In this section
•Main File Monitoring Settings
•Switching Between File Monitoring Modes
To configure the GNU/Linux file system monitoring with the SpIDer Guard monitor, specify values for parameters that are in the [LinuxSpider] settings section of the configuration file.
•Enable the monitor by setting the Start value to Yes.
•Specify the mode of operation with the file system monitor in the Mode parameter (it is recommended that you use the Auto value).
•If required, in the ExcludedProc parameter, list the paths to the executable files of trusted applications, i.e. applications whose access to files will not be controlled by the monitor.
•If required, in the ExcludedFilesystem parameter, list the names of file systems (for example, cifs) whose files will not be controlled by the monitor.
•Specify the monitoring scope by indicating the set of protected spaces (every protected space is specified by a separate section [LinuxSpider.Space.<site name>]. For each space, specify the path to the monitoring directory in the Path parameter, and set the Enable value to Yes to add the space to the monitoring scope.
•In the ExcludedPath parameter (for all of the file system combined or for every protected space individually) specify the exclusion scope (the lists of paths to objects monitored and excluded from monitoring). For example, if some paths are controlled by the file server Samba or are the NSS volumes, these paths should be added to the exclusion scope in order to avoid conflicts during the scanning by different monitors.
•Specify the parameters of file scanning and the monitor reaction on detection of various types of threats (if necessary, specify them for every protected space in the monitoring scope individually).
Changing the file monitoring mode
|
The enhanced file monitoring modes with their preliminary block are available only if SpIDer Guard operates in the FANOTIFY mode and the OS kernel is built with the CONFIG_FANOTIFY_ACCESS_PERMISSIONS option enabled.
To switch SpIDer Guard modes, administrative (root) privileges are required. For that purpose, you use the su command to switch the user or the sudo command to run as another user. |
•To switch SpIDer Guard into the FANOTIFY mode, use the command:
$ sudo drweb-ctl cfset LinuxSpider.Mode FANOTIFY |
•To change the monitoring mode, use the command:
$ sudo drweb-ctl cfset LinuxSpider.BlockBeforeScan <mode> |
where <mode> defines the blocking mode:
▫Off—access is not blocked, SpIDer Guard operates in regular (not blocking) monitoring mode;
▫Executables—access to executable files is blocked, SpIDer Guard enhances monitoring of executable files;
▫All—access to all files is blocked, SpIDer Guard monitors files in “paranoid” mode.
•To change the period which defines scan results, that Dr.Web File Checker stores in cash, as up to date, use the command:
$ sudo drweb-ctl cfset FileCheck.RescanInterval <period> |
where the <period> parameter determines the validity period for scan results, stored in the cache. It can have a value from 0s through 1m. If you set an interval smaller than 1 second, there will be no delay and files will be scanned upon any request.
After all settings are adjusted, restart Dr.Web for UNIX File Servers, use the command:
# drweb-ctl reload |
You can also restart the configuration daemon Dr.Web ConfigD, use the command:
# service drweb-configd restart |