Monthly Archives: October 2018

How to install and uninstall Sophos Antivirus in Linux

Short post to learn how to install and uninstall Sophos Antivirus in Linux.

Sophos is a well-known antivirus for Windows, Linux, Mac platforms. Sophos also offers different security solutions along with antivirus. In this post we walk through the install, check and remove Sophos antivirus on Linux systems. You can download Sophos antivirus for Linux for free here.

How to install Sophos Antivirus in Linux

You can transfer the installer downloaded on a laptop or desktop on your Linux server. Or you can use tools like wget to download the installer directly on your Linux server. You can get a Linux installer link from your account on a website.

You will be having Sophos Antivirus with install.sh script within. For non-interactive setup executive script with below switches and you are good to go –

root@kerneltalks # ./install.sh --automatic --acceptlicence /opt/sophos-av
Installing Sophos Anti-Virus....
Selecting appropriate kernel support...

Installation completed.
Your computer is now protected by Sophos Anti-Virus.

Antivirus is successfully installed on your server.

Check current status of Sophos Antivirus

Antivirus runs with service named sav-protect. So you can use normal Linux service status command to check the status of AV service.

root@kerneltalks # service sav-protect status
sav-protect.service - "Sophos Anti-Virus daemon"
   Loaded: loaded (/usr/lib/systemd/system/sav-protect.service; enabled)
   Active: active (running)[0m since Thu 2018-07-19 13:30:50 IST; 3 months 4 days ago
     Docs: man:sav-protect
  Process: 5619 ExecStop=/opt/sophos-av/engine/.sav-protect.systemd.stop.sh (code=exited, status=0/SUCCESS)
  Process: 6287 ExecStartPost=/opt/sophos-av/engine/.sav-protect.systemd.poststart.(code=exited, status=1/FAILURE)
  Process: 5646 ExecStartPre=/opt/sophos-av/engine/.sav-protect.systemd.prestart.sh (code=exited, status=0/SUCCESS)
 Main PID: 6286 (savd)
   CGroup: /system.slice/sav-protect.service
           ├─5842 savscand --incident=unix://tmp/incident --namedscan=unix://root@tmp/namedscansprocessor.397 --ondemandcontrol=socketpair://46/47
           └─6286 savd etc/savd.cfg

Oct 21 17:50:56 kerneltalks savd[6286]: scheduled.scan.log: Scheduled scan "SEC:Weekly scan" completed: master boot records scanned: 0, boot records scanned: 0, files scanned: 968342, scan errors: 0, threats detected: 0, infected files detected: 0
Oct 21 21:38:46 kerneltalks savd[6286]: update.check: Successfully updated Sophos Anti-Virus from \\avserver.kerneltalks.com\SophosUpdate\CIDs\S038\savlinux

You can see the recent two activities as a successful scheduled scan run and virus definition update in the last log lines.

How to uninstall Sophos Antivirus in Linux

Run uninstall.sh script located at /opt/sophos-av to uninstall Sophos Antivirus.

root@kerneltalks # /opt/sophos-av/uninstall.sh
Uninstalling Sophos Anti-Virus.
WARNING: Sophos Anti-Virus still running.
Do you want to stop Sophos Anti-Virus? Yes(Y)/No(N) [N]
> Y

Stopping Sophos Anti-Virus.
Sophos Anti-Virus has been uninstalled.

And AV is un-installed. You can confirm by checking status again which will result in an error.

root@kerneltalks # service sav-protect status
service: no such service sav-protect

Install Ansible in Linux

Small tutorial about how to install Ansible in Linux and run ansible command on the remote clients from the control server.

Ansible installation in Linux

What is Ansible ?

Ansible is an open-source configuration management tool developed by Red Hat. You can have enterprise support for it from Red Hat subscriptions. Ansible is written in Python, Ruby, and Power shell. It uses SSH in the background to communicate with clients and execute tasks. The best feature of Ansible is being agent-less hence no load on clients and configurations can be pushed from the server at any time.

Ansible installation

The first pre-requisite of Ansible is: Primary or control server should have password-less SSH connection configured for Ansible user for all its client servers. You can configure passwordless SSH in two commands steps using ssh-keygen and ssh-copy-id.

For our understanding, we have 1 control server kerneltalks1 and 1 client kerneltalks2 and we have configured passwordless SSH for user shrikant (which we treat as Ansible user here)

Lets install Ansible on control server i.e. kerneltalks1

Ansible can be installed using the normal package installation procedure. Below are quick commands for your reference.

  • RHELsubscription-manager repos --enable rhel-7-server-ansible-2.6-rpms; yum install ansible
  • CentOS, Fedora : yum install ansible
  • Ubuntuapt-add-repository --yes --update ppa:ansible/ansibleapt-get install ansible
  • Git clone : git clone https://github.com/ansible/ansible.git
    • cd ./ansiblemake rpm
    • rpm -Uvh ./rpm-build/ansible-*.noarch.rpm

I installed Ansible on my CentOS machine using above command.

[root@kerneltalks1 ~]# ansible --version
ansible 2.7.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

Ansible default config structure

After installation, Ansible creates/etc/ansible directory with default configuration in it.  You can find ansible.cfg and hosts files in it.

[root@kerneltalks1 ~]# ll /etc/ansible
total 24
-rw-r--r--. 1 root root 20269 Oct  9 01:34 ansible.cfg
-rw-r--r--. 1 root root  1016 Oct  9 01:34 hosts
drwxr-xr-x. 2 root root     6 Oct  9 01:34 roles

ansible.cfg is default configuration file for ansible executable

hosts is a list of clients on which control server executes commands remotely via password-less SSH.

Running first command via Ansible

Let’s configure kerneltalks2 and run our first Ansible command on it remotely from kerneltalks1 control server.

You need to configure the password less ssh as we discussed earlier. Then add this server name in /etc/ansible/hosts file.

root@kerneltalks1 # cat /etc/ansible/hosts
[testservers]
 172.31.81.83 

Here IP mentioned is of kerneltalks2 and you can specify the grouping of servers in square braces. And you are good to go. Run ansible command with ping module (-m switch). There are many modules comes in-built with ansible which you can use rather than using equivalent shell commands.

[shrikant@kerneltalks1 ~]$ ansible -m ping all
172.31.81.83 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

You can see the output is a success on the mentioned IP. So we installed and ran the first successful command using ansible!

Common errors

1. If you try to run ansible command on a group of the server which does not exist in the host file. You will see below error –

[shrikant@kerneltalks1 ~]$ ansible -m ping testserver
 [WARNING]: Could not match supplied host pattern, ignoring: testserver

 [WARNING]: No hosts matched, nothing to do

You need to check /etc/ansible/hosts file (or hosts files being referred by your ansible installation) and make sure the server group mentioned on command exists in it.

2. If you do not configure passwordless SSH from the control server to the client or If the client is not reachable over the network you will see below error.

[root@kerneltalks1 ansible]# ansible -m ping all
kerneltalks2 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'kerneltalks2,172.31.81.83' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
    "unreachable": true
}

You need to check the connectivity and passwordless ssh access from the control server.