Endpoint Protection

 View Only

  • 1.  SAV Linux with 3.14 kernel Debian Wheezy

    Posted Jul 29, 2014 12:42 AM

    I attempted to follow the instructions here

    http://www.symantec.com/business/support/index?page=content&id=TECH95496

    http://www.symantec.com/business/support/index?page=content&id=TECH132773

     

    After getting the 1.0.14-13 tarball and installing all the headers, it failed to compile becuase it couldn't find version.h. Easy enough. I grabbed the version from the file and modified build.sh to just set the value to the 3.14 kernel I have installed. After that, the build failed with numerous errors in gcc. I'd really like to build this for 3.14 on Wheezy, but it appears that incompatible changes were introduced in the kernel headers. What is the most modern kernel version I should attempt to use when compiling this?

     

    root# ./build.sh --kernel-dir /usr/src/linux-headers-3.14-0.bpo.1-amd64/
Kernel release is not set, build the kernel modules for the current kernel release(3.14-0.bpo.1-amd64)
~/ap-kernelmodule-1.0.14-13/symev ~/ap-kernelmodule-1.0.14-13
rm -f *.o *.ko *.mod.c .*.cmd modules.order Module.symvers* Module.markers Modules.symvers *.ko.unsigned Makefile.xen
rm -rf .tmp_versions* .build-*
~/ap-kernelmodule-1.0.14-13
~/ap-kernelmodule-1.0.14-13/symap ~/ap-kernelmodule-1.0.14-13
rm -f *.o *.ko *.mod.c .*.cmd modules.order Module.symvers* Module.markers Modules.symvers *.ko.unsigned Makefile.xen symap_test
rm -rf ../symev/.tmp_versions* .build-*
~/ap-kernelmodule-1.0.14-13
~/ap-kernelmodule-1.0.14-13/symev ~/ap-kernelmodule-1.0.14-13
make -C /usr/src/linux-headers-3.14-0.bpo.1-amd64/ M=/root/ap-kernelmodule-1.0.14-13/symev MODVERDIR=/root/ap-kernelmodule-1.0.14-13/symev/../symev/.tmp_versions-custom-3.14-0.bpo.1-amd64-x86_64 modules
make[1]: Entering directory `/usr/src/linux-headers-3.14-0.bpo.1-amd64'
  CC [M]  /root/ap-kernelmodule-1.0.14-13/symev/symev.o
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:227:12: error: conflicting types for ‘sys_execve’
/usr/src/linux-headers-3.14-0.bpo.1-common/include/linux/syscalls.h:823:17: note: previous declaration of ‘sys_execve’ was here
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_read_proc_symev’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:431:9: warning: format ‘%d’ expects argument of type ‘int’, but argument 9 has type ‘long unsigned int’ [-Wformat]
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_fs_event’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:763:13: error: incompatible types when assigning to type ‘sym_uid_t’ from type ‘kuid_t’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:764:13: error: incompatible types when assigning to type ‘sym_gid_t’ from type ‘kgid_t’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_fname_event’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:808:19: warning: initialization from incompatible pointer type [enabled by default]
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:828:9: warning: passing argument 1 of ‘putname’ from incompatible pointer type [enabled by default]
/usr/src/linux-headers-3.14-0.bpo.1-common/include/linux/fs.h:2114:13: note: expected ‘struct filename *’ but argument is of type ‘char *’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:839:5: warning: passing argument 1 of ‘putname’ from incompatible pointer type [enabled by default]
/usr/src/linux-headers-3.14-0.bpo.1-common/include/linux/fs.h:2114:13: note: expected ‘struct filename *’ but argument is of type ‘char *’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_init’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2090:5: error: implicit declaration of function ‘create_proc_entry’ [-Werror=implicit-function-declaration]
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2090:9: warning: assignment makes pointer from integer without a cast [enabled by default]
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2094:12: error: dereferencing pointer to incomplete type
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2095:12: error: dereferencing pointer to incomplete type
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2096:12: error: dereferencing pointer to incomplete type
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_fgetfinfo’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2393:38: error: ‘struct file’ has no member named ‘f_vfsmnt’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_fpgetfinfo’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2441:38: error: ‘struct file’ has no member named ‘f_vfsmnt’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_cached_lookup’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2522:9: warning: passing argument 2 of ‘dentry->d_op->d_revalidate’ makes integer from pointer without a cast [enabled by default]
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2522:9: note: expected ‘unsigned int’ but argument is of type ‘struct nameidata *’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_lookup_hash_imp’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2553:9: warning: passing argument 2 of ‘base->d_op->d_hash’ from incompatible pointer type [enabled by default]
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2553:9: note: expected ‘struct qstr *’ but argument is of type ‘struct inode *’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2553:9: error: too many arguments to function ‘base->d_op->d_hash’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2568:9: warning: passing argument 3 of ‘inode->i_op->lookup’ makes integer from pointer without a cast [enabled by default]
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2568:9: note: expected ‘unsigned int’ but argument is of type ‘struct nameidata *’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_lookup_create’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2611:7: error: ‘struct nameidata’ has no member named ‘intent’
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_do_unlink’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:2837:9: error: too few arguments to function ‘vfs_unlink’
/usr/src/linux-headers-3.14-0.bpo.1-common/include/linux/fs.h:1462:12: note: declared here
/root/ap-kernelmodule-1.0.14-13/symev/symev.c: In function ‘symev_evrstimes’:
/root/ap-kernelmodule-1.0.14-13/symev/symev.c:3124:32: error: too few arguments to function ‘notify_change’
/usr/src/linux-headers-3.14-0.bpo.1-common/include/linux/fs.h:2293:12: note: declared here
cc1: some warnings being treated as errors
make[4]: *** [/root/ap-kernelmodule-1.0.14-13/symev/symev.o] Error 1
make[3]: *** [_module_/root/ap-kernelmodule-1.0.14-13/symev] Error 2
make[2]: *** [sub-make] Error 2
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/src/linux-headers-3.14-0.bpo.1-amd64'
make: *** [custom] Error 2
~/ap-kernelmodule-1.0.14-13

Build was stopped due to error.
root#


  • 2.  RE: SAV Linux with 3.14 kernel Debian Wheezy

    Posted Jul 29, 2014 08:17 AM

    The supported kernel list is here:

    http://www.symantec.com/docs/TECH101598



  • 3.  RE: SAV Linux with 3.14 kernel Debian Wheezy

    Posted Aug 08, 2014 12:08 PM

    That doesn't answer my question.

    The first link I posted specifically says " As of SAVFL version 1.0.8, it is possible to compile and install Auto-Protect kernel modules for Linux versions that are not otherwise supported by Symantec." The second link says "...needing to compile the kernel modules for your system to enable AutoProtect for a kernel version that is not supported by the pre-compiled modules." 

    Then there is this post answered by a Symantec employee assisting someone with the 3.5 kernel.

    https://www-secure.symantec.com/connect/forums/cannot-install-sav-linux-1014x-ubuntu-12042-x64-kernel-35x

     

    What is the most modern kernel version I should attempt to use when compiling SAV given the above links from Symantec stating that I can compile this for unsupported kernel versions.



  • 4.  RE: SAV Linux with 3.14 kernel Debian Wheezy

    Posted Aug 12, 2014 09:56 PM

    ever have any luck with this ? Im stuck trying to compile for 3.13.0-32 ... not so much luck i'm affraid.



  • 5.  RE: SAV Linux with 3.14 kernel Debian Wheezy

    Posted Sep 22, 2014 10:58 AM

    Unfortunately, after opening a ticket with support they were unable to help us. Based on their response, we removed the product from our linux installs. We need the features in the newer kernels in order to support our hardware.



  • 6.  RE: SAV Linux with 3.14 kernel Debian Wheezy

    Posted Sep 22, 2014 06:10 PM

    Hi Steve,

    The managed SEP for Linux is out!

    SEP 12.1 RU5 introduced a managed SEP for Linux client in September 2014.  Details can be found in New fixes and features in Symantec Endpoint Protection and Network Access Control 12.1.5 and Symantec Endpoint Protection 12.1.5 for Linux Client Guide. The use of this new, managed SEPFL client is highly recommended over the legacy SAVFL client.

    This article has the kernel support:

    Supported Linux kernels for Symantec Endpoint Protection
    http://www.symantec.com/docs/TECH223240

    Wheezy is not listed, but please try compiling with this new SEPFL build.

    All the best,

    Mick