Linux File Watcher
Designed to be installed on to Linux Systems, this Solution will monitor and scan file system activity in locations that you can specify.
With the code up on GitHub the Solution is readly extensible but can also be used out of the box with default configuration suitable for common scenarios.
Overview
The Linux OnAccess Scanner plugin_ is a Solution that does On-Access scan for Linux distributions. There are official packages for Debian, Ubuntu, Fedora, CentOS and Alpine. This Solution is a 64-bit native binary that is created with efficient detections and low memory footprint in mind to ensure that the scan is both quick and doesn’t cause a lag on your system. This document shows how this plugin can be used from all the supported Linux distributions
Debian/Ubuntu
The following commands will install the secplugs-linux-oas-plugin
apt install software-properties-common && apt update
apt-add-repository -y ppa:secplugs/ppa
apt update && apt install secplugs-linux-oas-plugin
The above commands add the secplugs ppa repository to the list of repositories. The apt-add-repository
utility needs software-properties-common
and hence that gets installed first.
Likewise, for Debian, the following commands can be used
apt install software-properties-common && apt update
apt-key adv --keyserver <keyserver> --recv <key> && apt-add-repository -y 'deb https://packages.secplugs.com/debian/ stable main'
apt update && apt install secplugs-linux-oas-plugin
The above adds the secplugs debian repository and its gpg keys to the system.
Both ubuntu and debian packages add the OnAccess scanner Solution to be run in the background as a systemd service
Fedora/CentOS
The following commands will install the Solution on Fedora/CentOS and other RPM based Linux distributions.
wget -O /etc/yum.repos.d/secplugs.repo https://packages.secplugs.com/fedora/secplugs.repo
echo <SHA> /etc/yum.repos.d/secplugs.repo | sha256sum --check --status
dnf update && dnf install secplugs-linux-oas-plugin
Configuration
The only configuration that is needed for the secplugs-linux-oas-plugin is the
/etc/secplugs/config.json
file. For most common use cases, the only configuration that would be needed is the watchers
property which tells the Solution which folders to monitor. The default configuration works for most common deployments
{
"watchers": [
"/lib",
"/lib64",
"/var/lib",
"/etc/"
],
"vendor": "<preferred vendor from vendor list in portal>"
}
Use Your Own API Key
To use additional features and the privacy of your own account, after registering with ScanCloud, sign in with your username and create an API key
After creating a key, specify it as the key to use in the json configuration
{
"watchers": [
"/lib",
"/lib64",
"/var/lib",
"/etc/"
],
"vendor": "<preferred vendor from vendor list in portal>",
"api_key": "<your api key>"
}
Contact
Having trouble? Contact ScanCloud