#---------------------------------------------------------------------------------
# CentOS8にClam AntiVirusを設定してみた。(追記)
#---------------------------------------------------------------------------------
# cat /etc/redhat-release
CentOS Linux release 8.4.2105
# dnf --enablerepo=epel install clamav clamav-scanner-systemd clamav-update
# dnf list|grep clam
clamav.x86_64 0.103.2-1.el8 @epel
clamav-filesystem.noarch 0.103.2-1.el8 @epel
clamav-lib.x86_64 0.103.2-1.el8 @epel
clamav-update.x86_64 0.103.2-1.el8 @epel clamd.x86_64 0.103.2-1.el8 @epel
clamav-data.noarch 0.103.2-1.el8 epel
clamav-devel.x86_64 0.103.2-1.el8 epel
clamav-milter.x86_64 0.103.2-1.el8 epel
clamav-unofficial-sigs.noarch 7.2.4-1.el8 epel
# ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
# vi /etc/clamd.conf
#Example
LogFile /var/log/clamd.scan
LogFileMaxSize 2M
LogTime yes
LogRotate yes
LocalSocket /var/run/clamd.scan/clamd.sock
FixStaleSocket yes
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
User root # user clamscan
LogFile /var/log/clamd.scan
LogFileMaxSize 2M
LogTime yes
LogRotate yes
LocalSocket /var/run/clamd.scan/clamd.sock
FixStaleSocket yes
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
# vi /etc/freshclam.conf
#Example
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log/
LogFileMaxSize 2M
LogTime yes
LogRotate yes
DatabaseOwner root
DatabaseMirror database.clamav.net
NotifyClamd /etc/clamd.d/scan.conf
HTTPProxyServer http://192.168.254.254
HTTPProxyPort 3128
# vi /etc/sysconfig/freshclam
※ FRESHCLAM_DELAYをコメントアウト(自動アップデート設定)
→ファイルが存在しなかったので、スキップ
# freshclam
# systemctl enable clamd@scan
# systemctl start clamd@scan# vi /etc/cron.daily/clamscan.sh
#!/bin/bash
PATH=/usr/bin:/bin
dnf -y update clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd > /dev/null 2>&1
freshclam > /dev/null
CLAMSCANTMP=`mktemp`
clamdscan /boot /dev /etc /home /media /mnt /opt /proc /root /run /srv /sys /tmp /usr /var --remove > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
[ -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
echo "clamdscan normal end" | mail -s "Virus Not Found in `hostname`" root
rm -f $CLAMSCANTMP
# chown root:root /etc/cron.daily/clamscan.sh
# chmod 755 /etc/cron.daily/clamscan.sh
除外ディレクトリの設定
# vi /etc/clamd.d/scan.conf
ExcludePath ^/boot/
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
ExcludePath ^/etc/shadow
ExcludePath ^/etc/shadow-
ExcludePath ^/etc/gshadow
ExcludePath ^/etc/gshadow-
ExcludePath ^/etc/audit/
ExcludePath ^/etc/security/
ExcludePath ^/etc/selinux/targeted/
ExcludePath ^/etc/selinux/semanage.conf
ExcludePath ^/etc/selinux/config
ExcludePath ^/var/log/audit/
SElinux
# setsebool -P antivirus_can_scan_system 1
# setsebool -P antivirus_use_jit 1
# getsebool -a | grep antiv
antivirus_can_scan_system --> on
antivirus_use_jit --> on
※ 膨大にメモリーを消費する(スワップ発生)
# vi /usr/lib/systemd/system/clamd@.service
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target
[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec=420
#IOSchedulingPriority = 7
#CPUSchedulingPolicy = other
#CPUSchedulingPriority = 5
MemoryLimit=512M
CPUQuota=30%
#Nice = 19
[Install]
WantedBy = multi-user.target
#---------------------------------------------------------------------------------
# CentOS7にClam AntiVirusを設定してみた。
#---------------------------------------------------------------------------------
# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
# yum -y install epel-release.noarch
CentOS Linux release 7.5.1804 (Core)
# yum -y install epel-release.noarch
# yum list | grep clam
clamav.x86_64 0.100.0-2.el7 @epel
clamav-data.noarch 0.100.0-2.el7 @epel
clamav-devel.x86_64 0.100.0-2.el7 @epel
clamav-filesystem.noarch 0.100.0-2.el7 @epel
clamav-lib.x86_64 0.100.0-2.el7 @epel
clamav-scanner-systemd.x86_64 0.100.0-2.el7 @epel
clamav-server-systemd.x86_64 0.100.0-2.el7 @epel
clamav-update.x86_64 0.100.0-2.el7 @epel
clamd.x86_64 0.100.0-2.el7 @epel
clamav-data-empty.noarch 0.100.0-2.el7 epel
clamav-milter.x86_64 0.100.0-2.el7 epel
clamav-milter-systemd.x86_64 0.100.0-2.el7 epel
clamav-unofficial-sigs.noarch 3.7.2-1.el7 epel
clamsmtp.x86_64 1.10-12.el7 epel
※すべてepelを確認。
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
=================================================================================
Package アーキテクチャー バージョン リポジトリー 容量
=================================================================================
インストール中:
clamav x86_64 0.100.0-2.el7 epel 639 k
clamav-server-systemd x86_64 0.100.0-2.el7 epel 25 k
clamav-update x86_64 0.100.0-2.el7 epel 99 k
clamd x86_64 0.100.0-2.el7 epel 118 k
clamav-devel x86_64 0.100.0-2.el7 epel 45 k
clamav-scanner-systemd x86_64 0.100.0-2.el7 epel 25 k
依存性関連でのインストールをします:
clamav-data noarch 0.100.0-2.el7 epel 158 M
clamav-filesystem noarch 0.100.0-2.el7 epel 26 k
clamav-lib x86_64 0.100.0-2.el7 epel 755 k
=================================================================================
clamav.x86_64 0.100.0-2.el7 @epel
clamav-data.noarch 0.100.0-2.el7 @epel
clamav-devel.x86_64 0.100.0-2.el7 @epel
clamav-filesystem.noarch 0.100.0-2.el7 @epel
clamav-lib.x86_64 0.100.0-2.el7 @epel
clamav-scanner-systemd.x86_64 0.100.0-2.el7 @epel
clamav-server-systemd.x86_64 0.100.0-2.el7 @epel
clamav-update.x86_64 0.100.0-2.el7 @epel
clamd.x86_64 0.100.0-2.el7 @epel
clamav-data-empty.noarch 0.100.0-2.el7 epel
clamav-milter.x86_64 0.100.0-2.el7 epel
clamav-milter-systemd.x86_64 0.100.0-2.el7 epel
clamav-unofficial-sigs.noarch 3.7.2-1.el7 epel
clamsmtp.x86_64 1.10-12.el7 epel
※すべてepelを確認。
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
=================================================================================
Package アーキテクチャー バージョン リポジトリー 容量
=================================================================================
インストール中:
clamav x86_64 0.100.0-2.el7 epel 639 k
clamav-server-systemd x86_64 0.100.0-2.el7 epel 25 k
clamav-update x86_64 0.100.0-2.el7 epel 99 k
clamd x86_64 0.100.0-2.el7 epel 118 k
clamav-devel x86_64 0.100.0-2.el7 epel 45 k
clamav-scanner-systemd x86_64 0.100.0-2.el7 epel 25 k
依存性関連でのインストールをします:
clamav-data noarch 0.100.0-2.el7 epel 158 M
clamav-filesystem noarch 0.100.0-2.el7 epel 26 k
clamav-lib x86_64 0.100.0-2.el7 epel 755 k
=================================================================================
# ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
# vi /etc/clamd.conf
#Example
LogFile /var/log/clamd.scan
LogFileMaxSize 2M
LogTime yes
LogRotate yes
LocalSocket /var/run/clamd.scan/clamd.sock
FixStaleSocket yes
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
User root
#Example
DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log
LogFileMaxSize 2M
LogTime yes
LogRotate yes
DatabaseOwner root
DatabaseMirror database.clamav.net
NotifyClamd /etc/clamd.d/scan.conf
※ FRESHCLAM_DELAYをコメントアウト(自動アップデート設定)
# freshclam
# systemctl enable clamd@scan
# systemctl start clamd@scan# vi /etc/cron.daily/clamscan.sh
#!/bin/bash
PATH=/usr/bin:/bin
yum -y update clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd > /dev/null 2>&1
freshclam > /dev/null
CLAMSCANTMP=`mktemp`
clamdscan /boot /dev /etc /home /media /mnt /opt /proc /root /run /srv /sys /tmp /usr /var --remove > $CLAMSCANTMP 2>&1
clamdscan /boot /dev /etc /home /media /mnt /opt /proc /root /run /srv /sys /tmp /usr /var --remove > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" root
[ -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \
echo "clamdscan normal end" | mail -s "Virus Not Found in `hostname`" root
rm -f $CLAMSCANTMP
# chown root:root /etc/cron.daily/clamscan.sh
# chmod 755 /etc/cron.daily/clamscan.sh
# chmod 755 /etc/cron.daily/clamscan.sh
除外ディレクトリの設定
# vi /etc/clamd.d/scan.conf
ExcludePath ^/boot/
ExcludePath ^/proc/
ExcludePath ^/sys/
ExcludePath ^/dev/
ExcludePath ^/etc/shadow
ExcludePath ^/etc/shadow-
ExcludePath ^/etc/gshadow
ExcludePath ^/etc/gshadow-
ExcludePath ^/etc/audit/
ExcludePath ^/etc/security/
ExcludePath ^/etc/selinux/targeted/
ExcludePath ^/etc/selinux/semanage.conf
ExcludePath ^/etc/selinux/config
ExcludePath ^/var/log/audit/
ExcludePath ^/dev/
ExcludePath ^/etc/shadow
ExcludePath ^/etc/shadow-
ExcludePath ^/etc/gshadow
ExcludePath ^/etc/gshadow-
ExcludePath ^/etc/audit/
ExcludePath ^/etc/security/
ExcludePath ^/etc/selinux/targeted/
ExcludePath ^/etc/selinux/semanage.conf
ExcludePath ^/etc/selinux/config
ExcludePath ^/var/log/audit/
setsebool -P antivirus_can_scan_system 1
→/usr/lib/tmpfiles.d/clamd.scan.confがインストールされている。
# vi /etc/tmpfiles.d/clamd.conf
#Type Path Mode UID GID Age Argument
echo "d /var/run/clamav 0755 root root -" > /etc/tmpfiles.d/clamd.conf
systemd-tmpfiles --create clamd.conf
systemctl daemon-reload
まだ、0.100.1は、yumで持ってこれない!!(2018/7/13現在) ちゃっと様子見
# freshclam
Fri Jul 13 17:02:26 2018 -> ^Your ClamAV installation is OUTDATED!
Fri Jul 13 17:02:26 2018 -> ^Local version: 0.100.0 Recommended version: 0.100.1
Fri Jul 13 17:02:26 2018 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
# clamd --v
ClamAV 0.100.0/24748/Fri Jul 13 13:55:05 2018
# clamdscan -v /root /tmp /etc /opt /var /usr /home
/root: OK
/tmp: OK
/etc: OK
/opt: OK
/var: OK
/usr: OK
/home: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 1099.922 sec (18 m 19 s)
SElinux
# setsebool -P antivirus_can_scan_system 1
# setsebool -P antivirus_use_jit 1
# getsebool -a | grep antiv
antivirus_can_scan_system --> on
antivirus_use_jit --> on
0 件のコメント:
コメントを投稿