[Avcheck] Porting avcheck to Solaris
Piotr Klaban
makler@man.torun.pl
Tue, 28 Aug 2001 19:12:59 +0200
Hi,
I have tested avcheck 0.3 + AVP on Solaris8,
and now I try to describe what I have done
to port avcheck to the new system.
During the compilation phase of avcheck
---------------------------------------
The following changes need to be introduced:
a) avcheck compile command need to have the following
libraries linked: -lsocket -lnsl
in order to access networking code.
E.g. in the Makefile:
CC = gcc
CFLAGS = -O2 -Wall
# uncomment -lsocket -lnsl libraries for Solaris
LDFLAGS= -lsocket -lnsl
^^^^^^^^^^^^^^^^^^^^^^^
[...]
avcheck: avcheck.c
$(CC) -o $@ $(CFLAGS) -DVERSION=\"$(VERSION)\" avcheck.c $(LDFLAGS)
^^^^^^^^^^
b) in the substlang.sh script the 'echo -n' command
is prohibitted for the Solaris' native /bin/sh shell.
That should be either:
echo "s|@$1@|\c" >&3
or
/usr/ucb/echo -n "s|@$1@|" >&3
I do not found any reasonable method for implementing it
in the right way (ie. portable, maybe you would use
autoconfigure in the future).
c) in the uchroot.c is the small bug:
--- uchroot.c Mon Aug 13 16:04:23 2001
+++ uchroot.c.new Tue Aug 28 17:06:53 2001
@@ -22,7 +22,7 @@
fprintf(stderr, "%s: ", progname);
va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap);
if (code)
- fprintf(stderr, ": %m");
+ fprintf(stderr, ": %s", strerror(errno));
putc('\n', stderr);
fflush(stderr);
exit(1);
Without this change error message is written as:
uchroot: unable to execute ./kavdaemon: m
instead of e.g.:
uchroot: unable to execute ./kavdaemon: Permission denied
d) I was unable to run the given 'infected' program, because of
for shell loop. I have changed:
destined to"
for i ; do echo " $i" ; done
to:
destined to"
for i in $@
do echo " $i" ; done
Then it works well (after configuration of the e-mails of course).
During the installation/configuration phase:
--------------------------------------------
e) in the README.Postfix file there is a spell mistake.
Instead of
localhost:1025 inet - n - - smtpd -o content_filter=
there should be
localhost:1025 inet n - n - - smtpd -o content_filter=
f) suggestion:
There is a spell mistake in README.Postfix:
avcheck unix - n n - 5 pipe
user=avc argv=/var/spool/av/avcheck
^^
Accoring to the README.AVP avcheck is located in avp not av subdir.
But it would be good to place avcheck, uchroot and infected
(infexted in README.AVP) programs in other directory
than chroot'ed one (/usr/local/sbin or /usr/sbin for example).
If the chroot'ed directory would be compromised, avcheck
and uchroot files can be substitued with the wierd ones.
g) special devices can not be copied with cp -a (-a exists
only for GNU cp) since /dev/* are symbolic links to /devices
directory; however one can use (on Solaris8 only):
cd /var/spool/avp/dev
/usr/sbin/mknod conslog c 21 0
/usr/sbin/mknod console c 0 0
/usr/sbin/mknod null c 13 2
/usr/sbin/mknod syscon c 0 0
/usr/sbin/mknod sysmsg c 60 0
chmod 666 null
chmod 620 conslog console syscon sysmsg
chgrp avp conslog console syscon sysmsg
chgrp sys null
ls -la
crw--w---- 1 root avp 21, 0 Aug 28 15:02 conslog
crw--w---- 1 root avp 0, 0 Aug 28 15:02 console
crw-rw-rw- 1 root sys 13, 2 Aug 28 15:02 null
crw--w---- 1 root avp 0, 0 Aug 28 15:02 syscon
crw--w---- 1 root avp 60, 0 Aug 28 15:03 sysmsg
The syscon and sysmsg special devices are used for kavdaemon
syslog message (one message) that is send even if there
is 'UseSysLog = No' setting in the defUnix.prf file.
h) the kavdaemon is not static file, then there should be
appropriate libraries copied to the /var/spool/avp/usr/lib directory:
mkdir /var/spool/avp/usr/lib
cd /usr/lib
cp ld.so.1 libdl.so.1 libmp.so.2 libsocket.so.1 \
libc.so.1 libm.so.1 libnsl.so.1 /var/spool/avp/usr/lib/
(be careful with such a command - do not override your own library files).
During the running phase:
-------------------------
There is problem with uchroot: the /var/spool/avp filesystem MUST NOT
be mounted as nosuid.
I have switched on the report generation in var/log directory
(chown avpd var/log), but it is not necessary for living.
BTW - in the main.cf file one need to add the 127.0.0.0/8
network to the mynetworks variable (if it is not there by default).
During the update phase:
------------------------
Sparc Solaris' version of AVP need to have two additional files
in the bases/ directory - packers.elb and elf.set. That is during
the AvpUpdate phase that two lines should not be deleted -
do it with two additional lines in AvpUpdate:
285 $OldBase{$AvpKlb.".new"} = 0;
+ 286 $OldBase{'packers.elb'} = 0;
+ 287 $OldBase{'elf.set'} = 0;
288 foreach $f ( keys( %OldBase )) {
There should be perhaps also $OldBase{$AvpSet.".unix"} = 0;
since the author advices to use avp.set.unix instead of avp.set
in AVP configuration.
Additionally, if someone is interrested, I have added
'umask 022' to the AvpUpdate program, and run it from the crontab
as the avpu user, that have access to the /var/spool/avp/bases/
directory and files - running ftp update phase as root is not necessary.
--
Piotr Klaban