How do I check if "noexec" flag exists on a Linux OS?

On Linux, MetaDefender Core deploys its engines and files in the /var/lib and /usr/lib folders. Depending on your file mount security policy, you may have mounted /var or /usr with the flag “noexec”. The “noexec” flag essentially will not allow any direct execution of binaries from the mounted filesystem/folder. In essence, if this flag exists, MetaDefender Core will not be able to launch its engine processes. This will result in an engine with a “permanently_failed” module.

To check if “noexec” flag exists on /var or /usr simply do the following

  • Run Terminal and use one of the following commands:

    • findmnt -l | grep noexec
      images/download/attachments/4684631/Image_073.png

      OR

    • mount | grep noexec
      images/download/attachments/4684631/Image_074.png

  • Using the commands above will reveal if there is a mount point with the “noexec” flag

  • If /var or /usr exist on the list, then you must remove the “noexec” flag with the following command:

    • mount -o remount,rw,exec /var

    • mount -o remount,rw,exec /usr

This article applies to MetaDefender Core v4 Linux
This article was last updated on 2020-20-02
AA