创建/tools/ 文件夹,并将需要的软件包上传到该目录下

# mkdir -p /tools/ && cd /tools/

# tar -xzvf chang.tar.gz

# cd chang/

1、安装jre

# mkdir -p /usr/java/

# tar -xzvf jre-8u261-linux-x64.tar.gz -C /usr/java/

# chown -R root.root /usr/java/

# cat >> /etc/Symantec.conf << EOF

[Symantec Shared]

BaseDir=/opt/Symantec

JAVA_HOME=/usr/java/jre1.8.0_261/bin

EOF

jre下载地址:https://www.oracle.com/java/technologies/javase-server-jre8-downloads.html

2、复制jce

# apt install unzip

# unzip jce_policy-8.zip -d jce_policy

# cp -av jce_policy/UnlimitedJCEPolicyJDK8/* /usr/java/jre1.8.0_261/lib/security/

jce下载地址:https://www.oracle.com/java/technologies/javase-jce8-downloads.html

3、安装依赖包

# apt-get update

# dpkg --add-architecture i386

# apt-get install libc6:i386 libx11-6:i386 libncurses5:i386 libstdc++6:i386 -y

# apt-get install lib32ncurses5 lib32z1 -y

# apt-get install sharutils -y

# apt-get install ncompress -y

# apt-get install linux-headers-$(uname -r) build-essential -y

4、安装

# unzip SEP-deb.zip

# chmod 777 SEP-deb/install.sh

# SEP-deb/install.sh -i

Starting to install Symantec Endpoint Protection for Linux

Performing pre-check...

dpkg-query: no packages found matching unity

Pre-check succeeded

dpkg-query: no packages found matching unity

Begin installing virus protection component

Selecting previously unselected package sav.

(Reading database ... 144383 files and directories currently installed.)

Preparing to unpack .../SEP-deb/./Repository/sep.deb ...

Performing pre-check...

Pre-check is successful

Unpacking sav (12.1.6867-6400) ...

Setting up sav (12.1.6867-6400) ...

Processing triggers for systemd (237-3ubuntu10.38) ...

Processing triggers for ureadahead (0.100.0-21) ...

Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Virus protection component installed successfully

Begin installing Auto-Protect component

Selecting previously unselected package savap.

(Reading database ... 144442 files and directories currently installed.)

Preparing to unpack ..././Repository/sepap-x64.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savap (12.1.6867-6400) ...

Setting up savap (12.1.6867-6400) ...

Processing triggers for systemd (237-3ubuntu10.38) ...

Processing triggers for ureadahead (0.100.0-21) ...

Auto-Protect component installed successfully

Begin installing GUI component

Selecting previously unselected package savui.

(Reading database ... 144465 files and directories currently installed.)

Preparing to unpack .../SEP-deb/./Repository/sepui.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savui (12.1.6867-6400) ...

Setting up savui (12.1.6867-6400) ...

Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

Processing triggers for mime-support (3.60ubuntu1) ...

GUI component installed successfully

Begin installing LiveUpdate component

Selecting previously unselected package savjlu.

(Reading database ... 144472 files and directories currently installed.)

Preparing to unpack ..././Repository/sepjlu.deb ...

Performing pre-check...

Pre-check is successful

Unpacking savjlu (12.1.6867-6400) ...

Setting up savjlu (12.1.6867-6400) ...

LiveUpdate component installed successfully

Begin installing legacy Auto-Protect component

Legacy Auto-Protect component installed successfully

Pre-compiled Auto-Protect kernel modules are not loaded yet, need compile them from source code

Build Auto-Protect kernel modules from source code successfully

Installation completed

=============================================================

Daemon status:

symcfgd [running]

rtvscand [running]

smcd [running]

=============================================================

Drivers loaded:

symap_custom_4_15_0_76_generic_x86_64

symev_custom_4_15_0_76_generic_x86_64

=============================================================

Auto-Protect starting

Protection status:

Definition: Waiting for update.

AP: Malfunctioning

=============================================================

The log files for installation of Symantec Endpoint Protection for Linux are under ~/:

sepfl-install.log

sep-install.log

sepap-install.log

sepap-legacy-install.log

sepui-install.log

sepjlu-install.log

sepfl-kbuild.log

5、让AP变成Enabled状态,需要的三个条件:

(1)symev和symap两个驱动被正确加载到内核里

# lsmod | grep -E "symev|symap"

symap_custom_4_15_0_76_generic_x86_64 49152 28

symev_custom_4_15_0_76_generic_x86_64 90112 2 symap_custom_4_15_0_76_generic_x86_64

(2)当前的SEP已经成功加载了一份病毒定义(无论新旧)

下载地址:

https://www.broadcom.com/support/security-center/definitions/download/detail?gid=sep

例如:

# wget https://definitions.symantec.com/defs/20200813-002-core15unix.sh

# chmod 777 20200813-002-core15unix.sh

# ./20200813-002-core15unix.sh

(3)rtvscand等SEP相关服务已经正常启动

/etc/init.d/symcfgd status

/etc/init.d/rtvscand status

/etc/init.d/smcd status

/etc/init.d/autoprotect status

# 启动服务命令

/etc/init.d/symcfgd start

/etc/init.d/rtvscand start

/etc/init.d/smcd start

/etc/init.d/autoprotect start

# 关闭服务命令

/etc/init.d/autoprotect stop

/etc/init.d/smcd stop

/etc/init.d/rtvscand stop

/etc/init.d/symcfgd stop

6、将服务加入开机自启动

systemctl enable symcfgd

systemctl enable rtvscand

systemctl enable smcd

systemctl enable autoprotect

7、其它命令

# 查看帮助信息

# /opt/Symantec/symantec_antivirus/sav -h

# 查看产品版本

# /opt/Symantec/symantec_antivirus/sav info -p

12.1.6 (12.1 RU6 MP4) build 6867 (12.1.6867.6400)

# 开启自动防护

# /opt/Symantec/symantec_antivirus/sav autoprotect -e

# 关闭自动防护

# /opt/Symantec/symantec_antivirus/sav autoprotect -d

#查看auto-protect是否enable

/opt/Symantec/symantec_antivirus/sav info -a

Enabled

# 查看病毒定义是否升级

# /opt/Symantec/symantec_antivirus/sav info -d

08/13/2020 rev. 2

# 查看扫描信息

# /opt/Symantec/symantec_antivirus/sav info -s

General Status: Done

Manual Scan: Done

每日调度扫描: Never run

# 查看扫描日志

# cat /var/symantec/Logs/AVMan.log

# cat /var/symantec/Logs/AVMan.log

00080000 00080000 00000003 00000002 00000002 0000001e

000000fa 01d6719baf89e92a 01d6719bad937500 01d6719bad937500 00000001 32070D120032,3,2,0,NAS,root,,,,,,,16777216,"Scan s

tarted on all drives and all extensions.",1597341652,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,00000126 01d6719c02f69112 01d6719c0236f000 01d6719c0236f000 00000001 32070D12030C,2,2,0,NAS,root,,,,,,,16777216,"Scan C

omplete: Threats: 0 Scanned: 0 Files/Folders/Drives Omitted: 314541",1597341652,,0,0:0:0:314541,,,,0,,,,,,,,,,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,,0000010f 01d671a600cc8248 01d671a360b39c80 01d671a360b39c80 00000001 32070D123739,5,1,2,NAS,root,EICAR Test String,/too

ls/eicar.com,5,1,1,256,33574980,"",0,,0,,994050048,11101,0,0,0,,,,20200813.002,208156,0,,0,,,,,,,00:50:56:8d:15:dc,12.1.6867.6400,,,,,,,,,,,,,,,,0,,,0,

# eicar.com 是从 https://www.eicar.org/?page_id=3950 网站上下载的测试病毒,放入Linux中后被拦截。

参考文章:

https://blog.csdn.net/gdlwx/article/details/106709181

https://545c.com/dir/17401394-28826326-bf937e

ubuntu 18.4LTS 安装12.1.6赛门铁克防病毒系统的更多相关文章

  1. Symantec(赛门铁克)非受管检测

    为了查找局域网内没有安装赛门铁克客户端的IP,采用Symantec Endpoint Protect Manager 的非受管检测机制进行网段扫描. 非受管检测机制的原理是:每台电脑开机时都会向同网段 ...

  2. 赛门铁克通配符SSL证书,一张通配型证书实现全站加密

      赛门铁克通配型SSL证书,验证域名所有权和企业信息,属于企业验证(OV) 级SSL证书,最高支持256位加密.申请通配符SSL证书可以保护相同主域名下无限数量的多个子域名(主机).例如,一个通配符 ...

  3. 赛门铁克扩展验证EV SSL证书

      申请EV SSL证书,将接受最严格验证企业域名所有权和企业身份信息,属于最高信任级别扩展验证(EV)的 EV SSL证书,最高达256位自适应加密.Symantec不仅提供先进的SSL加密技术,同 ...

  4. 费用最少的一款赛门铁克SSL证书

    Symantec Secure Site SSL证书,验证域名所有权和企业信息,属于Symantec Class 3企业(OV)验证 级SSL证书,为40位/56位/128/256位自适应加密,目前连 ...

  5. 赛门铁克和DigiCert证书有什么区别?

    在众多国人眼里,赛门铁克Symantec名气更胜于DigiCert证书.但是,我们知道2017年赛门铁克因一系列原因被DigiCert收购,品牌名称也被更新为DigiCert Secure Site. ...

  6. 彭博社:博通正在与赛门铁克洽谈收购事宜(博通能买得起 又能讲故事的 没几个了 为了刺激资本的兴趣 只能瞎搞 就和intel 收购 麦咖啡一样。就像杜蕾斯收购美赞臣一样,也许只是纯粹的商业行为,哪行赚钱干哪行)

    彭博社今日消息,知名芯片制造商 Broadcom 公司正在就收购网络安全公司 Symantec 事宜进行高级会谈,因为 Broadcom 希望寻找半导体业务之外的机会,以实现多元化经营. 据称,在彭博 ...

  7. 数据库服务器的监控 赛门铁克 Veritas i3 APM 查找指定时间段最耗服务器资源的TopSQL

  8. 解决Chrome 70版本以后谷歌不再信任赛门铁克证书问题

    Google 从 2018 年 10 月发布的 Chrome 70 就停止信任赛门铁克的旧证书了,而 Mozilla 也将在 10 月底发布 Firefox 63 时停止信任赛门铁克的旧证书. 导致大 ...

  9. Ubuntu 18.04 安装MySQL

    最近在写东西的时候,需要用到MySQL,在网上查了一下,都说Ubuntu18.04不能安装MySQL5.7.22, 总觉的不可能,所以自己就研究了一下,然后分享给大家 工具/原料   VMware W ...

随机推荐

  1. [Java] 数据分析--统计

    二项分布 需求:5个四面体筛子,筛子三面绿色,一面红色,模拟1000000次,统计每次试验红色落地筛子个数的分布 实现:用循环实现5个筛子和1000000次试验,定义函数numRedDown模拟5个筛 ...

  2. [c++] 文件包含

    当一个类用到另一个类时,有两种包含方式,在.h中包含和在.cpp中包含 用到公共类库时,在.h文件中包含(公共类库可视为不变的) 用到项目开发过程中自己或同事写的类时,在.cpp文件中包含(可能根据需 ...

  3. 二、Python流程控制练习题

    一.分支结构-if等 练习题: 练习1:英制单位与公制单位互换 练习2:掷骰子决定做什么 练习3:百分制成绩转等级制 练习4:输入三条边长如果能构成三角形就计算周长和面积 练习5:个人所得税计算器 练 ...

  4. LTC4020

    今天凯哥说他之前有一块电池放电低于20V了 然后接上4020后 会先浮充   涓流充 大约200ma  充过了20V后又是4A了

  5. GPIO模式用法

    浮空,顾名思义就是浮在半空,输入直接与寄存器挂钩: 开漏,输出0的时候 PMOS管导通IO输出Vdd,输出1的时候 NMOS管导通IO输出Vss(Cmos场效应管): 推挽,输出时候电平确定,同样使用 ...

  6. F5 api接口开发实战(一)

    本人从18年下旬,开始从事F5负载均衡的自动化开发工作,主要使用python编程语言,开发的F5功能模块为LTM和GTM. F5开发简介 1.F5管理模式 F5的管理模式主要有4种(不包含snmp), ...

  7. Django settings 描述

    """ Django settings for log_collect_statistics project. Generated by 'django-admin st ...

  8. Go语言的GOPATH详解

    在GOLAND中设置GOPATH: 设置好路径后,并不是直接在这个路径下面写代码文件就行了 GO会识别GOPATH下的src目录,而真正的引用的包名,是src下的目录名,然后才是代码模块名 目录结构如 ...

  9. gasshopper之python电池输出dict结构

    问题:gh 直接用 panel 是无法直接输出字典结构的 故需要用 zip() 函数将字典的keys()  values() 组成一个元组,可以直接输出: 实例: dict = {} for i in ...

  10. Dockerfile构建实践

    Dockerfile构建实践 本文介绍了用于构建有效图像的推荐最佳实践和方法. Docker通过从一个Dockerfile文本文件中读取指令来自动构建映像,该文本文件按顺序包含构建给定映像所需的所有命 ...