Pre-Compiled Dazuko Modules for Ubuntu Kernels

Bug #118842 reported by Chris
16
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Hello there,

Ubuntu (and it's partner projects) made great advances for the Linux desktop, but there is one area that is somewhat lacking still - the infamous area of 'personal security' meaning real-time virus scanners and personal firewalls.
While today the general opinion is that Linux' security is superior by design when compared with more wide spread commercial operating systems, more and more people consider this to be partly a result of Linux comparatively low market share.

Since I honestly believe that Ubuntu is one of the projects that will change the marketplace in the near future I think this issue should be thought of before it becomes a real issue (in form of actual viri that may affect Ubuntu user's systems).

Today there are some good virus scanners available for Linux. I'm mainly thinking of the ClamAV [1] backend, that is beeing used by several GUI frontends such as Aegis2 [2] for GNOME/GTK or KlamAV [3] for KDE, and Avira's AntiVir [4].

Generally the mere availability of such free tools could be a satisfying situation, but those virus scanners share one problem; For the real-time scan feature they need to know what files are beeing accessed at a given time. All those solutions use the Dazuko [5] kernel module, which is not part of the default kernel, to get that information. While I'm not a specialist on this issue at all I think that there is no high-performance way of having real-time scanning without the dazuko module. Actually without the dazuko module none of those scanners work as on-access / real-time scanners. Only user-invoked manual system scans are possible - something most users do far too irregulalry.

Today the only possibility to make these scanners work for a user is to compile the dazuko module, as available in the dazuko-source package for example, themselves. This is far from ideal. You could argue that most users who need or want such kind of protection would typically not be able to deal with compiling kernel modules, making this solution rather impractical.

To solve this I'd suggest to consider making available packages of pre-compiled dazuko modules with each Ubuntu kernel release.

Anyway the point of this bug report is to boost awareness about this situation with Ubuntu developers. The goal (easily available security solutions for users) could be reached via the aforementioned dazuko packages or with another real time scanning solution that I just might not be aware of.

[1] http://www.clamav.net
[2] http://jodrell.net/projects/aegis2
[3] http://www.klamav.net
[4] http://www.free-av.com/
[5] http://www.dazuko.org

Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Ubuntu certainly used to provide a dazuko module - http://kernelslacker.livejournal.com/57802.html . Are you sure that one isn't shipped?

Revision history for this message
Chris (chrw) wrote :

It never really occured to me that it might already be shipped by default *with* the kernel.
Nevertheless, it seems to be there, though not functioning:

modprobe dazuko gives:
FATAL: Error inserting dazuko (/lib/modules/2.6.17-10-386/kernel/fs/dazuko/dazuko.ko): Invalid argument

Avira AntiVir won't start the 'Guard' module without any error message and KlamAV tries "modprobe 'dazuko'" when you click the 'automatic scan' button, fails and suggest that I'd check my installation. Theres nothing special about my (edgy) install. I'll try and check this out on a fresh feisty install to see if it is a general problem as I assume.

Revision history for this message
wren (8to8) wrote :

Hi,

dazuko.ko is definitively shipped with the "linux-image-2.6.15-28-386" package. It's listed there at /lib/modules/2.6.15-28-386/kernel/fs/dazuko/dazuko.ko . This can be checked using " slocate dazuko.ko /lib/modules/ " But it doesn't work with the antivir-workstation-pers-2.1.10-15 package.

" /usr/lib/AntiVir/avguard status " gives you " insmod: error inserting './dazuko.ko': -1 Unknown symbol in module"

regards,

Revision history for this message
Chris (chrw) wrote :

Didn't have the chance to check a feisty (or gutsy) install - I'm still running edgy.
Can someone with a more recent install verify this issue still exists?

Revision history for this message
wren (8to8) wrote :

I found out what was going wrong. Currently I use:
- one small 6.06 LTS Dapper Drake published in June 2006 containing still applications installed by default.
This one works very well with the dazuko.ko module shipped with the "linux-image-2.6.15-28-386" package.

- one big 6.06 LTS Dapper Drake published in June 2006 containing dozens of applications from all Ubuntu repositories found and additionally this one listed at http://www.skype.com/download/skype/linux/repositories.html
This one doesn't work. It contains the "linux-image-2.6.15-28-386" package, too. But the system decided not to use the newer kernel. Instead of the old "linux-image-2.6.15-23-386" one is used. I have no idea why.

Anyway, I found out that using the "uname -a" and "slocate /lib/modules/ dazuko.ko" commands give you some details to decide how to follow up. If they give you different kernel versions the 2.6.15-28 shipped dazuko.ko will not work together with your active kernel.

If you would proceed ignoring this issue you will get the error
"insmod: error inserting './dazuko.ko': -1 Unknown symbol in module
AntiVir Status: avguard-workstation (Dazuko unavailable, 0 daemons)"

So in result: 6.06 LTS Dapper Drake 2.6.15-28 works fine with the shipped dazuko.ko.

sudo modprobe -r capability
sudo modprobe dazuko
sudo modprobe capability

Insert following into the /etc/init.d/avguard file after the first # character.
#!/bin/sh
#
# Start/Stop AvGuard
#
# Copyright (c) 2006 Avira GmbH
#
sudo rmmod capability
cd /path/to/your/dazuko/folder/
sudo insmod ./dazuko.ko
sudo modprobe capability
PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"

That's it. Found at the German http://wiki.ubuntuusers.de/AntiVir
regards,

Revision history for this message
Brian Murray (brian-murray) wrote :

What do you mean by "the old linux-image-2.6.15-23-386" is used? Please also add the full output of 'dpkg -l linux*' as an attachment to your bug report. Thanks in advance.

Revision history for this message
lefty.crupps (eljefedelito) wrote :
Download full text (5.0 KiB)

I also cannot load 'dazuko' which the auto-scan requires in KlamAV in Kubuntu 7.04. I had this issue also in Edgy, and Dapper. Here is the output of the dpkg -l linux* command:

-desktop:~$ dpkg -l linux*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-=============================-=============================-==========================================================================
un linux-boot-loader <none> (no description available)
un linux-doc-2.6.20 <none> (no description available)
ii linux-generic 2.6.20.16.28.1 Complete Generic Linux kernel
un linux-headers <none> (no description available)
un linux-headers-2.6 <none> (no description available)
pn linux-headers-2.6.20-12 <none> (no description available)
pn linux-headers-2.6.20-12-gener <none> (no description available)
pn linux-headers-2.6.20-13 <none> (no description available)
pn linux-headers-2.6.20-13-gener <none> (no description available)
pn linux-headers-2.6.20-14 <none> (no description available)
pn linux-headers-2.6.20-14-gener <none> (no description available)
pn linux-headers-2.6.20-15 <none> (no description available)
pn linux-headers-2.6.20-15-gener <none> (no description available)
ii linux-headers-2.6.20-16 2.6.20-16.29 Header files related to Linux kernel version 2.6.20
ii linux-headers-2.6.20-16-gener 2.6.20-16.29 Linux kernel headers for version 2.6.20 on x86/x86_64
ii linux-headers-2.6.20-9 2.6.20-9.16 Header files related to Linux kernel version 2.6.20
ii linux-headers-2.6.20-9-generi 2.6.20-9.16 Linux kernel headers for version 2.6.20 on x86/x86_64
ii linux-headers-generic 2.6.20.16.28.1 Generic Linux kernel headers
un linux-image <none> (no description available)
un linux-image-2.6 <none> (no description available)
ii linux-image-2.6.20-12-generic 2.6.20-12.20 Linux kernel image for version 2.6.20 on x86/x86_64
ii linux-image-2.6.20-13-generic 2.6.20-13.21 Linux kernel image for version 2.6.20 on x86/x86_64
ii linux-image-2.6.20-14-generic 2.6.20-14.22 Linux kernel image for version 2.6.20 on x86/x86_64
ii linux-image-2.6.20-15-generic 2.6.20-15.27 Linux kernel image for version 2.6.20 on x86/x86_64
ii linux-image-2.6.20-16-generic 2.6.20-16.29 Linux kernel image for version 2.6.20 on x86/x86_64
ii linux-image-2.6.20-9-generic 2.6.20-9.16 Linux ker...

Read more...

Revision history for this message
markus eugster (keuse) wrote :

I found this through a link on dazuko's homepage. Please have a look at http://www.dazuko.org/howto-install.shtml and http://www.dazuko.org/faq.shtml. Perhaps this may help you.
Please read careful 5.1 and 5.2
---------------------------------------
5.2 In /var/log/messages it says "kernel: There is already a security framework initialized, register_security failed. kernel: dazuko: failed to register". What is wrong?

This occurs because another security module is already loaded and is not allowing Dazuko to be loaded. In order to allow multiple security modules, Linux 2.6 supports stacking. Unfortunately some modules do not implement this, which makes it impossible to load additional security modules. Dazuko does support stacking correctly. If you make sure that Dazuko is the first loaded security module, than other modules can also be loaded.

Typically the problem is the "capability" module. You can verify that this is the problem by unloading the "capability" module, loading Dazuko, and then reloading the "capability" module:

# rmmod capability
# insmod ./dazuko.ko
# modprobe capability

If this was indeed the problem, you can usually configure your system to load modules in a specific order. This varies between Linux distributions.

----------------------------------

Revision history for this message
wren (8to8) wrote :

> Brian Murray wrote on 2007-07-18: (permalink)

> What do you mean by "the old linux-image-2.6.15-23-386" is used? Please also add the full output of 'dpkg -l linux*' as an attachment to your bug report. > Thanks in advance.

Sorry for delay! Probably only the /boot/grub/menu.lst were not updated correctly. No entry to the upgraded linux-image-2.6.15-28-386 were listed at the /boot/grub/menu.lst . The initial 6.06 release of August 06 contains the linux-image-2.6.15-23-386
Furthermore, I can not provide you the 'dpkg -l linux*' system output you requested. The regarding Dapper system doesn't exist anymore. It was replaced with a fresh Dapper installation (Aug 06 release) and upgraded correctly to linux-image-2.6.15-28-386 . By now the Dapper system /boot/grub/menu.lst contains proper entries to the linux-image-2.6.15-23-386 & linux-image-2.6.15-28-386. Sorry about using this lazy solution.

regards,

Revision history for this message
oxyk (djoxyk) wrote :
Download full text (3.2 KiB)

why it's so hard to implement any antivirus on linux?
I try clamtk and it can't see signatures
then I install Klamav and dazuko is not loaded...
btw, I have this issue not only on Ubuntu 7.10, but Mandriva 2007
 modprobe dazuko
FATAL: Module dazuko not found.
what I can do to install it?

I try this
http://www.dazuko.org/tgen.shtml#DEBIAN
download source
but compilation fails

what I need to check?

please help me to install at least something that will work (I have dual OS PC, so I badly need scanner)

--------
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-===========================-===========================-======================================================================
un linux-boot-loader <none> (no description available)
un linux-doc-2.6.22 <none> (no description available)
ii linux-generic 2.6.22.14.21 Complete Generic Linux kernel
un linux-headers <none> (no description available)
un linux-headers-2.6 <none> (no description available)
ii linux-headers-2.6.22-14 2.6.22-14.46 Header files related to Linux kernel version 2.6.22
ii linux-headers-2.6.22-14-gen 2.6.22-14.46 Linux kernel headers for version 2.6.22 on x86/x86_64
ii linux-headers-generic 2.6.22.14.21 Generic Linux kernel headers
un linux-image <none> (no description available)
un linux-image-2.6 <none> (no description available)
ii linux-image-2.6.22-14-gener 2.6.22-14.46 Linux kernel image for version 2.6.22 on x86/x86_64
ii linux-image-generic 2.6.22.14.21 Generic Linux kernel image
un linux-initramfs-tool <none> (no description available)
un linux-kernel-headers <none> (no description available)
un linux-kernel-log-daemon <none> (no description available)
ii linux-libc-dev 2.6.22-14.46 Linux Kernel Headers for development
ii linux-restricted-modules-2. 2.6.22.4-14.9 Non-free Linux 2.6.22 modules on x86/x86_64
un linux-restricted-modules-38 <none> (no description available)
ii linux-restricted-modules-co 2.6.22.4-14.9 Non-free Linux 2.6.22 modules helper script
ii linux-restricted-modules-ge 2.6.22.14.21 Restricted Linux modules for generic kernels
ii linux-sound-base 1.0.14-1ubuntu2 base package for ALSA and OSS sound systems
un linux-source-2.6.22 <none> (no description available)
ii linux-ubuntu-modules-2.6.22 2.6.22-14.37 Ubuntu supplied Linux modules for version 2.6.22 on x86/x86_64
un linux32 <none> (no description availa...

Read more...

Revision history for this message
Anderson (amg1127) wrote :

Ubuntu last kernels (at least Gutsy 2.6.22-14 and Hardy 2.6.24-10) is shipped with "capability" module built in the kernel. Dazuko doesn't like it, as you can see in this bug report:

https://bugs.launchpad.net/ubuntu/+bug/118842/comments/8

As a result, dazuko is not shipped in the kernel nor it can be compiled from sources.

Revision history for this message
Anderson (amg1127) wrote :

Ubuntu Kernel Team, I have a wish.

Can Ubuntu kernels have capabilities in a module instead of builtin?

I don't know if dazuko support was dropped because of some issue, but enabling the "capability" gives people the chance to try using dazuko (I wanted to use it). Can you help?

Revision history for this message
Remke (r-schuurmans) wrote :

http://ubuntuforums.org/archive/index.php/t-6085.html

In Gutsy, instead of

$ sudo rmmod capability
$ sudo insmod ./dazuko.ko
$ sudo modprobe capability

this works

$ sudo rmmod apparmor
$ sudo insmod ./dazuko.ko

http://allyourtech.com/content/articles/15_01_2006_installing_antivir_with_on_access_scanning_in_ubuntu_linux.php
...Configuring Dazuko
Dazuko will fail to start properly if the module named capability is running first. To do this, a couple of files must be created/modified. To create the first file, open gedit as root by issuing the following Terminal command:

sudo gedit /etc/modprobe.d/dazuko

Copy and paste the following code into the blank document and save it.

install dazuko modprobe -r capability;\ #---> install dazuko modprobe -r apparmor
modprobe -i dazuko; \
modprobe -i capability #---> modprobe -i apparmor

While still running gedit as root, open the modules file, located in /etc directory. Add the word dazuko to the end of the list. Save the file.

To get Dazuko loaded, without having to reboot, issue the following Terminal commands

sudo rmmod capability #--> sudo rmmod apparmor
sudo modprobe dazuko
sudo modprobe capability #--> sudo modprobe apparmor

Revision history for this message
chrone (chrone81) wrote :

anychance dazuko works on ubuntu 8.04.1 without having to recompile the kernel?

Revision history for this message
xteejx (xteejx-deactivatedaccount) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue for you. Can you try with the latest Ubuntu release? Thanks in advance.

Changed in linux-meta (Ubuntu):
status: New → Incomplete
Revision history for this message
lefty.crupps (eljefedelito) wrote : Re: [Bug 118842] Re: Pre-Compiled Dazuko Modules for Ubuntu Kernels

Sorry, no I will not try the latest release, I have given up on Ubuntu because every bug that I have files is just put off until Ubuntu devs can come back with the excuse to try in the latest release, and then the will be closed due to lack of activity or information. I suggest that you try to address bugs as they come in, rather than years after the fact. I am done with Ubuntu.

=== === ===
On Tuesday 19 May 2009 10:27:17 Teej wrote:
> Thank you for taking the time to report this bug and helping to make
> Ubuntu better. You reported this bug a while ago and there hasn't been
> any activity in it recently. We were wondering if this is still an issue
> for you. Can you try with the latest Ubuntu release? Thanks in advance.
>
> ** Changed in: linux-meta (Ubuntu)
> Status: New => Incomplete
>

Revision history for this message
xteejx (xteejx-deactivatedaccount) wrote :

I am sorry to hear that you have been having problems with the Bug Squad and the triaging system. Nevertheless I will leave this as Incomplete and if another user can provide this info, please do so. Thank you.

Revision history for this message
Andy Whitcroft (apw) wrote :

This is not a bug in the linux-meta package, moving to the linux package.

affects: linux-meta (Ubuntu) → linux (Ubuntu)
Revision history for this message
EAB (adair-boder) wrote :

I am trying to get Dazuko working on my system running Ubuntu Hardy LTS. Is there no way to get it working without having to recompile the kernel?

Revision history for this message
xteejx (xteejx-deactivatedaccount) wrote :

@Zeth: Have you tried the Answers section of launchpad or #ubuntu on irc.freenode.net as you are asking a question. Thanks.

Revision history for this message
xteejx (xteejx-deactivatedaccount) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in linux (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.