Real-time protection cannot start
Issue
Real-time protection cannot start due to missing kernel files or enabled Secure Boot.
The Events screen in the Web interface of ESET Server Security for Linux (ESSL)version 8 displays an error message.
Missing kernel files
Secure Boot is enabled
In system logs, a corresponding error message is displayed:
Nov 30 15:47:02 localhost.localdomain efs[373639]: ESET File Security error: cannot find kernel sources directory for kernel version 5.4.17-2036.100.6.1.el8uek.x86_64 Nov 30 15:47:02 localhost.localdomain efs[373641]: ESET File Security error: please check if kernel-devel (or linux-headers) package version matches the current kernel version Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Error: Cannot open file /lib/modules/5.4.17-2036.100.6.1.el8uek.x86_64/eset/efs/eset_rtp.ko: No such file or directory Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Warning: If you are running UEK kernel, make sure you have kernel-uek-devel installed Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs. |
Missing kernel files
Feb 05 14:58:47 ubuntu2004 efs[52262]: ESET File Security Error: Secure Boot requires signed kernel modules. Please run "/opt/eset/efs/lib/install_scripts/sign_modules.sh" to sign our modules. Feb 05 14:58:50 ubuntu2004 oaeventd[52303]: ESET File Security Error: Secure Boot is enabled. Please sign the kernel module /lib/modules/5.8.0-41-generic/eset/efs/eset_rtp.ko or disable Secure Boot in BIOS/UEFI. Feb 05 14:58:50 ubuntu2004 oaeventd[52303]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs. |
Secure Boot is enabled
Solution
If the machine with ESSL installation has Secure Boot enabled, refer to the Secure Boot section.
Method 1 - Requires operating system restart
1.Upgrade your operating system packages to the latest version. On CentOS 7, execute the following command from a Terminal window as a privileged user:
yum upgrade |
2.Restart the operating system.
Method 2
1.Install the latest kernel-devel modules (on RPM-based Linux distributions) or the latest linux-headers (on DEB based Linux distributions). On Ubuntu Linux, execute the following command from a Terminal window as a privileged user:
apt-get install linux-headers-`uname -r` |
2.Restart the ESSL service. Execute the following command from a Terminal window as a privileged user:
systemctl restart efs |
Method 3 - OS with Unbreakable Enterprise Kernel
If the Unbreakable Enterprise Kernel is used, the kernel-uek-devel package must be installed manually.
1.On Oracle Linux, execute the following command from a Terminal window as a privileged user:
yum install kernel-uek-devel-`uname -r` kernel-headers |
2.Restart the ESSL service. Execute the following command from a Terminal window as a privileged user:
systemctl restart efs |