Real-time protection cannot start
Issue
Real-time protection cannot start due to missing kernel files or enabled Secure Boot.
The Events screen in the Web interface of ESET Server Security for Linux (ESSL) displays an error message.
Missing kernel files
Secure Boot is enabled
In system logs, a corresponding error message is displayed:
Nov 30 15:47:02 localhost.localdomain efs[373639]: ESET File Security error: cannot find kernel sources directory for kernel version 5.4.17-2036.100.6.1.el8uek.x86_64 Nov 30 15:47:02 localhost.localdomain efs[373641]: ESET File Security error: please check if kernel-devel (or linux-headers) package version matches the current kernel version Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Error: Cannot open file /lib/modules/5.4.17-2036.100.6.1.el8uek.x86_64/eset/efs/eset_rtp.ko: No such file or directory Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Warning: If you are running UEK kernel, make sure you have kernel-uek-devel installed Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs. |
Missing kernel files
Feb 05 14:58:47 ubuntu2004 efs[52262]: ESET File Security Error: Secure Boot requires signed kernel modules. Please run "/opt/eset/efs/lib/install_scripts/sign_modules.sh" to sign our modules. Feb 05 14:58:50 ubuntu2004 oaeventd[52303]: ESET File Security Error: Secure Boot is enabled. Please sign the kernel module /lib/modules/5.8.0-41-generic/eset/efs/eset_rtp.ko or disable Secure Boot in BIOS/UEFI. Feb 05 14:58:50 ubuntu2004 oaeventd[52303]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs. |
Secure Boot is enabled
Solution
If the machine with ESSL installation has Secure Boot enabled, refer to the Secure Boot section.
Method 1 - Requires operating system restart
1.Upgrade your operating system packages to the latest version. On CentOS 7, execute the following command from a Terminal window as a privileged user:
yum upgrade |
2.Restart the operating system.
Method 2
1.Install the latest kernel-devel modules (on RPM-based Linux distributions) or the latest linux-headers (on DEB based Linux distributions). On Ubuntu Linux, execute the following command from a Terminal window as a privileged user:
apt-get install linux-headers-`uname -r` |
2.Restart the ESSL service. Execute the following command from a Terminal window as a privileged user:
systemctl restart efs |
Method 3 - OS with Unbreakable Enterprise Kernel
If the Unbreakable Enterprise Kernel is used, the kernel-uek-devel package must be installed manually.
1.On Oracle Linux, execute the following command from a Terminal window as a privileged user:
yum install kernel-uek-devel-`uname -r` kernel-headers |
2.Restart the ESSL service. Execute the following command from a Terminal window as a privileged user:
systemctl restart efs |