Install ESMC Server di Debian

Update OS

apt update && apt upgrade

Install Dependencies

apt install wget lshw default-jdk tomcat8 mysql-server unixodbc xvfb cifs-utils libqtwebkit4 krb5-user winbind snmp ldap-utils libsasl2-modules-gssapi-mit selinux-policy-dev samba apache2 apache2-utils 

Download ODBC mysql Debian 5.3.10 (saat ini hanya bisa 5.3.10 atau dibawahnya, disarankan 5.3.10)

wget https://dev.mysql.com/get/Downloads/Connector-ODBC/5.3/mysql-connector-odbc-5.3.10-linux-debian9-x86-64bit.tar.gz

Ekstrak ODBC

tar xvzf mysql-connector-odbc-5.3.10-linux-debian9-x86-64bit.tar.gz

Copy Driver ke folder ODBC

cp mysql-connector-odbc-5.3.10-linux-debian9-x86-64bit/lib/libmyodbc5* /usr/lib/x86_64-linux-gnu/odbc/

Edit Mysql

vi /etc/mysql/mysql.conf.d/mysqld.cnf

Edit pada bagian [mysqld] dengan konfigurasi berikut

# ESET Requirement
max_allowed_packet = 500M
innodb_log_file_size = 100M
innodb_log_files_in_group = 4
innodb_lock_wait_timeout=600

Restart Mysql

service mysql restart

Edit ODBC

vi /etc/odbcinst.ini

Ketik konfigurasi berikut Untuk 64bit

[MySQL]
Description = ODBC for MySQL
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
Threading = 0

Untuk 32bit

[MySQL]
Description = ODBC for MySQL
Driver = /usr/lib/i386-linux-gnu/odbc/libmyodbc.so
Setup = /usr/lib/i386-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
Threading = 0

Download dan copy file ERA Console

wget https://download.eset.com/com/eset/apps/business/era/webconsole/latest/era.war && cp era.war /var/lib/tomcat7/webapps/

Restart Service Tomcat

systemctl restart tomcat8 

Tes ERA Console

http://IP_ADDRES_ATAU_HOSTNAME:8080/era

Download file-file yang dibutuhkan: Untuk 64 bit

echo "https://download.eset.com/com/eset/apps/business/era/rdsensor/latest/rdsensor-linux-x86_64.sh
https://download.eset.com/com/eset/apps/business/era/agent/latest/agent-linux-x86_64.sh
https://download.eset.com/com/eset/apps/business/era/server/linux/latest/server-linux-x86_64.sh" >> download.txt && wget -i download.txt

Untuk 32 bit / x86

echo "https://download.eset.com/com/eset/apps/business/era/rdsensor/latest/rdsensor-linux-i386.sh
https://download.eset.com/com/eset/apps/business/era/agent/latest/agent-linux-i386.sh
https://download.eset.com/com/eset/apps/business/era/server/linux/latest/server-linux-i386.sh" >> download.txt && wget -i download.txt

Ubah permission installer agar bisa di install

chmod +x Server-Linux-x86_64.sh Agent-Linux-x86_64.sh RDSensor-Linux-x86_64.sh

Install ERA Server

./server-Linux-x86_64.sh --skip-license --db-driver=MySQL --db-hostname=127.0.0.1 --db-port=3306 --db-admin-username=root --db-admin-password=eraadmin --server-root-password=eraadmin --db-user-username=root --db-user-password=eraadmin --cert-hostname="*"

Install Agent

./agent-Linux-x86_64.sh --skip-license --hostname=localhost --port=2222 --webconsole-hostname=localhost --webconsole-port=2223 --webconsole-user=administrator --webconsole-password=eraadmin --cert-auto-confirm

Install RDSensor

./rdsensor-Linux-x86_64.sh --skip-license 

Aktifkan module Apache berikut

a2enmod access_compat auth_basic authn_core authn_file authz_core authz_groupfile authz_host proxy proxy_http proxy_connect cache cache_disk ssl headers alias

Edit Konfigurasi Port Apache

vi /etc/apache2/ports.conf

Edit pada bagian listen Listen 3128 Edit Konfigurasi Apache untuk Cache :

vi /etc/apache2/mods-available/cache_disk.conf

Beri tanda pagar/uncomment untuk konfigurasi sebelumnya dan masukkan konfigurasi Berikut sebelum bagian </ifmodule>

##################################################################
#################  Konfigurasi Cache ESET  #######################

#
# Enable HTTP Cache
#
CacheEnable disk http://
CacheDirLevels 4
CacheDirLength 2
CacheDefaultExpire 3600
CacheMaxFileSize 200000000
CacheMaxExpire 604800
CacheQuickHandler Off
CacheRoot /var/cache/apache2/mod_cache_disk

################### End Of Configuration #########################
##################################################################

Cek Folder /var/cache/apache2/mod_cache_disk apakah ada atau tidak, jika ada skip langkah berikut ll /var/cache/apache2 Jika tidak ada folder mod_cache_disk, silakan jalankan langkah berikut

mkdir /var/cache/apache2/mod_cache_disk
chown www-data /var/cache/apache2/mod_cache_disk
chgrp www-data /var/cache/apache2/mod_cache_disk

Edit Konfigurasi Apache Proxy vi /etc/apache2/mods-available/proxy.conf Masukkan Konfigurasi Berikut sebelum bagian </ ifmodule>

##################################################################
############### Konfigurasi HTTP Proxy ESET ####################

#ProxyRemote * http://user_proxy:password_proxy@IPSERVERPROXY:3128

ProxyRequests On
ProxyVia On

CacheLock on
CacheLockMaxAge 10
ProxyTimeOut 900

SetEnv proxy-initial-not-pooled 1

ErrorLog "|/usr/bin/rotatelogs -n 10 /var/log/apache2/error_log 1M"

<VirtualHost *:3128>
ProxyRequests On
</VirtualHost>

<VirtualHost *:3128>
ServerName r.edtd.eset.com

<If "%{REQUEST_METHOD} == 'CONNECT'">
Require all denied
</If>

ProxyRequests Off
CacheEnable disk /
SSLProxyEngine On

RequestHeader set Front-End-Https "On"
ProxyPass / https://r.edtd.eset.com/ timeout=300 keepalive=On ttl=100 max=10 smax=10
ProxyPassReverse / http://r.edtd.eset.com/ keepalive=On
</VirtualHost>

<Proxy *>
Deny from all
</Proxy>
#*.eset.com:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[c,C][o,O][m,M](:[0-9]+)?(/.*)?$>
Allow from all
</ProxyMatch>
#*.eset.eu:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[e,E][u,U](:[0-9]+)?(/.*)?$>
Allow from all
</ProxyMatch>
#*.eset.systems:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,S][e,E][t,T]\.[s,S][y,Y][s,S][t,T][e,E][m,M][s,S](:[0-9]+)?(/.*)?$>
Allow from all
</ProxyMatch>
#Antispam module (ESET Mail Security only):
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mailshell.net|ds1-uk-rules-3.mailshell.net|fh-uk11.mailshell.net)(:[0-9]+)?(/.*)?$>
Allow from all
</ProxyMatch>
#Services (activation)
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs.trafficmanager.net)(:[0-9]+)?(/.*)?$>
Allow from all
</ProxyMatch>
#ESET servers accessed directly via IP address:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([0-9]+)(:[0-9]+)?(/.*)?$>
Allow from all
</ProxyMatch>

#Microsoft trusted roots distribution
<ProxyMatch (?i)^http:\/\/www.download.windowsupdate.com\/msdownload\/update\/v3\/static\/trustedr\/.*\/.*?$>
Allow from all
</ProxyMatch>
#Microsoft pki (crt and crl)
<ProxyMatch (?i)^http:\/\/.*\.microsoft\.com\/pki\/.*$>
Allow from all
</ProxyMatch>
# MS Network Connectivity Status Indicator https://technet.microsoft.com/en-us/library/cc766017(v=ws.10).aspx
<ProxyMatch (?i)^http://www.msftncsi.com/ncsi.txt$>
Allow from all
</ProxyMatch>
#Symantec/thawte ocsp/crl
<ProxyMatch (?i)^http:\/\/.*\.symcd\.com\/.*$>
Allow from all
</ProxyMatch>
#Symantec ocsp
<ProxyMatch (?i)^http:\/\/ocsp\.verisign\.com\/.*?$>
Allow from all
</ProxyMatch>

#Allow connection to my ESMC Server machine jika hostname dan IP
#<ProxyMatch ^(hostname\.example(:[0-9]+)?(\/.*)?|10\.1\.1\.123(:[0-9]+)?(\/.*)?)$>
#Allow from all
#</ProxyMatch>

#Allow connection to my ESMC Server machine jika FQDN atau hostname
#<ProxyMatch ^(console\.awanpintar(:[0-9]+)?(\/.*)?)$>
#Allow from all
#</ProxyMatch>

#Allow connection to my ESMC Server machine jika IP, dalam contoh adalah IP ESMC adalah 10.1.1.123
#<ProxyMatch ^(10\.1\.1\.123(:[0-9]+)?(\/.*)?)$>
#Allow from all
#</ProxyMatch>


AllowCONNECT 443 563 2222

############# End Of Configuration #########################
##################################################################

 

Restart apache service: systemctl restart apache2 Edit Konfigurasi htcacheclean Apache nano /etc/default/apache-htcacheclean Edit size dan interval htcacheclean

HTCACHECLEAN_SIZE=10000M
HTCACHECLEAN_DAEMON_INTERVAL=60
HTCACHECLEAN_PATH=/var/cache/apache2/mod_cache_disk

Start apache-htcacheclean service:

systemctl start apache-htcacheclean