Configuring Security Systems

Presence of the SELinux enhanced security subsystem in the OS as well as the use of mandatory access control systems, such as PARSEC (as opposed to the classical discretionary model used by UNIX) causes problems in the work of Dr.Web for Linux when its default settings are used. To ensure correct operation of Dr.Web for Linux in this case, it is necessary to make additional changes to the settings of the security subsystem and/or to the settings of Dr.Web for Linux.

This section discusses the settings that ensure correct operation of Dr.Web for Linux in the following cases:

•Configuring SELinux Security Policies.

•Setting up the permissions of the PARSEC mandatory access control system (the Astra Linux OS)

Configuring the permissions of the PARSEC mandatory access control system for Dr.Web for Linux will allow the components of Dr.Web for Linux to bypass the restrictions of the set security policies and to get access to the files that belong to different privilege levels.

Note that even if you have not configured the permissions of the PARSEC mandatory access control system for Dr.Web for Linux, you still will be able to launch file scanning by running the autonomous copy of Dr.Web for Linux graphical interface. For that, execute the command drweb-gui with the parameter --Autonomous. You can also launch the scanning directly from the command line. To do this, use the drweb-ctl command specifying the same parameter (--Autonomous) in the command call. When scanning is launched this way, it is possible to scan only those files that can be accessed with the privileges not exceeding those of the user who launched the scanning.