INSTALL

#############################

First you need to install rsbac-admin as 

rpm -Uhv rsbac-admin-1.2.N-bfM.fcX.NN.i386.rpm

#############################

Then you need to install  clamd  and  clamfresh  for example from 
fedora-extras you need the following packages:

 clamav-data     
 clamav-lib
 clamav-server
 clamav-update  

Then edit 
  /etc/freshclam.conf
  /etc/sysconfig/freshclam

you can find examples in /usr/share/doc/kernel_rsbac_ws/
  etc.freshclam.conf           => /etc/freshclam.conf
  etc.sysconfig.freshclam      => /etc/sysconfig/freshclam

In particular in /etc/freshclam.conf the follwing should be set

  #Example
  UpdateLogFile /var/log/freshclam.log
  PidFile /var/run/freshclam.pid
  OnUpdateExecute /usr/local/bin/rsbac_daz_flush_wrapper

If you need yous should set also HTTPProxyServer and HTTPProxyPort

In /etc/sysconfig/freshclam you should comment out the 
"FRESHCLAM_DELAY=disabled-warn " line

###############################

Finally install kernel-*-rsbac_ws* and rsbac_ws-scripts* as follows

 rpm -ihv --oldpackage kernel-2.6.x-rsbac_ws_v1.2.N_bfM_pax_soft_FC4.i686.rpm
 rpm -Uhv rsbac_ws-scripts-N-fcX.NN.noarch.rpm

rsbac_ws-scripts installs also scripts to start clamd (this is based
on the existence of /usr/share/clamav/clamd-wrapper !!!)

###############################

Reboot! hopefully everything works.

As root do   

  cat /proc/rsbac-info/stats | grep DAZ

to see how DAZ/clamd are doing

###############################

PaX: the only problem is PaX since various executables cannot run with 
default PaX protection. Typically they violate the 'mprotect' protection. 
(Notice that some programs die without any message, I guess the problem
is that it is not the program itself which violates PaX but a library
used by the program. In this case, try to change PaX flags.)
If this happens add the full path to these executables to the file

  /etc/sysconfig/rsbac_pax.local

with a line like

  /usr/X11R6/bin/Xorg         PemRxS

(explanation of the meaning of 'PemRxS' are in the file)
then give the command

  service AA_rsbac_pax start

You also have to give this command every time you update any program 
listed in this file (so it is suggested to run this command every
time you update or install some programs).

PLEASE Report programs which need non-default PaX flags!!! Thanks

 


Andrea Pasquinucci
cesare-AT-ucci.it