Jump to content

Ubuntu 20.10 and ESET Endpoint Antivirus for Linux version 7.1.9.0


Recommended Posts

So, obviously newer releases are harder to support; I'll let ESET employees work on that.

Here I'm just sharing my findings as a former Canonical employee.

7.1.9.0 is installed on my system running an up-to-date groovy install, running 5.8.0-44-generic...

 

So obviously if I'm writing here it's because something's not working.

 

Turns out with 5.8.0-43-generic I had gotten eset_rtp.ko to load fine. It just needed to be a signed module -- that's actually pretty straightforward:

sudo kmodsign sha512 \          
     /var/lib/shim-signed/mok/MOK.priv \
     /var/lib/shim-signed/mok/MOK.der \
/lib/modules/5.8.0-43-generic/eset/eea/eset_rtp.ko

Systems running EFI Secure Boot (like most modern) need kernel modules to be signed for them to be loaded; lockdown enforces this on Ubuntu. Same for most main Linux distributions, they ship signed kernels, and thus enforce lockdown.

You may wish to start building the kernel modules using dkms instead of the manual process, it will handle signing the modules for you (I know because I implemented that part).

 

Otherwise, it seems like there is another issue, now the kernel module refuses to load correctly:

[ 1263.543351] eset_rtp(ertp_hooks_init): cannot find 64-bit syscall table

I started looking at the module source, but I haven't really done all that much kernel development, so I got tripped up by the removal of kallsyms_lookup_name(), anyway, I suspect any developer at ESET could fix this up pretty easily.

So, eset_rtp does not work here with my current setup, and I don't know how to fix it, but I suspect with this additional information, someone else might.

 

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...