seb2020 1 Posted August 13, 2020 Share Posted August 13, 2020 (edited) Hi, For one of my server, I have an error when installing ESET File Security for linux (7.1.561.0-1). My server is CentOS 7.8 and kernel: Linux 3.10.0-1127.18.2.el7.x86_64 In the server log, I have : kernel: eset_rtp(ertp_register_execve_handlers): Cannot register ftrace hook function for execve kernel: WARNING: CPU: 0 PID: 5180 at kernel/trace/ftrace.c:479 __unregister_ftrace_function+0x17d/0x190 [...] oaeventd[5180]: ESET File Security Error: Syscall init_module returns error: Device or resource busy oaeventd[5180]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs. I have already see this https://help.eset.com/efs/7/en-US/realtime-protection-cannot-start.html What can I do ? I have installed for some other server with no problem Edited August 13, 2020 by seb2020 Link to comment Share on other sites More sharing options...
seb2020 1 Posted August 13, 2020 Author Share Posted August 13, 2020 Maybe this error can give an hint ? eset_rtp: module verification failed: signature and/or required key missing - tainting kernel Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,160 Posted August 14, 2020 ESET Moderators Share Posted August 14, 2020 Hello @seb2020, I checked similar cases and there might be some crashes happening causing such issues. Allow creation of core dumps (also enable dumping on unsigned packages) Get the core dump files and log created as described at https://help.eset.com/efs/7/en-US/?collect-logs.html ,upload them to a safe location and send me a private message with download details and a reference to this forum topic, I will have them checked for you. Peter Link to comment Share on other sites More sharing options...
seb2020 1 Posted August 14, 2020 Author Share Posted August 14, 2020 PM sent Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,160 Posted August 14, 2020 ESET Moderators Share Posted August 14, 2020 Hello @seb2020, thank you, I already read it and I'm opening a ticket for the Linux guys to check it. Peter Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,160 Posted August 14, 2020 ESET Moderators Share Posted August 14, 2020 23 hours ago, seb2020 said: eset_rtp: module verification failed: signature and/or required key missing - tainting kernel the "tainting" message – is about loading a proprietary kernel driver (which eset_rtp is) so no need to worry about it. Peter Link to comment Share on other sites More sharing options...
seb2020 1 Posted August 20, 2020 Author Share Posted August 20, 2020 If someone has the same issue, maybe you are using auditbeat from Elastic. You cannot use at the same time ESET and auditbeat From @Peter Randziak : auditbeat sets kernel probe on SyS_exeve what prohibits us to hook on this syscall and scan executed files... Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts