Version 11.00 build 79 RTM
This Release Notes document is for F-Secure Linux Security.
This document contains late-breaking information about the product. Please refer to the Administrator’s Guide for more information.
Overview
The Linux Security 11 product is a complete Anti-Virus solution for Linux clients and servers. The product can be installed in full or command line only mode, and the installation can be further configured as a Client or Server Edition, depending on the license key code used. 30-days evaluation period is provided with all features enabled in the Server Edition mode.
Automated, real-time antivirus scanning makes sure that viruses cannot infect your Linux servers or inadvertently be moved on to susceptible Windows hosts. The firewall component makes sure that viruses, hackers and other intruders cannot enter the servers by using network worms. Furthermore, the intrusion prevention functionality keeps crackers from entering and opening backdoors, changing important files – either the system’s or personal, or saving unwanted files on corporate servers.
By integrating with F-Secure’s centralized management systems, Policy Manager or PSB, the product will automatically notify the administrators of any security incidents or virus activity. Administrators can easily change and enforce the security policies via Policy Manager.
What’s New in This Release?
Linux Security 11.00 introduces the following new features since the previous release:
- Supports newest Linux kernels and distributions through the fanotify mechanism (see the Fanotify and Dazuko section below)
- Updated JRE to version 8u66
- Web UI revamped look-and-feel
- Support for French language
The following issues have been fixed in 11.00 since 10.20.358:
- CTS-91147: Uninstaller partially removes the product when the user selects “no” to proceed
- CTS-91251: Document supported Web browsers in the “System Requirements” section
- CTS-91554: “ioprio_set: Operation not permitted” error when updating databases in the OpenVZ environment
- CTS-91756: fvch daemon crashes on syslog() function
- CTS-94005: Uninstalling the command-line-only installation fails to remove AUA
- CTS-94711: Integrity Checking: Install Mode fails to update the baseline if there are scanning errors
- CTS-94118: fsaua-config ignores command-line options in a non-interactive run
- CTS-90865: The AUA connection fails when using HTTP proxy with Transfer-Encoding: chunked
- CTS-83617: The PostgreSQL service fails to start after a log rotation
- CTS-95797: On-access scanning renames files whitelisted by Hydra engine
- CSLP-518: “Unable to lock 42: Resource temporarily unavailable” error during database update
- CSLP-702: Invalid SMTP command syntax on admin notification emailing
- CSLP-733: Alert database should be preserved on product upgrade
- CSLP-756: AUA connects to the server once a minute if ClState variable cannot be read
- CSLP-758: Firewall profile ‘Server’ blocks connection to PSB portal
System Requirements
F-Secure Linux Security should be installed on a computer that meets the following minimum system requirements:
- Processor: Intel i686 compatible CPU
- Memory (command-line only): 512 MB RAM (1024 MB recommended)
- Memory (full install): 1024 MB RAM
- Disk space: At least 3GB recommended
Having a sufficient swap memory is highly recommended.
Required components
- Linux kernel 2.6 or later
- glibc 2.5 or later
- 32-bit compatibility libraries on 64-bit distributions
Supported Linux distributions
The following 32-bit Linux distributions are supported:
- CentOS 6.0-6.7
- Debian 7.0-7.9
- Debian 8.0, 8.1 **
- Oracle Linux 6.6, 6.7 RHCK*
- Red Hat Enterprise Linux 6.0-6.7
- SUSE Linux Enterprise Server 11 SP1, SP3, SP4
- Ubuntu 12.04.(1-5) 14.04.(1-5)
The following 64-bit (AMD64/EM64T) distributions are supported:
- CentOS 6.0-6.7, 7.0-7.1
- Debian 7.0-7.9
- Debian 8.0, 8.1 **
- Oracle Linux 6.6, 6.7 RHCK *
- Oracle Linux 7.1 UEK
- RHEL 6.0-6.7, 7.0-7.1
- SUSE Linux Enterprise Server 11 SP1, SP3, SP4
- SUSE Linux Enterprise Server 12
- Ubuntu 12.04.(1-5), 14.04.(1-5)
*) Red Hat compatible kernel (kernel-2.6.32-573.el6)
**) The on-access scanning is not supported on Debian 8 because the kernel configuration has fanotify disabled by default.
- Pre-installation Requirements
- Instructions how to install required dependencies and to prepare the environment are available in: https://community.f-secure.com/t5/Business/Pre-installation-checklist-for-F/ta-p/76128.
- Supported Web browsers
- The web UI is compatible with the following web browsers:
- Mozilla Firefox 38
- Google Chrome 45
- Internet Explorer 8, 9, 10, and 11
Installation Instructions
IMPORTANT INFORMATION – READ THIS BEFORE INSTALLING
To completely disable parts of the product (for example, the firewall), use the following command-line tool:
- Quick installation instructions
-
- Extract the installation file:tar zxvf fsls-11.00.xx.tar.gz
- Make sure that the installation file is executable:chmod a+x fsls-11.00.xx
- Install the product:
- To install the full version, run the command:./fsls-11.00.xx
- To install the command line only version, run the command:./fsls-11.00.xx –command-line-only
This will start the installation. When the installation is completed, Linux Security 11 is running with default settings.
Run the following command-line tool to configure the product further (change Web UI access, default language, input keycode, and so on):
/opt/f-secure/fsav/fsav-configNote: You may need to reboot your computer after upgrading from a previous Linux Security installation on some Linux distributions. This happens because the dazuko kernel module in previous versions of Linux Security is not compatible with the one in this new version, and unloading the previous version might cause the computer to hang.
Technical Support
To provide feedback or send problem reports, follow instructions on page:
https://www.f-secure.com/en/web/business_global/support
Known Issues
The latest information about known issues is available in: https://community.f-secure.com/t5/Business/F-Secure-Linux-Security-11-00/ta-p/76218.
Fanotify and Dazuko
Modern Linux kernels provide the fanotify facility, which is suitable for on-access malware scanning. Linux Security 11.00 uses this standard facility for Linux kernel versions 3.8 and up. Linux Security 11.00 supports older Linux kernel versions using the Dazuko kernel module. Fanotify and Dazuko function slightly differently. Note the following differences with the on-access scanning:
- With fanotify, do not disable “Scan when opening a file” in the configuration.
- The integrity checking has an option to “monitor” or “protect” baselined files. With fanotify, “monitor” is turned on regardless of the setting.
- “Files and directories excluded from scanning” are actually treated as pathname prefixes by Dazuko. For example, excluding /usr/lib excludes /usr/lib64 as well with Dazuko. With fanotify, it does not.
- Some Linux kernels are not configured to fully support fanotify. The Linux Security 11.00 on-access scanning needs both CONFIG_FANOTIFY and CONFIG_FANOTIFY_ACCESS_PERMISSIONS to be enabled. The supported Linux distributions offer the full fanotify functionality in their official kernels.
Copyrights
For copyright information, refer to the About page in the Web User Interface, or read the files /opt/f-secure/fsav/ABOUT and /var/opt/f-secure/fssp/databases/*/license*.txt
Trademarks
F-Secure and the triangle symbol are wp-signup.phped trademarks of F-Secure Corporation and F-Secure product names and symbols/logos are either trademarks or wp-signup.phped trademarks of F-Secure Corporation.