Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
03-23-2010, 08:18 AM
|
#1
|
|
Member
Registered: Feb 2010
Location: The Netherlands
Distribution: Mint 13 / CENTOS4.6 / RHEL5.x
Posts: 38
Rep: 
|
run clamav on mount of flashdrive
Hello,
I am working on a production system on which it is not advisable to enable on-access scan with use of Dazuko. However, I want to do an automatic scan with clamscan when the flashdrive is mounted. As far as I know, Kudzu is arranging the automount of the flashdrives.
Does somebody have an idea how this can be done best?
The distro I am using is RHEL5u3.
|
|
|
|
|
03-23-2010, 08:26 AM
|
#2
|
|
Senior Member
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279
|
|
|
|
1 members found this post helpful.
|
|
03-24-2010, 09:24 AM
|
#3
|
|
Member
Registered: Feb 2010
Location: The Netherlands
Distribution: Mint 13 / CENTOS4.6 / RHEL5.x
Posts: 38
Original Poster
Rep:
|
Dear Smoker,
I read the document to which your link was pointing and I will try this.
Thank you
|
|
|
|
|
03-25-2010, 07:58 AM
|
#4
|
|
Member
Registered: Feb 2010
Location: The Netherlands
Distribution: Mint 13 / CENTOS4.6 / RHEL5.x
Posts: 38
Original Poster
Rep:
|
I am trying the following rule.
Code:
KERNEL=="sd*1", DRIVER=="usb-storage", RUN+="/usr/local/bin/clamscan /media* > /tmp/clamav.log"
When plugging in the flashdrive, it will get the kernel name sdd1, but I cannot tell if clamscan is executed.
I tried udevtest and it will show:
Code:
main: looking at device '/block/sdd/sdd1' from subsystem 'block'
run_program: '/bin/bash -c '/sbin/lsmod | /bin/grep ^dm_multipath''
run_program: '/bin/bash' (stdout) 'dm_multipath 55257 0 '
run_program: '/bin/bash' returned with status 0
udev_rules_get_name: add symlink 'disk/by-id/usb-Kingston_DataTraveler_2.0_0019E06B58BBA941D2CF029F-part1'
udev_rules_get_name: add symlink 'disk/by-path/pci-0000:00:1d.7-usb-0:7:1.0-scsi-0:0:0:0-part1'
udev_node_mknod: mknod(/dev/.tmp-8-49, 060600, 8, 49) failed: Permission denied
run_program: '/lib/udev/vol_id --export /dev/.tmp-8-49'
run_program: '/lib/udev/vol_id' (stderr) '/dev/.tmp-8-49: error open volume'
run_program: '/lib/udev/vol_id' returned with status 2
udev_rules_get_name: no node name set, will use kernel name 'sdd1'
unlink_secure: chown(/dev/.tmp-8-49, 0, 0) failed: No such file or directory
unlink_secure: chmod(/dev/.tmp-8-49, 0000) failed: No such file or directory
udev_device_event: device '/block/sdd/sdd1' already in database, validate currently present symlinks
udev_node_add: creating device node '/dev/sdd1', major = '8', minor = '49', mode = '0640', uid = '0', gid = '6'
udev_node_add: creating symlink '/dev/disk/by-id/usb-Kingston_DataTraveler_2.0_0019E06B58BBA941D2CF029F-part1' to '../../sdd1'
udev_node_add: creating symlink '/dev/disk/by-path/pci-0000:00:1d.7-usb-0:7:1.0-scsi-0:0:0:0-part1' to '../../sdd1'
udev_node_remove_symlinks: removing symlink '/dev/disk/by-uuid/E0FD-1813'
delete_path: rmdir(/dev/disk/by-uuid) failed: Permission denied
udev_node_remove_symlinks: removing symlink '/dev/disk/by-label/KINGSTON'
delete_path: rmdir(/dev/disk/by-label) failed: Permission denied
main: run: '/usr/local/bin/clamscan /media/* > /tmp/clamav.log 2>&1;/usr/bin/nedit /tmp/clamav.log '
main: run: '/sbin/multipath -v0 8:49'
main: run: 'socket:/org/kernel/udev/monitor'
main: run: '/lib/udev/udev_run_devd'
main: run: 'socket:/org/freedesktop/hal/udev_event'
main: run: '/sbin/pam_console_apply /dev/sdd1 /dev/disk/by-uuid/E0FD-1813 /dev/disk/by-label/KINGSTON'
Last edited by schuurs; 03-29-2010 at 07:35 AM.
|
|
|
|
|
03-25-2010, 08:50 AM
|
#5
|
|
Senior Member
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279
|
You are not matching properly.
I would have used something like
Code:
SUBSYSTEM=="usb", ATTRS{name}=="usb-Kingston_DataTraveler_2.0_0019E06B58BBA941D2CF029F-part1", RUN+="/home/myusername/myscript.sh"
I don't believe that line will work as it is, you need to find the correct match.
You can't put complicated run rules in so it's best to do it in a separate script which contains the real commands.
Bear in mind that this will delay the accessing of the drive until clam has finished scanning.
There are various tools to use to get a good match pattern, the site I gave you suggests using udevinfo but there are others like udevadm
I would also consider putting a simple naming rule in which gets applied before the RUN rule so that your script will know exactly which drive to scan.
for example :
Code:
SUBSYSTEM=="usb", ATTRS{name}=="usb-Kingston_DataTraveler_2.0_0019E06B58BBA941D2CF029F-part1", NAME="my_flash_drive"
give access to the flash drive at /dev/my_flash_drive
Again, that will not work as it is, you have to find out what the appropriate name is using the udevadm tool.
Last edited by smoker; 03-25-2010 at 09:03 AM.
|
|
|
|
|
03-29-2010, 07:33 AM
|
#6
|
|
Member
Registered: Feb 2010
Location: The Netherlands
Distribution: Mint 13 / CENTOS4.6 / RHEL5.x
Posts: 38
Original Poster
Rep:
|
I finished the udev rule and the script to scan a flash-drive for viruses when mounted.
They are working now.
"/etc/udev/rulles.d/99-scan-UsbStorage.rules"
Code:
KERNEL=="sd*1", SUBSYSTEM=="block", DRIVER=="usb-storage", NAME="flash_drive" RUN+="/etc/udev/scripts/clamscan.sh &"
"clamscan.sh"
Code:
#!/bin/ksh
file="/tmp/clamscan.log"
export DISPLAY=":0.0"
zenity --info --width=180 --title="Clam Anti Virus" --text="Executing virus scan on flashdrive" &
if [ -f $file ]; then
rm -f $file
fi
date > $file
flashdisk_dir=`udevinfo -q all -p $(udevinfo -q path -n /dev/flash_drive) | grep "ID_FS_LABEL" | awk -F "=" '{print $2}'`
/usr/local/bin/clamscan -r --bell /media/$flashdisk_dir/* >> $file 2>&1
if [ -f $file ]; then
file_content=`date; tail --lines 10 $file; echo "\nSee /tmp/clamscan.log for more information"`
#zenity --text-info --title="Clam Anti Virus" --filename=$file &
zenity --info --width=180 --title="Clam Anti Virus" --text="$file_content" &
fi
exit 0
Last edited by schuurs; 03-29-2010 at 07:34 AM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 01:32 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
