following command:

       semanage fcontext -a -e /var/lib/clamav /srv/clamav
       restorecon -R -v /srv/clamav

       antivirus policy stores data with multiple different file context types under the /var/run/amavis(d)? directory.   If  you  would  like	to
       store  the  data  in  a different directory you can use the semanage command to create an equivalence mapping.  If you wanted to store this
       data under the /srv dirctory you would execute the following command:

       semanage fcontext -a -e /var/run/amavis(d)? /srv/amavis(d)?
       restorecon -R -v /srv/amavis(d)?

       STANDARD FILE CONTEXT

       SELinux defines the file context types for the antivirus, if you wanted to store files with these types in a diffent  paths,  you  need	to
       execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.

       semanage fcontext -a -t antivirus_conf_t '/srv/antivirus/content(/.*)?'
       restorecon -R -v /srv/myantivirus_content

       Note: SELinux often uses regular expressions to specify labels that match multiple files.

       The following file types are defined for antivirus:

       antivirus_conf_t

       -  Set  files with the antivirus_conf_t type, if you want to treat the files as antivirus configuration data, usually stored under the /etc
       directory.

       Paths:
	    /etc/amavis(d)?.conf, /etc/amavisd(/.*)?

       antivirus_db_t

       - Set files with the antivirus_db_t type, if you want to treat the files as antivirus database content.

       Paths:
	    /var/clamav(/.*)?,	 /var/amavis(/.*)?,   /var/lib/clamd.*,   /var/lib/amavis(/.*)?,   /var/lib/clamav(/.*)?,   /var/virusmails(/.*)?,
	    /var/opt/f-secure(/.*)?, /var/spool/amavisd(/.*)?, /var/lib/clamav-unofficial-sigs(/.*)?

       antivirus_exec_t

       - Set files with the antivirus_exec_t type, if you want to transition an executable to the antivirus_t domain.

       Paths:
	    /usr/sbin/amavisd.*,    /usr/sbin/clamd,	/usr/bin/clamscan,    /usr/bin/clamdscan,   /usr/bin/freshclam,   /usr/sbin/clamav-milter,
	    /usr/lib/AntiVir/antivir

       antivirus_home_t

       - Set files with the antivirus_home_t type, if you want to store antivirus files in the users home directory.

       antivirus_initrc_exec_t

       - Set files with the antivirus_initrc_exec_t type, if you want to transition an executable to the antivirus_initrc_t domain.

       Paths:
	    /etc/rc.d/init.d/clamd.*, /etc/rc.d/init.d/amavis, /etc/rc.d/init.d/amavisd-snmp

       antivirus_log_t

       - Set files with the antivirus_log_t type, if you want to treat the data as antivirus log data, usually stored under  the  /var/log  direc-
       tory.

       Paths:
	    /var/log/clamd.*, /var/log/clamav.*, /var/log/freshclam.*, /var/log/amavisd.log.*, /var/log/clamav/freshclam.*

       antivirus_tmp_t

       - Set files with the antivirus_tmp_t type, if you want to store antivirus temporary files in the /tmp directories.

       antivirus_unit_file_t

       - Set files with the antivirus_unit_file_t type, if you want to treat the files as antivirus unit content.

       antivirus_var_run_t

       - Set files with the antivirus_var_run_t type, if you want to store the antivirus files under the /run or /var/run directory.

       Paths:
	    /var/run/clamd.*, /var/run/clamav.*, /var/run/amavis(d)?(/.*)?, /var/run/amavis(d)?/clamd.pid, /var/run/amavisd-snmp-subagent.pid

       Note:  File context can be temporarily modified with the chcon command.	If you want to permanently change the file context you need to use
       the semanage fcontext command.  This will modify the SELinux labeling database.	You will need to use restorecon to apply the labels.

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), antivirus(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

antivirus							     14-06-10						      antivirus_selinux(8)
All times are GMT -4. The time now is 04:28 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy