Jump to content

basilsp

Members
  • Content Count

    11
  • Joined

  • Last visited

About basilsp

  • Rank
    Candidate

Recent Profile Visitors

860 profile views
  1. Hello, There are such types of attacks that allow to execute an arbitrary code on the attacked system. This code executes under some user (under this user application is run). It is such users as: ftp, ntp, postfix, etc. I think it is necessary to forbid execution of “/opt/kaspersky/kav4fs/bin/kav4fs-control” for other users by default or it is needed to describe the way to forbid execution of “/opt/kaspersky/kav4fs/bin/kav4fs-control” for other users in documentation.
  2. Hello, There are such types of attacks that allow to execute an arbitrary code on the attacked system. This code executes under some user (under this user application is run). I think it is necessary to forbid execution of “/opt/kaspersky/kav4fs/bin/kav4fs-control” for such users as: ftp, ntp, sshd, postfix, etc. For instance, for this purpose it may be useful to include in “/opt/kaspersky/kav4fs/bin/kav4fs-control” such checks as: - absence of tty; - absence of the shell /sbin/nologin; - etc. If you think the execution of “/opt/kaspersky/kav4fs/bin/kav4fs-control” for any user is normal, so it is OK.
  3. Hello, now any user may execute the “/opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file”. Therefore, this feature will may be used by attackers to detect standard file names (lib, program, etc), potentially. It is may reduce time and increase chance to success of attack. For example this feature don't check to exist tty. So, if user want use this feature, he can activate it. Importantly, it is needed notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission.
  4. The “/opt/kaspersky/kav4fs/bin/kav4fs-control” don't check to exist tty: $ ssh yugov@10.40.4.158 '/opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file /www || tty' yugov@10.40.4.158's password: Invalid path to file: '/www' not a tty
  5. It is needed deny scanning to non-root users by default. And describe the method of activation this feature in documentation. Or during the process of setup script running it is needed to ask whether allow or deny the scanning to non-root users. Most importantly, it is needed to notify that permission for non-root users for scanning process will give them (non-root users) the opportunity to scan the files for which they don't have permission.
  6. It would be nice after installing KES 10 for Linux the "/opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file" could run like "kavscan". For example: [sp@vm-kes02 ~]$ cat /usr/bin/kavscan #!/usr/bin/env bash eval /opt/kaspersky/kav4fs/bin/kav4fs-control --scan-file "$@" [sp@vm-kes02 ~]$ kavscan /opt/kaspersky/ Scanned objects : 229 Total detected objects : 0 Infected and other objects : 0 Cured objects : 0 Moved to backup : 0 Removed objects : 0 Not cured objects : 0 Scan errors : 0 Corrupted objects : 0 Password protected objects : 0 Skipped : 0
  7. I used 64-bit operating systems OracleLinux 7.3 and CentOS-7.3. The "Downloading the latest application databases" passing without errors while the network is not available in both cases. The scenario. 1. Switch off interface: $ ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: ens33: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000 link/ether 00:50:56:b3:30:34 brd ff:ff:ff:ff:ff:ff 2. Setup kas4fs: $ sudo opt/kaspersky/kav4fs/bin/kav4fs-setup.pl ... Downloading the latest application databases[0m Task progress: [--------------------------------------------------] 0% [##################################################]100% Do you want to set other update settings? [y]: n ...
  8. Hello, And on CentOS 7.3 too. klnagent.inst.txt
  9. Build of OS: Linux msk10-kesora.drzi.itsk 4.1.12-61.1.18.el7uek.x86_64 #2 SMP Fri Nov 4 15:48:30 PDT 2016 x86_64 x86_64 x86_64 GNU/Linux Issue description: The "Downloading the latest application databases" pass without errors while the network is not available. The scenario to reproduce attached in the first post.
  10. From RELEASE NOTE: It also should be installed on OracleLinux 7.3. klnagent.inst.glibc.txt
  11. The "Downloading the latest application databases" pass without errors while the network is not available. download.typescript.txt
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.