NOD32常驻扫描组件Dozuko和Dozuko在Linux，FreeBSD下的安装

liuxingyuan

About Dazuko （关于Dazuko）
A common interface across all platforms is needed for 3rd party file access control. With such an interface, focus could be redirected from OS hacking to solving real problems. The interface is here. It is called Dazuko.

一个跨越所有平台的公共接口，是第三方文件访问控制的需要。使用这样一个接口，由OS的hacking转向了解决实际的问题。这个端口在这里，叫做Dazuko。
This project provides a device driver allowing 3rd-party (userland) applications to execute file access control. It was originally developed by Avira GmbH (formerly known as H+BEDV Datentechnik GmbH) to allow on-access virus scanning. Other uses include a file-access monitor/logger or external security implementations. It operates by intercepting file access calls and passing the file information to a 3rd-party application. The 3rd-party application then has the opportunity to tell the device driver to allow or deny the file access. The 3rd-party application also receives information about the access event, such as accessed file, type of access, process id, and user id.
这个项目组提供了一个设备驱动程序，允许第三方（用户层面）应用程序去执行文件访问控制。它最初由Avira GmbH（以前叫做H+BEDV Datentechnik GmbH）部署，为了允许病毒的扫描。另外的用途包括文件访问监视/记录或额外的安全实现。它的操作是通过截获文件的访问呼叫，并将文件的信息传递给第三方应用程序。第三方应用程序然后有机会告诉设备驱动程序允许或拒绝文件的访问。第三方应用程序也接收到了关于访问事件的信息，比如，可访问的文件，访问的类型，进程id，和用户id。
Dazuko has been released as Free Software in order to allow users to compile the device driver for their own custom kernels. It also gives the project an opportunity to establish a common interface for 3rd-party file access control. Free Software provides the added benefit of increased robustness and security, having many eyes investigate the source code. Although Avira GmbH will continue to support the project and provide commercial software that utilizes the Dazuko driver via its interface, this project is Free Software and is in no way owned by Avira GmbH. This project provides a fully functional device driver with a well-defined interface, allowing any organization to develop software to utilize Dazuko.
Dazuko 作为一个免费软件发布，目的是允许用户编辑设备驱动以自定义他们的内核。它也提供了一个机会为第三方文件访问控制建立了一个公共的接口。免费软件提供了额外的好处，增强了强健性和安全，源代码经过多人的检查。虽然Avira GmbH继续支持该项目并提供商业软件工具，在它的接口上的Dazuko驱动，这个项目是免费软件因此不属于Avira GmbH。这个项目提供了全功能的设备驱动程序，使用了明确定义的接口，允许任何组织去部署软件和实现Dazuko。
The current status of the project is usable for Linux 2.2-2.6, Linux/RSBAC, and FreeBSD 4.x-6.x. However we would like to see the project expand to support other operating systems such as MacOS X, Solaris, OpenBSD, and Windows, as well as expand in functional capabilities.
该项目的目前状态可用于Linux 2.2-2.6, Linux /RSBAC, 和FreeBSD 4.x-6.x。然而我们将看到该项目扩展支持其他的操作系统诸如：MacOS，Solaris，OpenBSD，和Windows，以及扩展功能的能力。

liuxingyuan

Install Dazuko（安装Dazuko）
In order to make use of Dazuko it must be built for your kernel. This document takes you through the steps of building and testing Dazuko. Make sure you download the latest release from the downloads page.
为了充分利用Dazuko，必须编译您的内核。该文档介绍了构建和测试Dazuko的所有并步骤。确定您从下载页下载了最新版本。
There are 5 steps to compiling and installing Dazuko. However, you should have some experience with compiling your kernel. If you do not have this experience, it is suggested that you refer to the various available handbooks to learn about the kernel building process. Building your own kernel not only allows your system to run optimally, but also gives you a chance to work with and get a feel for the heart of your operating system.
编译和安装Dazuko有5个步骤。然而，你必须有编译内核的经验。如果您没有这方面的经验，建议您参考可用的手册学习关于内核编译的过程。编译自己的内核不仅优化了您的系统地运行，也给了您去看到您的操作系统核心的机会。
Note: If you already have the source code to your kernel and simply want to build Dazuko without building a new kernel, then you can. However, you need to be certain that the source code you have is really the same as the kernel you are running.
注：如果您已经获取有关于您的内核的源代码，只是需要构建Dazuko而不需要构建一个新的内核，那么你可以这样做。然而您需要确定您所拥有的源代码与您运行的内核相同。
Linux: Even though you have the Linux kernel source code, it may not be configured. See FAQ #10 for more information about this.
Linux：即使你拥有Linux源代码，这也许不能配置。参见FAQ获取更多的信息。
Step 1: Get your kernel source code （步骤1：获取您的内核源代码）
Dazuko is a kernel module. Once a kernel module is loaded, it becomes one with your kernel. Therefore, Dazuko will call and share the same set of functions as the kernel. This is why the kernel source code is required in order to build Dazuko.
Dazuko是一个内核模块，一旦内核模块被加载，它变成了您的内核中的成员。因此，Dazuko将会呼叫和共享内核的功能集。这就是为什么构建Dazuko需要内核源代码。
It is highly recommended that you first build and install a kernel. Then it is certain that the kernel source code you use to build Dazuko matches the running kernel. If you do not know how to do this, read the opening paragraph above.
强烈建议您首先建立和安装内核。关键是您使用构建Dazuko的内核源代码必须匹配运行的内核。如果您不知道怎样做，阅读上面的开始部分章节。
Many distributions provide packages with the kernel source code. If you do not plan on building a new kernel, make sure you install the proper kernel source packages for your distribution.
许多发布包提供了内核源代码。如果您不计划构建一个新内核，确定您安装恰当的内核源代码包。
Linux: See FAQ #10 for information about configuring your Linux kernel source code.
Linux：关于配置您的Linux内核源代码信息见问题解答
Step 2: Compile Dazuko （编译Dazuko）
Once the source code for your running kernel is available, you can build Dazuko. First a Makefile must be generated by running:
一旦用于您运行内核的源代码可用，你可以构建Dazuko。首先必须生成一个Makefile，运行：
./configure
This will determine what kind of system you have and any special flags that need to be set. Then you can compile Dazuko with:
这取决于您的系统地类型和需要设置的任何特定标记。然后您可以编译Dazuko使用：
make
This will create the device driver as well as a couple example programs. Under Linux 2.2-2.4 the device driver is named dazuko.o. Under Linux 2.6 and FreeBSD it is named dazuko.ko.
这将创建一个设备驱动程序，和一个关联的示例程序。Linux2.2-2.4该驱动程序命名为dazuko.o，对于Linux2.6和FreeBSD，命名为dazuko.ko。
You can perform a quick test to see if the device driver is compatible with your kernel using this command (as root):
您能快速测试，看是否该设备驱动与您的内核兼容，使用命令：（作为root）
make test
This will try to insert and remove the kernel module.
将试图插入和移出内核模块。
If you get any warnings or errors from any of the steps above, something may not be correct. Please read over the FAQ if you encounter problems.
如果您在上面的步骤中遇到了任何警告或错误，有些事情可能不正确。如果您遇到问题，请阅读FAQ。

liuxingyuan

Step 3: Insert Dazuko （步骤3：插入Dazuko）
Once you have successfully compiled Dazuko, the final step is to insert the module into the kernel. To do this, you must have root priveledges. This can be done with the command:
一旦您成功编译了Dazuko，最后的步骤是将该模块插入到内核。为完成这些，您必须具有root权限，使用下面的命令：
Linux 2.2-2.4: /sbin/insmod dazuko.o
Linux 2.6: /sbin/insmod dazuko.ko
FreeBSD: /sbin/kldload dazuko.ko
If you don't get any messages, this is a good sign. To check if the module has been loaded type:
如果您没有得到任何提示，这是一个好的信号。检查模块是否被加载，键入：
Linux 2.2-2.6: cat /proc/modules
FreeBSD: /sbin/kldstat
If you see "dazuko" listed then the Dazuko driver has been successfully loaded. Unless you are using devfs, the device node must now be created. With devfs, device nodes are created automatically.
如果在列表中看到了“dazuko”，那么Dazuoko驱动被成功加载。除非你正在使用devfs,该设备节点必须被创建。使用devfs，设备节点被自动的创建。
Under Linux
The device major number for Dazuko must be found. This is done with:
Linux下
Dazuko的设备主编好必须被发现，可以使用下面做法：
cat /proc/devices
You should see "dazuko" listed along with its device major number (usually 254). For example purposes, I will assume this number is 254. The commands to create the device node are:
您能看到“dazuko”列表，和它的设备主编号（通常是254）。为了演示的目的，我将假定该编号是254，创建设备节点的命令是：
mknod -m 600 /dev/dazuko c 254 0
chown root:root /dev/dazuko
Under FreeBSD 4
FreeBSD 4下：
mknod /dev/dazuko c 33 0
Step 4: Test Dazuko （步骤4：测试Dazuko）
So you've got Dazuko compiled and inserted into your kernel. Now what?
您已经编译完Dazuko并将它插入到您的内核，现在做什么？
Once Dazuko is loaded, an application is able to handle file access control through the Dazuko device. To test Dazuko it is recommended that you try out the example program included (in the example_c subdirectory). You can build the example program with:
一旦Dazuko被加载，应用程序能够通过Dazuko设备处理文件的访问控制。为测试Dazuko，推荐您试用一个示例程序（包含在example_c子文件夹）。您可通过以下命令构建一个示例程序使用：
cd example_c
make
For security reasons Dazuko will only operate with processes that are running as root. Therefore you need to be root when you run the example program. The example program takes a list of paths to "watch" as arguments.
出于安全的原因，Dazuko将以root身份操作这些进程。因此当您运行示例程序时，需要root权限。这个示例程序列出了路径。
./example /home /usr/home
Once the example program is running, open up another terminal or shell. Open up some file within the /home directory (or any subdirectory thereof). As the files are accessed, the example program should output various information.
一旦示例程序运行，打开另一个终端或shell。打开/home目录（或任何它的子目录）中的一些文件。当文件被访问，示例程序能输出各种信息。
The example program always permits the accesses, however another application could be written that denies file accesses in certain conditions. This allows a 3rd party to write complex file access control schemes (or customized file access logging utilities).
这个示例程序总是允许访问，然而，另外的应用可能在特定的条件下拒绝访问。这允许第三方构建复杂的文件访问控制架构（或自定义文件访问日志工具）
Step 5: Install Dazuko （步骤5：安装Dazuko）
After you have verified that Dazuko correctly works on your system, you will probably want to install it on the system (so that it is easily available). From the original Dazuko source code directory (not the example_c directory) you can run (as root):
在您验证了Dazuko可以在您的系统上正常工作后，您可以在你的系统上安装（这是非常容易实现的）。在原始的Dazuko源代码目录（不是example_c目录）您可运行（作为root）：
make install
This performs the necessary actions to install the Dazuko device driver to your system.
这执行了在您的系统上安装Dazuko设备驱动的必要步骤。

liuxingyuan

关于Dazoko的下载和最新信息参见http://www.dazuko.org/indexold.shtml