创建/tools/ 文件夹,并将需要的软件包上传到该目录下

# mkdir -p /tools/ && cd /tools/

# tar -xzvf chang.tar.gz

# cd chang/

1、安装jre

# mkdir -p /usr/java/

# tar -xzvf jre-8u261-linux-x64.tar.gz -C /usr/java/

# chown -R root.root /usr/java/

# cat >> /etc/Symantec.conf << EOF

[Symantec Shared]

BaseDir=/opt/Symantec

JAVA_HOME=/usr/java/jre1.8.0_261/bin

EOF

jre下载地址:https://www.oracle.com/java/technologies/javase-server-jre8-downloads.html

2、复制jce

# apt install unzip

# unzip jce_policy-8.zip -d jce_policy

# cp -av jce_policy/UnlimitedJCEPolicyJDK8/* /usr/java/jre1.8.0_261/lib/security/

jce下载地址:https://www.oracle.com/java/technologies/javase-jce8-downloads.html

3、安装依赖包

# apt-get update

# dpkg --add-architecture i386

# apt-get install libc6:i386 libx11-6:i386 libncurses5:i386 libstdc++6:i386 -y

# apt-get install lib32ncurses5 lib32z1 -y

# apt-get install sharutils -y

# apt-get install ncompress -y

# apt-get install linux-headers-$(uname -r) build-essential -y

4、安装

# unzip SEP-deb.zip

# chmod 777 SEP-deb/install.sh

# SEP-deb/install.sh -i

Starting to install Symantec Endpoint Protection for Linux

Performing pre-check...

dpkg-query: no packages found matching unity

Pre-check succeeded

dpkg-query: no packages found matching unity

Begin installing virus protection component

Selecting previously unselected package sav.

(Reading database ... 144383 files and directories currently installed.)

Preparing to unpack .../SEP-deb/./Repository/sep.deb ...

Performing pre-check...

Pre-check is successful

Unpacking sav (12.1.6867-6400) ...

Setting up sav (12.1.6867-6400) ...

Processing triggers for systemd (237-3ubuntu10.38) ...

Processing triggers for ureadahead (0.100.0-21) ...

Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Virus protection component installed successfully

Begin installing Auto-Protect component

Selecting previously unselected package savap.

(Reading database ... 144442 files and directories currently installed.)

Preparing to unpack ..././Repository/sepap-x64.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savap (12.1.6867-6400) ...

Setting up savap (12.1.6867-6400) ...

Processing triggers for systemd (237-3ubuntu10.38) ...

Processing triggers for ureadahead (0.100.0-21) ...

Auto-Protect component installed successfully

Begin installing GUI component

Selecting previously unselected package savui.

(Reading database ... 144465 files and directories currently installed.)

Preparing to unpack .../SEP-deb/./Repository/sepui.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savui (12.1.6867-6400) ...

Setting up savui (12.1.6867-6400) ...

Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Processing triggers for mime-support (3.60ubuntu1) ...

GUI component installed successfully

Begin installing LiveUpdate component

Selecting previously unselected package savjlu.

(Reading database ... 144472 files and directories currently installed.)

Preparing to unpack ..././Repository/sepjlu.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savjlu (12.1.6867-6400) ...

Setting up savjlu (12.1.6867-6400) ...

LiveUpdate component installed successfully

Begin installing legacy Auto-Protect component

Legacy Auto-Protect component installed successfully

Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code

Build Auto-Protect kernel modules from source code successfully

Installation completed

=============================================================

Daemon status:

symcfgd [running]

rtvscand [running]

smcd [running]

=============================================================

Drivers loaded:

symap_custom_4_15_0_76_generic_x86_64

symev_custom_4_15_0_76_generic_x86_64

=============================================================

Auto-Protect starting

Protection status:

Definition: Waiting for update.

AP: Malfunctioning

=============================================================

The log files for installation of Symantec Endpoint Protection for Linux are under ~/:

sepfl-install.log

sep-install.log

sepap-install.log

sepap-legacy-install.log

sepui-install.log

sepjlu-install.log

sepfl-kbuild.log

5、让AP变成Enabled状态,需要的三个条件:

(1)symev和symap两个驱动被正确加载到内核里

# lsmod | grep -E "symev|symap"

symap_custom_4_15_0_76_generic_x86_64 49152 28

symev_custom_4_15_0_76_generic_x86_64 90112 2 symap_custom_4_15_0_76_generic_x86_64

(2)当前的SEP已经成功加载了一份病毒定义(无论新旧)

下载地址:

https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sep

例如:

# wget https://definitions.symantec.com/defs/20200813-002-core15unix.sh

# chmod 777 20200813-002-core15unix.sh

# ./20200813-002-core15unix.sh

(3)rtvscand等SEP相关服务已经正常启动

/etc/init.d/symcfgd status

/etc/init.d/rtvscand status

/etc/init.d/smcd status

/etc/init.d/autoprotect status

# 启动服务命令

/etc/init.d/symcfgd start

/etc/init.d/rtvscand start

/etc/init.d/smcd start

/etc/init.d/autoprotect start

# 关闭服务命令

/etc/init.d/autoprotect stop

/etc/init.d/smcd stop

/etc/init.d/rtvscand stop

/etc/init.d/symcfgd stop

6、将服务加入开机自启动

systemctl enable symcfgd

systemctl enable rtvscand

systemctl enable smcd

systemctl enable autoprotect

7、其它命令

# 查看帮助信息

# /opt/Symantec/symantec_antivirus/sav -h

# 查看产品版本

# /opt/Symantec/symantec_antivirus/sav info -p

12.1.6 (12.1 RU6 MP4) build 6867 (12.1.6867.6400)

# 开启自动防护

# /opt/Symantec/symantec_antivirus/sav autoprotect -e

# 关闭自动防护

# /opt/Symantec/symantec_antivirus/sav autoprotect -d

#查看auto-protect是否enable

/opt/Symantec/symantec_antivirus/sav info -a

Enabled

# 查看病毒定义是否升级

# /opt/Symantec/symantec_antivirus/sav info -d

08/13/2020 rev. 2

# 查看扫描信息

# /opt/Symantec/symantec_antivirus/sav info -s

General Status: Done

Manual Scan: Done

每日调度扫描: Never run

# 查看扫描日志

# cat /var/symantec/Logs/AVMan.log

# cat /var/symantec/Logs/AVMan.log

00080000 00080000 00000003 00000002 00000002 0000001e

000000fa 01d6719baf89e92a 01d6719bad937500 01d6719bad937500 00000001 32070D120032,3,2,0,NAS,root,,,,,,,16777216,"Scan s

tarted on all drives and all extensions.",1597341652,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,00000126 01d6719c02f69112 01d6719c0236f000 01d6719c0236f000 00000001 32070D12030C,2,2,0,NAS,root,,,,,,,16777216,"Scan C

omplete: Threats: 0 Scanned: 0 Files/Folders/Drives Omitted: 314541",1597341652,,0,0:0:0:314541,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,0000010f 01d671a600cc8248 01d671a360b39c80 01d671a360b39c80 00000001 32070D123739,5,1,2,NAS,root,EICAR Test String,/too

ls/eicar.com,5,1,1,256,33574980,"",0,,0,,994050048,11101,0,0,0,,,,20200813.002,208156,0,,0,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,0,

# eicar.com 是从 https://www.eicar.org/?page_id=3950 网站上下载的测试病毒,放入Linux中后被拦截。

参考文章:

https://blog.csdn.net/gdlwx/article/details/106709181

https://545c.com/dir/17401394-28826326-bf937e

ubuntu 18.4LTS 安装12.1.6赛门铁克防病毒系统的更多相关文章

  1. Symantec(赛门铁克)非受管检测

    为了查找局域网内没有安装赛门铁克客户端的IP,采用Symantec Endpoint Protect Manager 的非受管检测机制进行网段扫描. 非受管检测机制的原理是:每台电脑开机时都会向同网段 ...

  2. 赛门铁克通配符SSL证书,一张通配型证书实现全站加密

      赛门铁克通配型SSL证书,验证域名所有权和企业信息,属于企业验证(OV) 级SSL证书,最高支持256位加密.申请通配符SSL证书可以保护相同主域名下无限数量的多个子域名(主机).例如,一个通配符 ...

  3. 赛门铁克扩展验证EV SSL证书

      申请EV SSL证书,将接受最严格验证企业域名所有权和企业身份信息,属于最高信任级别扩展验证(EV)的 EV SSL证书,最高达256位自适应加密.Symantec不仅提供先进的SSL加密技术,同 ...

  4. 费用最少的一款赛门铁克SSL证书

    Symantec Secure Site SSL证书,验证域名所有权和企业信息,属于Symantec Class 3企业(OV)验证 级SSL证书,为40位/56位/128/256位自适应加密,目前连 ...

  5. 赛门铁克和DigiCert证书有什么区别?

    在众多国人眼里,赛门铁克Symantec名气更胜于DigiCert证书.但是,我们知道2017年赛门铁克因一系列原因被DigiCert收购,品牌名称也被更新为DigiCert Secure Site. ...

  6. 彭博社:博通正在与赛门铁克洽谈收购事宜(博通能买得起 又能讲故事的 没几个了 为了刺激资本的兴趣 只能瞎搞 就和intel 收购 麦咖啡一样。就像杜蕾斯收购美赞臣一样,也许只是纯粹的商业行为,哪行赚钱干哪行)

    彭博社今日消息,知名芯片制造商 Broadcom 公司正在就收购网络安全公司 Symantec 事宜进行高级会谈,因为 Broadcom 希望寻找半导体业务之外的机会,以实现多元化经营. 据称,在彭博 ...

  7. 数据库服务器的监控 赛门铁克 Veritas i3 APM 查找指定时间段最耗服务器资源的TopSQL

  8. 解决Chrome 70版本以后谷歌不再信任赛门铁克证书问题

    Google 从 2018 年 10 月发布的 Chrome 70 就停止信任赛门铁克的旧证书了,而 Mozilla 也将在 10 月底发布 Firefox 63 时停止信任赛门铁克的旧证书. 导致大 ...

  9. Ubuntu 18.04 安装MySQL

    最近在写东西的时候,需要用到MySQL,在网上查了一下,都说Ubuntu18.04不能安装MySQL5.7.22, 总觉的不可能,所以自己就研究了一下,然后分享给大家 工具/原料   VMware W ...

随机推荐

  1. [bug] CDH报错:cloudera-scm-server dead but pid file exists

    参考 https://blog.csdn.net/levy_cui/article/details/51243335

  2. ruby基础(四)

    ruby基础知识 模块 模块是ruby的特色功能之一.如果说类是事物的实体以及行为,那么模块表现的 就是事物的行为部分,模块和类有以下两点不同: 模块不能拥有实例 模块不能被继承 模块的使用方法 mo ...

  3. linux服务之NTP及chrony时间同步

    博客园 首页 联系 管理   linux服务之NTP及chrony时间同步   一.NTP时间同步 NTP(Network Time Protocol,网络时间协议)是由RFC 1305定义的时间同步 ...

  4. commit信息修改

    场景:向社区提交commit信息,code reviewer给你回复说,请添加TrivialFix并且完善commit信息.好吧,虽然这对代码的运行无关紧要,但是对于日后的代码管理是很有必要的. 解决 ...

  5. Linux进阶之日志管理

    一.何为日志 1.在程序执行时,可以通过标准输出以及错误输出,让我们知道程序的执行情况,而系统不可能将所有程序的输出信息一起显示,要知道后台执行的程序非常之多,如果一起显示,那我们不用操作了,整天只看 ...

  6. 单片机编程时易错总结 20181015 项目:3060-A

    3060-A的调试过程中: 20181015 V1.30 A.遇到问题: RS232与LY3023的通信总是自己停止  主程序依旧执行 此版本进行如下修改: 1.RS232用的串口1关闭DMA传送   ...

  7. JavaScript正则表达式(深度)(Day_14)

    忘不掉的是回忆,继续的是生活,错过的,就当是路过. 简介 正则表达式是用于匹配字符串中字符组合的模式.在 JavaScript中,正则表达式也是对象. 这些模式被用于 RegExp 的 exec 和  ...

  8. 加载动画效果 HTML+ CSS

    加载动画效果 写在前面 在无限的时间的河流里,人生仅仅是微小又微小的波浪.--郭小川 实现效果 实现原理 通过2个伪元素来设置3条颜色边框 通过定位将3个圆弧边框层叠再一起,再通过旋转实现一个圆的效果 ...

  9. Kubernetes认证入门指南

    Kubernetes用来执行安全访问和权限的步骤有3个--认证(Authentication).授权(Authorization)和准入(Admission).在本文中,我们先开始了解认证(Authe ...

  10. Go timer 是如何被调度的?

    hi,大家好,我是 haohongfan. 本篇文章剖析下 Go 定时器的相关内容.定时器不管是业务开发,还是基础架构开发,都是绕不过去的存在,由此可见定时器的重要程度. 我们不管用 NewTimer ...