Unable to install Sophos on my Oracle Linux 8 system.

I am new to Sophos, but I have successfully in stalled Sophos on other systems with no issues. On this one system when I run the SophosInstall.sh script I get the following error: 

# ./SophosInstall.sh
Installing Sophos Anti-Virus for Linux with arguments: []
Downloading medium installer
installer/bin64/installer: error while loading shared libraries: libSUL.so.0: cannot open shared object file: No such file or directory
Failed to download the medium installer! (Error code = 127)

I am running this from root, the /tmp dir does not have noexec. Not sure what else to check. Thanks for the assist. 



Added TAGs
[edited by: Qoosh at 10:49 PM (GMT -7) on 3 Nov 2022]
  • Hi Brad,

    Let me know if you've already tried the steps in the following article. I see you mention noexec, though sharing the results from the command "mount | grep tmp" would help clarify.

    You may also want to try the steps in the following Recommended Read article. This will apply when you are trying to deploy SPL and not the Legacy installer.
    - Sophos Protection Linux - Update Support when upgrading on Unsupported Platforms

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Kushal, thanks for the quick response. The article doesn't help me. This is a fresh install. Below is the results of the mount command.

    # mount | grep tmp
    devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=4049128k,nr_inodes=1012282,mode=755)
    tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,relatime,seclabel)
    tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
    tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755)
    /dev/mapper/VG_OS-tmp on /tmp type xfs (rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota)
    /dev/mapper/VG_OS-var_tmp on /var/tmp type xfs (rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota)
    tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=813752k,mode=700,uid=1000,gid=1000)

  • I was able to locate the following article, which mentions additional steps required for Oracle Linux 8.
    - Additional steps to install SAV on Red Hat Enterprise Linux 8 and related platforms

    Let me know if this helps.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • No, same error that didn't help.

    # ./SophosInstall.sh --autostart=False
    Installing Sophos Anti-Virus for Linux with arguments: [--autostart=False]
    Downloading medium installer
    installer/bin64/installer: error while loading shared libraries: libSUL.so.0: cannot open shared object file: No such file or directory
    Failed to download the medium installer! (Error code = 127)

  • In some cases where CIS Level 1 hardening is enabled, this can cause issues with the installation. Could you try disabling this temporarily? 

    Another option would be to make changes to "fapolicyd" to reduce restrictions on the device. 

    If this still does not work, it may be best to open a support case so our team can look into this issue further. Please send me a PM with the case ID so I may add some notes to the case as well if you choose to go this route. 

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hi Kushal,

    Thank you for the help, Before we get to the support,  I have something for Brad. :)

    Hi

    The Linux installers failing to load such lib and other dependency files usually happen when the integrity of the file is questionable.

    With that being said, I remember doing this long back when I was facing the same issue.

    If the installer script is downloaded and transferred to the target machines, it is possible that it might have lost some data in the transmission.
    What can be done is, copy the download URL from Sophos central and use WGET to download the file directly to the target machine and try running the install script.

    Hopefully, this should show us some progress if not at least resolving. Do let us know how you get on with this.

    Thank You.

    Ismail Jaweed Ahmed (Ismail) 
    Senior Professional Service Engineer

  • It is the CIS hardening that is causing the issue. Once I remove it all then I can install Sophos just fine. Not exactly sure what exact setting kill the install but I'll figure that out in time. Thanks for the assist. 

  • I can confirm my RHEL9 installations with 800-171 security hardening also output the same "libSUL.so.0: cannot open shared object file: No such file or directory" message and Error code 127... 

    The RHEL hardening stigs are hitting this sh script from two sides
    1. noexec /tmp 
    2. fapolicyd

    # mkdir -p /opt/sophos_tmp && chmod 777 /opt/sophos_tmp
    # export TMPDIR=/opt/sophos_tmp/ && ./SophosSetup.sh
    This software is governed by the terms and conditions of a licence agreement with Sophos Limited
    Installation process for Sophos Linux Protection started
    installer/bin/installer: error while loading shared libraries: libSUL.so.0: cannot open shared object file: No such file or directory
    Failed to download the base installer! (Error code = 127)
    # rm -rf /opt/sophos_tmp

    FAPOLICY DENIED OUTPUT: ( # systemctl stop fapolicyd && fapolicyd --debug-deny)
    rule=12 dec=deny_audit perm=open auid=1191802640 pid=245840 exe=/opt/sophos_tmp/SophosCentralInstall_bKKYBnf/installer/bin/installer : path=/opt/sophos_tmp/SophosCentralInstall_bKKYBnf/installer/lib64/libSUL.so.0.0.0 ftype=application/x-sharedlib trust=0


    =====
    I'm not sure what you're going to do here to address this.


    Anyway, good luck!