AppArmor/SELinux Support

[galaxysurfer 1]

I want to be able to use Eset Linux version with my firewall intact!  Not all of us drank the Windows Koolaid   Please update Eset NOD32 for Linux to include Firewall support. More people are Leaving Windows behind but want the same or better level of protection.  IF you won't consider it there is no reason to remain a customer when you continue to ignore a growing segment of Linux PC users.  Otherwise there is no differentiation from free offering ClamAV to justify supporting your products. In which case I might as well use the free alternative & save my money.

[Nightowl 202]

I've asked about that months ago , but still no replies , you will be ignored because not that many use the Linux Desktop Version , as it's not a priority for ESET to fix it

For firewall you could just run UFW with ESET , but still ESET is being denied from accessing lot of files by AppArmor , so I don't believe it's really doing it's job.

[Serial.com 2]

Hi Ramos

In contact with the personal Ubuntu developer, I got this solution so that Eset has access to the Ubuntu files through the command line.

I tested only on Ubuntu 19.04 Disk and the error messages that appeared in Eset no longer appear.

See if that helps, since ESET takes a long time to give a return to its users.

Please add these lines to your /etc/apparmor.d/abstractions/base file:

Do not forget to open gedit with root

  /etc/opt/eset/ r,
  /etc/opt/eset/** r,
  /opt/eset/esets/lib/** mr,
 unix, (connect, send, receive) peer = (addr="@2F746D702F65736574732E736F636B00*")

EDITED: unix, (connect, send, receive) peer = (addr = "@ 2F746D702F65736574732E736F636B00 *") should only be replaced with unix, if this is not done error messages appear on apparmor when the machine boots.

Then sudo /etc/init.d/apparmor reload
If that appeared to work fine, then reboot.

Example:

edson@edson-p6540br:~$ sudo su
[sudo] senha para edson:
root@edson-p6540br:/home/edson# gedit
malloc_consolidate(😞 invalid chunk size
Abortado (imagem do núcleo gravada)
root@edson-p6540br:/home/edson# sudo /etc/init.d/apparmor reload
[ ok ] Reloading apparmor configuration (via systemctl): apparmor.service.
root@edson-p6540br:/home/edson#

After that, the only error message that appears is that the disks are not mounted.

E / T: It is being investigated why the snapd's do not allow access to Eset and everything can be seen and accompanied in this link below:

https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1571531

Strong hug and good test!

Edson Santos

 

 

 

Edited February 28, 2019 by Serial.com

[Peter Randziak 1,130]

Thank you for sharing this Edson.

P.R.

[Serial.com 2]

2 hours ago, Peter Randziak said:

Thank you for sharing this Edson.

P.R.

Hi Peter

Now you need to research and troubleshoot these error messages that still continue to appear in the Eset Event Log.

26/02/2019 08:32:48 ESET Daemon Error while updating anti-virus modules: An error occurred while downloading the update files.
26/02/2019 08:32:39 Media control access Unable to unlock removable media (org.freedesktop.udisks2.filesystem-mount)
25/02/2019 15:38:58 ESET Daemon Unable to read from socket: Connection reestablished by same protocol level
02/25/2019 15:28:40 Media control access Unable to unlock removable media (org.freedesktop.udisks2.filesystem-mount)
25/02/2019 15:27:11 ESET Daemon Unable to read from socket: Connection reestablished by the same protocol level
25/02/2019 15:27:11 ESET Daemon Unable to read from socket: Connection reestablished by the same protocol level
02/25/2019 15:27:04 Media control access Unable to unlock removable media (org.freedesktop.udisks2.filesystem-mount)

Thank you

Edson

[Nightowl 202]

I believe even after configuring AppArmor to allow ESET , ESET is still having troubles for some reason , I think it does need to be updated to work with AppArmor , to support it, an AV shouldn't disable a security feature of an Operating System in order for it to work properly, It's crazy to think that you need to shutdown a security layer that protects your system files in order for your Anti-Virus to work properly, I believe ESET should work alongside AppArmor/SELinux.

[Serial.com 2]

1 hour ago, Rami said:

I believe even after configuring AppArmor to allow ESET , ESET is still having troubles for some reason , I think it does need to be updated to work with AppArmor , to support it, an AV shouldn't disable a security feature of an Operating System in order for it to work properly, It's crazy to think that you need to shutdown a security layer that protects your system files in order for your Anti-Virus to work properly, I believe ESET should work alongside AppArmor/SELinux.

Hello Rami

In my understanding, the configurations carried out described by me in the apparmor are only giving access to Eset to free scan the files blocked by it, the other applications will continue being blocked, since the permission was only granted to Eset next to apparmor. Surely the developers of this AV Eset are unwilling to work in accordance with the guidelines imposed by the apparmor.

It is common for two security processes to conflict. Recently I installed one of my machines Kaspersky Endpoint Security 10 for Linux and to my surprise, all the settings were changed without user intervention, making the machine stable and secure. The only problem I encountered in installing this kaspersky AV was that it could not install due to a file left by ESET at the time of uninstallation, making it impossible to install kaspersy, libc6: i386.

Here in the Forum it is difficult to get an answer, depending on what we ask or have doubts, because they push us to the technical support. In technical support the answers are always based on CRTL C and CRTL V with evasive and very cold responses. I'm tired of this and decide to try to send all my doubts and requests for improvement of this Av Eset to the company's CEO, President, Vice President and Board of Directors for who knows, at least let us be heard.

Strong embrace Rami

Serial.com

********************************************

Olá Rami

No meu entendimento, as configurações realizadas descritas por mim no apparmor estão apenas dando acesso ao Eset para liberar varredura aos arquivos bloqueados por ele, os demais aplicativos continuarão sendo bloqueados, uma vez que a permissão foi tão somente concedida ao Eset junto ao apparmor. Com certeza falta boa vontade dos desenvolvedores deste AV Eset para que trabalhe em conformidade com as diretrizes impostas pelo apparmor.

É comum dois processos de segurança entrarem em conflito. Recentemente instalei numa de minhas  maquinas o Kaspersky Endpoint Security 10 for Linux e para minha surpresa, todas as configurações foram alteradas sem intervenção do usuário, tornando a maquina estável e segura. O Único problema que encontrei na instalação deste AV da kaspersky, foi que ele não conseguia instalar devido um arquivo deixado pelo Av ESET no momento da desinstalação, impossibilitando a instalação do kaspersy, sendo o libc6:i386.

Aqui no Fórum é difícil conseguir alguma resposta, dependendo do que a gente pergunte ou tenha duvida, pois nos empurram aos suporte técnico. No suporte técnico as respostas são sempre pautadas em CRTL C e CRTL V com respostas evasivas e com muita frieza. Cansei disso e decide tentar enviar todas as minhas duvidas e solicitações de aprimoramento deste Av Eset junto a OUVIDORIA da empresa, Presidente, Vice presidente e Diretoria para quem sabe, pelo menos a gente seja ouvido.

Forte abraço Rami

Serial.com 

Edited March 3, 2019 by Serial.com

[Nightowl 202]

Thank you @Serial.com Edson , that's why I gave up looking for help or trying to configure it , I am still using it because I have the license but I know it's half functioning but it's okay but I find it crazy that it's still not fixed because most of the Linux distributions use SELinux or AppArmor , so that might be a reason for the low usage of the Linux version. because no one will go ahead and shutdown AppArmor/SELinux unless there is something that forces the choice.