Corporate endpoint security?

I am working at a small company that has until now allowed me to do whatever I want with my PC and its OS. They are now requiring that everyone install Bitdefender. I tried my darnedest to get Bitdefender packaged for NIxOS, but I think it’s probably impossible.

As for alternatives, I see ClamAV is available for NIxOS, but it’s not exactly a comprehensive endpoint security solution.

Has anyone else gotten over this hurdle, using some other endpoint security suite?

1 Like

Its not impossible but not easy. Did you try jailing it in a FHS container and limit its CPU that it can scan that container until death?

1 Like

Lol I have considered the “boxed” approach, although I feel like it’s kind of dishonest.

1 Like

Why? If you cannot compile an application from the sources it’s one of the few way you can follow to package it… maybe the other is using patchelf wisely?

1 Like

If it’s boxed and can’t scan the whole system, then it’s not really doing what my employer thinks it’s doing.

I have patchelfed the installation binaries you download (bdconfigure32/64), but the installation script then wants to go off and download more proprietary packages based on your distro, using either yum or apt-get or rpm or zypper. Maybe I could try to figure out how to obtain and use those binaries? But it looks like a giant pain, and not guaranteed to work even if I did all the work to package it.

1 Like

I think another way could be to work with the deb package as the “source”… I see an ubuntu install guide here from that it’s simple to get the url of the .deb you need, and then you can extract the application directly from it and do the elf patching on the real app, instead of the installer. Unfortunately I don’t have much experience with packaging that way…

1 Like

there are other apps that use the .deb as the source, like nixpkgs/bitwig-studio4.nix at 20dc478985d6545df53f0153f4af125eb014083d · NixOS/nixpkgs · GitHub … you may look there for inspiration :wink:

1 Like

That’s solid advice! I will look into that if they won’t let me get away with ClamAV

1 Like

Thank you for helping me out

2 Likes

I suggest having a look at dropbox - it runs a bootstrapper in an FHS environment and then updates itself.

2 Likes

dream2nix seems to have grown a “debian” subsystem as well that might work, but psshhh, it’s not documented yet so we probably shouldn’t know about it.

1 Like