Manually compile Auto-Protect kernel modules for Endpoint Protection for Linux
search cancel

Manually compile Auto-Protect kernel modules for Endpoint Protection for Linux

book

Article ID: 152488

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

NOTE: This article is only for SEP for Linux versions 14.3 MP1 (build 14.3.1169) or older.

You want to know how to manually compile the Auto-Protect kernel module for Symantec Endpoint Protection for Linux (SEPFL), and any additional steps that need to be followed. You may need to do this if you have updated the operating system kernel, or if you want to capture more verbose output after auto-compile fails.

Cause

Cause of issues have been found unless the following order of operations is followed:

  • You should perform the install.
  • Perform the build in this document
  • Then test.

Resolution

Technical Information

This article assumes you already installed the Symantec Endpoint Protection client for Linux and the AutoProtect kernel module failed to enable. This failure may be because the Linux system did not meet the prerequisites for auto-compile to build a custom AutoProtect kernel module, or the compiler returned an error and was unable to enable the AutoProtect kernel module. "Kernel release not specified" is a typical error returned by compilation if the requirements below are not met.

For more information, see Auto-compile for Symantec Endpoint Protection client for Linux.
 

Requirements

You must install gcc and the Linux kernel source for the Linux kernel for which you want to build the AutoProtect kernel modules. The table below contains what packages to install for your distribution in addition to the gcc package.

Distribution Kernel package to install Special build command
CentOS kernel-devel-$(uname -r)
kernel-headers-$(uname -r)
 
Debian linux-headers-$(uname -r)
linux-headers-$(uname -r) build-essential
(See note)
./build.sh --kernel-dir /usr/src/linux-headers-$(uname -r)
Fedora kernel-devel-$(uname -r)
kernel-headers-$(uname -r)
./build.sh --kernel-dir /usr/src/kernels/$(uname -r)
SUSE Linux Enterprise Server (SLES) kernel-$flavor-devel-$version (See note) ./build.sh --kernel-dir /lib/modules/$(uname -r)/build
Open Enterprise Server kernel-source ./build.sh --kernel-dir /lib/modules/$(uname -r)/build
Oracle Unbreakable Enterprise Kernel (UEK) kernel-uek-devel-$(uname -r) ./build.sh --kernel-dir /lib/modules/$(uname -r)/build
RedHat kernel-devel-$(uname -r)
kernel-headers-$(uname -r)
./build.sh --kernel-dir /lib/modules/$(uname -r)/build
Ubuntu 9.10 and earlier linux-source ./build.sh --kernel-dir /lib/modules/$(uname -r)
Ubuntu 10.04 and later linux-headers-$(uname -r) build-essential
​(See note)
./build.sh --kernel-dir /usr/src/linux-headers-$(uname -r)

In the special build command, the string $(uname -r) represents the operating system kernel version that is currently running. When you use $(uname -r) in the build command, the kernel modules you build will be for the kernel that is currently running. If you are trying to build for a different kernel version, you must replace $(uname -r) with the kernel version for which you want to build. You also need to ensure that you have the kernel source installed for the version for which you are trying to build.

The packages listed in the table above will install the latest kernel source available from your repository. If you are not running the latest available kernel in your distribution, you will need to ensure that you download the same kernel source as the kernel you are running, and replace $(uname -r).

Note: Debian does not provide a generic linux-headers package. Instead, you must download the correct architecture type by specifying it when the linux-headers are downloaded. The packages available are (as of Debian 5.0.4):

  • linux-headers-2.6-486
  • linux-headers-2.6-686
  • linux-headers-2.6-686-bigmem
  • linux-headers-2.6-amd64
  • linux-headers-2.6-openvz-686
  • linux-headers-2.6-vserver-686
  • linux-headers-2.6-vserver-686-bigmem
  • linux-headers-2.6-xen-686


Note: Installing linux-source on Ubuntu 10.10 does not appear to install the linux-headers as well. To remedy this, you should also install the correct version of the Linux headers packages (e.g. linux-headers-generic, linux-headers-generic-pae, linux-headers-server, linux-headers-virtual).

Note: to obtain the $flavor and $version of SLES devel package to match currently running kernel, reference the output of "uname -r" command:
 3.0.101-80-default # for example
using this, search package repositories (bold and underline added here for emphasis):
 zypper search -s kernel-default-devel | grep 3.0.101-80
reference search output: 
 v | kernel-default-devel | package | 3.0.101-80.1     | x86_64 | SLES11-SP4-Updates
and install that package (note the devel package version in this example is suffixed by .1):
 sudo zypper install kernel-default-devel-3.0.101-80.1

Note: RedHat Enterprise Linux 8 also requires the elfutils-libelf-devel package.

Building the modules

You must build the AutoProtect kernel modules with root privileges, using a terminal program.

  1. In the same directory as ap-kernelmodule.tar.gz (or src/ap-kernelmodule.tar.bz2 in SEP 12.1 RU5 and newer) uncompress the file:
    tar -xf ap-kernelmodule.tar.gz # For .tar.bz2 extension install bzip2 (sudo yum install bzip2)
     
  2. Change into the uncompressed directory:
    cd ap-kernelmodule
     
  3. Run the build command. If there is a special build command in the table above, use that:
    ./build.sh
    After the build completes, you should see "Build succeeded" If you do not see this please review the output of the build command for any error messages. If the build was successful:
    • For 12.1.5, continue with the remaining steps.
    • For 12.1.6, the build script automatically moves the AutoProtect kernel modules into place and restarts the services. You can use the final step to verify AutoProtect is enabled.
     
  4. Change into the directory with the newly built AutoProtect kernel modules
    cd bin.ira
     
  5. Move the newly built AutoProtect kernel modules into the autoprotect directory:
    mv * /opt/Symantec/autoprotect/
     
  6. Restart the autoprotect and rtvscand services:
    /etc/init.d/autoprotect restart
    /etc/init.d/rtvscand restart
     
  7. Check that AutoProtect is enabled:
    /opt/Symantec/symantec_antivirus/sav info -a