[KB880] ESET Server Security for Linux compatibility with SELinux and grsecurity

Solution

ESET Server Security for Linux is not compatible with SELinux and grsecurity. 

If you have problems with SELinux and you do not need it, you can switch the system into permissive mode with the following commands:

echo 0 > /selinux/enforce
vi /etc/selinux/config

Set SELinux to "disabled" in configuration file.

SELINUX=disabled

 

For grsecurity, add a trusted group and add the user esets to the group.

# groupadd -g  grsecgroup
# vi /etc/group
grsecgroup:x:123:esets #Example

Enable 'Trusted Path Execution (TPE)' and 'Invert GID option' within grsecurity.

# echo  > /proc/sys/kernel/grsecurity/tpe_gid
# echo 1 > /proc/sys/kernel/grsecurity/tpe
# echo 1 > /proc/sys/kernel/grsecurity/grsec_lock

You can also do this the same way via sysctl command:

# sysctl kernel.grsecurity.tpe_gid =  kernel.grsecurity.tpe = 1 kernel.grsecurity.grsec_lock = 1

To enable grsecurity permanently, edit the /etc/sysctl.conf and add the following lines:

kernel.grsecurity.tpe_gid = 
kernel.grsecurity.tpe = 1
kernel.grsecurity.grsec_lock = 1