Appendix E. Building Kernel Module for SpIDer Guard

If the operating system does not support the fanotify monitoring interface, SpIDer Guard uses a special loadable module operating in kernel space.

By default, SpIDer Guard is supplied with a completely built loadable kernel module for the CentOS and Red Hat Enterprise Linux OSes, version 5.10 and 6.5, as these systems do not support fanotify. Moreover, you can build a loadable kernel module manually using the source codes supplied in a tar.bz2 archive.

The loadable kernel module, used by SpIDer Guard, is intended for operation with Linux kernels 2.6 and newer.

The archive with source codes is located in the share/drweb-spider-kmod/src subdirectory of the Dr.Web for Linux base directory (by default, /opt/ The archive's name is as follows: drweb-spider-kmod-<version>-<date>.tar.bz2.

The drweb-spider-kmod directory also contains the test script. Run the script to check whether the used OS supports kernel module versions included in the product. If not, a message prompting to manually build the module displays on the screen.

To build the loadable kernel module manually from the source codes, administrative (root) privileges are required. For that purpose, you can use the su command to switch to another user or the sudo command to build the module as a different user.

To build kernel module

1.Unpack the archive with source codes to any directory. For example, the command

# tar -xf drweb-spider-kmod-<version>-<date>.tar.bz2

unpacks the source codes to the created directory. This directory has the archive's name and is created in the same location where the archive resides.

2.Go to the created directory and execute the following command:

# make

If an error occurs during make command execution, resolve the issue (see below) and restart compilation.

3.After successful command execution, enter the following commands:

# make install
# depmod

4.After the kernel module is successfully compiled and registered on the system, perform additional configuration of SpIDer Guard. Set the component to operate with the kernel module by executing the following command:

# drweb-ctl cfset LinuxSpider.Mode LKM

You can also specify AUTO instead of LKM. In the latter case, SpIDer Guard will attempt to use kernel module and the monitoring interface fanotify. For more details, use the following command:

$ man drweb-spider

Possible build errors

While the make command is being executed, errors may occur. If so, check the following:

To ensure successful building of the module, Perl and GCC are required. If they are missing on the system, install them.

On certain OSes, you may need to install the kernel-devel package before starting the procedure.

On certain OSes, the procedure can fail because the path to the directory with source codes was incorrectly defined. If so, specify the make command with the KDIR=/path/to/kernel/source/codes parameter. Typically, the source codes are located in the /usr/src/kernels/<kernel_version> directory. Note that the kernel version returned by the uname -r command can differ from the directory name <kernel_version>!