Jump to content

Ubuntu 20.10 and ESET Endpoint Antivirus for Linux version 7.1.9.0


cyphermox

Recommended Posts

So, obviously newer releases are harder to support; I'll let ESET employees work on that.

Here I'm just sharing my findings as a former Canonical employee.

7.1.9.0 is installed on my system running an up-to-date groovy install, running 5.8.0-44-generic...

 

So obviously if I'm writing here it's because something's not working.

 

Turns out with 5.8.0-43-generic I had gotten eset_rtp.ko to load fine. It just needed to be a signed module -- that's actually pretty straightforward:

sudo kmodsign sha512 \          
     /var/lib/shim-signed/mok/MOK.priv \
     /var/lib/shim-signed/mok/MOK.der \
/lib/modules/5.8.0-43-generic/eset/eea/eset_rtp.ko

Systems running EFI Secure Boot (like most modern) need kernel modules to be signed for them to be loaded; lockdown enforces this on Ubuntu. Same for most main Linux distributions, they ship signed kernels, and thus enforce lockdown.

You may wish to start building the kernel modules using dkms instead of the manual process, it will handle signing the modules for you (I know because I implemented that part).

 

Otherwise, it seems like there is another issue, now the kernel module refuses to load correctly:

[ 1263.543351] eset_rtp(ertp_hooks_init): cannot find 64-bit syscall table

I started looking at the module source, but I haven't really done all that much kernel development, so I got tripped up by the removal of kallsyms_lookup_name(), anyway, I suspect any developer at ESET could fix this up pretty easily.

So, eset_rtp does not work here with my current setup, and I don't know how to fix it, but I suspect with this additional information, someone else might.

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...