In this section
•System Requirements
•List of Supported Operating System Versions
•Additional Packages and Components
•Disclaimer
•Supported HTTP Proxy Servers
•Compatibility with Security Subsystems
System Requirements
You can use Dr.Web for UNIX Internet Gateways on a computer that meets the following requirements:
Component
|
Requirement
|
Platform
|
Processors of the following architectures and command systems are supported:
•Intel/AMD: 32-bit (IA-32, x86); 64-bit (x86-64, x64, amd64)
•ARM64
•E2K (Elbrus)
•IBM POWER (ppc64el) |
RAM
|
At least 500 MB of free RAM (1 GB or more is recommended)
|
Free disk space
|
At least 2 GB of free disk space on a volume where the product directories are located
|
Operating system
|
GNU/Linux (based on kernel version 2.6.37 or later, using glibc library 2.13 or later, systemd initialization system ver. 209 or later), FreeBSD. The supported operating system versions are listed below.
The operating system must support the PAM authentication mechanism
|
Other
|
The following valid network connections:
•valid Internet connection to enable updates for virus databases and Dr.Web components;
•when operating in the centralized protection mode, connection to the server on the local network is enough; connection to the Internet is not required |
|
For the correct operation of the component Dr.Web Firewall for Linux, OS kernel must be built with inclusion of the following options:
•CONFIG_NETLINK_DIAG, CONFIG_INET_TCP_DIAG;
•CONFIG_NF_CONNTRACK_IPV4, CONFIG_NF_CONNTRACK_IPV6,
CONFIG_NF_CONNTRACK_EVENTS;
•CONFIG_NETFILTER_NETLINK_QUEUE,
CONFIG_NETFILTER_NETLINK_QUEUE_CT, CONFIG_NETFILTER_XT_MARK.
The set of required options from the specified list can depend on the used OS version kit.
|
To ensure the correct operation Dr.Web for UNIX Internet Gateways, open the following ports:
Purpose
|
Direction
|
Port numbers
|
To receive updates
|
outgoing
|
80
|
To connect to the Dr.Web Cloud service
|
outgoing
|
2075 (including those for UDP),
3010 (TCP),
3020 (TCP),
3030 (TCP),
3040 (TCP)
|
List of Supported Operating System Versions
•GNU/Linux
Platform
|
Supported GNU/Linux versions
|
x86_64
|
•Astra Linux Special Edition 1.5 (with cumulative patch 20201201SE15), 1.6 (with cumulative patch 20200722SE16), 1.7
•Astra Linux Common Edition (Orel) 2.12
•Debian 9, 10
•Fedora 31, 32
•CentOS 7, 8
•Ubuntu 18.04, 20.04, 22.04
•ALT Workstation 9, 10
•ALT Server 9, 10
•ALT 8 SP
•RED OS 7.2 MUROM, RED OS 7.3 MUROM
•GosLinux IC6
•SUSE Linux Enterprise Server 12 SP3
•Red Hat Enterprise Linux 7, 8 |
x86
|
•CentOS 7
•Debian 10
•ALT Workstation 9, 10
•ALT 8 SP |
ARM64
|
•Ubuntu 18.04
•CentOS 7, 8
•ALT Workstation 9, 10
•ALT Server 9, 10
•ALT 8 SP
•Astra Linux Special Edition (Novorossiysk) 4.7 |
E2K
|
•Astra Linux Special Edition (Leningrad) 8.1 (with cumulative patch 8.120200429SE81)
•ALT 8 SP
•Elbrus-D MCST 1.4
•GS CS Elbrus 8.32 TVGI.00311-28 |
ppc64el
|
•CentOS 8;
•Ubuntu 20.04 |
|
In ALT 8 SP, Astra Linux Special Edition (Novorossiysk) 4.11, Elbrus-D MCST 1.4 and GosLinux IC6 mandatory access control is not supported.
|
For other GNU/Linux versions that meet the abovementioned requirements full compatibility with Dr.Web for UNIX Internet Gateways is not guaranteed. If a compatibility issue occurs, contact technical support.
• FreeBSD
Platform
|
Supported FreeBSD versions
|
x86
|
11, 12, 13
|
x86_64
|
11, 12, 13
|
|
For FreeBSD OS, Dr.Web for UNIX Internet Gateways can be installed only from the universal package.
|
Additional Packages and Components
Dr.Web for UNIX Internet Gateways does not require installation of additional packages and OS components (except for the protected server software, see below).
|
For convenient work with Dr.Web for UNIX Internet Gateways in the command line, you can enable command auto-completion in your command shell (if disabled).
If you encounter any problem with installation of additional packages and components, refer to the documentation of your operating system version.
|
Disclaimer
•SpIDer Gate can have conflicts with other firewalls installed in your operating system (such as Shorewall and SuseFirewall2 in the SUSE Linux Enterprise Server OS and FirewallD in the Fedora OS, CentOS, Red Hat Enterprise Linux). The sign of conflict is message about the error of SpIDer Gate with a code x109 or message about the error of Dr.Web Firewall for Linux with a code x102. Methods to resolve a conflict are described in the section “Known Errors” for errors x109 and x102 respectively.
•If the used OS includes the version of NetFilter less than 1.4.15, SpIDer Gate can operate incorrectly. This problem is related to the internal error of NetFilter, and looks like as follows: after disabling SpIDer Gate, the network connections are broken and cannot be re-established. If you face this problem, it is recommended that you upgrade your OS to a version that includes NetFilter 1.4.15 or above. The ways to resolve the problem are described in the section “Known errors”.
Supported HTTP Proxy Servers
For integration with HTTP proxy server, the installed and configured HTTP proxy server Squid 3.0 and newer is required. Squid should be built with the support of ICAP (compiled with the --enable-icap-client option).
In the mode of the internet barrier and transparent proxy, there are no requirements for web servers and HTTP proxy servers.
|
Internet barrier and transparent proxy modes run only on GNU/Linux.
|
Compatibility with Security Subsystems
By default, Dr.Web for UNIX Internet Gateways does not support SELinux. In addition, Dr.Web for UNIX Internet Gateways operates in reduced functionality mode in the GNU/Linux systems that use mandatory access models (for example, in systems supplied with the PARSEC mandatory access subsystem that appends different privilege levels to users and files).
If installation of Dr.Web for UNIX Internet Gateways is required for systems with SELinux (as well as for systems that use mandatory access models). It is necessary to execute additional settings of a security subsystem so that Dr.Web for UNIX Internet Gateways operates in full functionality mode. For details, refer to the section Configuring Security Subsystems.
|