2018年7月13日金曜日

clam AntiVirusを設定してみた。

#---------------------------------------------------------------------------------
# CentOS8にClam AntiVirusを設定してみた。(追記)
#---------------------------------------------------------------------------------
# cat /etc/redhat-release
CentOS Linux release 8.4.2105
# dnf --enablerepo=epel install clamav clamav-scanner-systemd clamav-update
# dnf list|grep clam
clamav.x86_64 0.103.2-1.el8 @epel
clamav-filesystem.noarch 0.103.2-1.el8 @epel
clamav-lib.x86_64 0.103.2-1.el8 @epel
clamav-update.x86_64 0.103.2-1.el8 @epel clamd.x86_64 0.103.2-1.el8 @epel
clamav-data.noarch 0.103.2-1.el8 epel
clamav-devel.x86_64 0.103.2-1.el8 epel
clamav-milter.x86_64 0.103.2-1.el8 epel
clamav-unofficial-sigs.noarch 7.2.4-1.el8 epel

# ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
# vi /etc/clamd.conf
#Example
LogFile /var/log/clamd.scan
LogFileMaxSize 2M
LogTime yes
LogRotate yes
LocalSocket /var/run/clamd.scan/clamd.sock
FixStaleSocket yes
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
User root                                   # user clamscan

# vi /etc/freshclam.conf
#Example
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log/
LogFileMaxSize 2M
LogTime yes
LogRotate yes
DatabaseOwner root
DatabaseMirror database.clamav.net
NotifyClamd /etc/clamd.d/scan.conf

HTTPProxyServer http://192.168.254.254
HTTPProxyPort 3128

# vi /etc/sysconfig/freshclam
※ FRESHCLAM_DELAYをコメントアウト(自動アップデート設定)
→ファイルが存在しなかったので、スキップ

# freshclam

# systemctl enable clamd@scan
# systemctl start clamd@scan

# vi /etc/cron.daily/clamscan.sh
#!/bin/bash
PATH=/usr/bin:/bin
dnf -y update clamav-server clamav-data clamav-update clamav-filesystem clamav  clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd > /dev/null 2>&1
freshclam > /dev/null
CLAMSCANTMP=`mktemp`
clamdscan /boot  /dev  /etc  /home  /media  /mnt  /opt  /proc  /root  /run  /srv  /sys  /tmp  /usr  /var --remove > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
[ -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
echo "clamdscan normal end" | mail -s "Virus Not Found in `hostname`" root
rm -f $CLAMSCANTMP


# chown root:root /etc/cron.daily/clamscan.sh
# chmod 755 /etc/cron.daily/clamscan.sh

除外ディレクトリの設定
# vi /etc/clamd.d/scan.conf
ExcludePath ^/boot/
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
ExcludePath ^/etc/shadow
ExcludePath ^/etc/shadow-
ExcludePath ^/etc/gshadow
ExcludePath ^/etc/gshadow-
ExcludePath ^/etc/audit/
ExcludePath ^/etc/security/
ExcludePath ^/etc/selinux/targeted/
ExcludePath ^/etc/selinux/semanage.conf
ExcludePath ^/etc/selinux/config
ExcludePath ^/var/log/audit/

SElinux
# setsebool -P antivirus_can_scan_system 1
# setsebool -P antivirus_use_jit 1

# getsebool -a | grep antiv
antivirus_can_scan_system --> on
antivirus_use_jit --> on

※ 膨大にメモリーを消費する(スワップ発生)
# vi /usr/lib/systemd/system/clamd@.service
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target

[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec=420
#IOSchedulingPriority = 7
#CPUSchedulingPolicy = other
#CPUSchedulingPriority = 5
MemoryLimit=512M
CPUQuota=30%
#Nice = 19

[Install]
WantedBy = multi-user.target


#---------------------------------------------------------------------------------
# CentOS7にClam AntiVirusを設定してみた。
#---------------------------------------------------------------------------------

# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)

# yum -y install epel-release.noarch
# yum list | grep clam
clamav.x86_64                             0.100.0-2.el7                @epel 
clamav-data.noarch                        0.100.0-2.el7                @epel 
clamav-devel.x86_64                       0.100.0-2.el7                @epel 
clamav-filesystem.noarch                  0.100.0-2.el7                @epel 
clamav-lib.x86_64                         0.100.0-2.el7                @epel 
clamav-scanner-systemd.x86_64             0.100.0-2.el7                @epel 
clamav-server-systemd.x86_64              0.100.0-2.el7                @epel 
clamav-update.x86_64                      0.100.0-2.el7                @epel 
clamd.x86_64                              0.100.0-2.el7                @epel 
clamav-data-empty.noarch                  0.100.0-2.el7                epel   
clamav-milter.x86_64                      0.100.0-2.el7                epel   
clamav-milter-systemd.x86_64              0.100.0-2.el7                epel   
clamav-unofficial-sigs.noarch             3.7.2-1.el7                  epel   
clamsmtp.x86_64                           1.10-12.el7                  epel
※すべてepelを確認。

# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

=================================================================================
Package アーキテクチャー バージョン リポジトリー 容量
=================================================================================
インストール中:
clamav x86_64 0.100.0-2.el7 epel 639 k
clamav-server-systemd x86_64 0.100.0-2.el7 epel 25 k
clamav-update x86_64 0.100.0-2.el7 epel 99 k
clamd x86_64 0.100.0-2.el7 epel 118 k
clamav-devel x86_64 0.100.0-2.el7 epel 45 k
clamav-scanner-systemd x86_64 0.100.0-2.el7 epel 25 k

依存性関連でのインストールをします:
clamav-data noarch 0.100.0-2.el7 epel 158 M
clamav-filesystem noarch 0.100.0-2.el7 epel 26 k
clamav-lib x86_64 0.100.0-2.el7 epel 755 k
=================================================================================

# ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
# vi /etc/clamd.conf
#Example
LogFile /var/log/clamd.scan
LogFileMaxSize 2M
LogTime yes
LogRotate yes
LocalSocket /var/run/clamd.scan/clamd.sock
FixStaleSocket yes
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
User root

# vi /etc/freshclam.conf
#Example
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log
LogFileMaxSize 2M
LogTime yes
LogRotate yes
DatabaseOwner root
DatabaseMirror database.clamav.net
NotifyClamd /etc/clamd.d/scan.conf

# vi /etc/sysconfig/freshclam
※ FRESHCLAM_DELAYをコメントアウト(自動アップデート設定)

# freshclam

# systemctl enable clamd@scan
# systemctl start clamd@scan

# vi /etc/cron.daily/clamscan.sh

#!/bin/bash
PATH=/usr/bin:/bin
yum -y update clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd > /dev/null 2>&1
freshclam > /dev/null
CLAMSCANTMP=`mktemp`
clamdscan /boot  /dev  /etc  /home  /media  /mnt  /opt  /proc  /root  /run  /srv  /sys  /tmp  /usr  /var --remove > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
[ -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
echo "clamdscan normal end" | mail -s "Virus Not Found in `hostname`" root
rm -f $CLAMSCANTMP

# chown root:root /etc/cron.daily/clamscan.sh
# chmod 755 /etc/cron.daily/clamscan.sh

除外ディレクトリの設定
# vi /etc/clamd.d/scan.conf
ExcludePath ^/boot/
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
ExcludePath ^/etc/shadow
ExcludePath ^/etc/shadow-
ExcludePath ^/etc/gshadow
ExcludePath ^/etc/gshadow-
ExcludePath ^/etc/audit/
ExcludePath ^/etc/security/
ExcludePath ^/etc/selinux/targeted/
ExcludePath ^/etc/selinux/semanage.conf
ExcludePath ^/etc/selinux/config
ExcludePath ^/var/log/audit/

setsebool -P antivirus_can_scan_system 1

→/usr/lib/tmpfiles.d/clamd.scan.confがインストールされている。
# vi /etc/tmpfiles.d/clamd.conf
#Type  Path               Mode  UID   GID   Age  Argument
D /var/run/clamav 0755 root root -

echo "d /var/run/clamav 0755 root root -" > /etc/tmpfiles.d/clamd.conf
systemd-tmpfiles --create clamd.conf
systemctl daemon-reload


まだ、0.100.1は、yumで持ってこれない!!(2018/7/13現在)  ちゃっと様子見
# freshclam
Fri Jul 13 17:02:26 2018 -> ^Your ClamAV installation is OUTDATED!
Fri Jul 13 17:02:26 2018 -> ^Local version: 0.100.0 Recommended version: 0.100.1
Fri Jul 13 17:02:26 2018 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

# clamd --v
ClamAV 0.100.0/24748/Fri Jul 13 13:55:05 2018

# clamdscan -v /root /tmp /etc /opt /var /usr /home
/root: OK
/tmp: OK
/etc: OK
/opt: OK
/var: OK
/usr: OK
/home: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 1099.922 sec (18 m 19 s)

SElinux
# setsebool -P antivirus_can_scan_system 1
# setsebool -P antivirus_use_jit 1

# getsebool -a | grep antiv
antivirus_can_scan_system --> on
antivirus_use_jit --> on



0 件のコメント:

コメントを投稿

zabbix7 amazon linux2023 インストール postgres15

【postgres】 dnf -y install postgresql15-server postgresql15-server-devel postgresql-setup initdb passwd postgres vi `find / -name pg_hba.con...