If you’re running our Linux Client or Server Security software on a desktop distribution with frequent system updates, like Ubuntu, you’ve no doubt become a bit bored of entering and leaving the Software Installation Mode every time there are packages that need to be upgraded. However, here’s a small tip that will ease the pain a little for our Ubuntu users:

• As superuser, create a file called “99fsav” (or similar) in /etc/apt/apt.conf.d by running the following command:

    sudo gedit /etc/apt/apt.conf.d/99fsav

• In the editor, paste the following two lines:

    DPkg::Pre-Install-Pkgs {"/opt/f-secure/fsav/bin/fsims on";};
  DPkg::Post-Invoke {"/opt/f-secure/fsav/bin/fsims off";};
  

• Save and exit the editor - done!

Now, the next time the system installs a package, it will automatically tell F-Secure Client Security that it’s about to do so by activating the Software Installation Mode. In this mode, some features are disabled in order not to interfere with the installation process. All files accessed are still scanned for malware as normal. When the installation or upgrade is done, dpkg will tell Client Security that by invoking “fsims off”. This will trigger recompilation of kernel modules (which is necessary in case the package installed was a kernel upgrade), and a full re-scan of the Integrity Checking baseline table, that contains hashes of important system files.

One important detail is that if you use the update manager, Synaptic or similar GUI tool, you must click “Details” to access the terminal in order to enter a new baseline passphrase for your Integrity Checker (see the second screenhost).

Also, since you need to enter that passphrase to finish off the installation, this is not very suitable if you’re doing unattended installations or upgrades.

Oh, and sorry about the language in the dialogs; I just grabbed the screenshots off of my regular workstation at the office, which is configured to use Swedish, my mother tongue. But if you’ve used Ubuntu you’ve probably seen those dialogs enough to know what they mean. :-)

Update: check out this post for a video clip showing this trick in action

This entry was posted by Rasmus on Saturday, March 3rd, 2007 at 9:55 pm.