Install Eset Protect 9.x di RHEL 7.x

ESET Protect
by prosperita

Instalasi ESET Protect – RHEL 7.x Tambahkan repo EPEL

yum install epel-release

Tambahkan repository MySQL 5.7

rpm -Uvh http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm
yum localinstall https://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022

Update OS

yum update

Install Dependencies RHEL 7.x

yum install -y wget lshw mysql-community-server mysql-connector-odbc xorg-x11-server-Xvfb cifs-utils krb5-workstation samba samba-winbind-clients openldap-clients net-snmp-utils net-snmp policycoreutils-devel java-1.8.0-openjdk tomcat qt4-webkit links yum-plugin-versionlock httpd setroubleshoot-server mod_ssl cyrus-sasl-gssapi cyrus-sasl-ldap xauth

note : Pastikan untuk mysql install versi 5.7.

Downgrade ODBC ke versi 5.3.10

yum downgrade mysql-connector-odbc-5.3.10

Lock Mysql Component agar tidak upgrade

yum versionlock mysql-*

Start MySQL

systemctl start mysqld

Ambil random root password

grep 'A temporary password is generated for root@localhost' /var/log/mysqld.log |tail -1

Buat password MySQL

mysql_secure_installation

# Edit Konfigurasi MySQL vi /etc/my.cnf

# Tambahkan di bawah [mysqld] dengan konfigurasi berikut

#ESET Requirement
max_allowed_packet = 500M
innodb_log_file_size = 100M
innodb_log_files_in_group = 4

Restart MySQ systemctl restart mysqld

Set MySQL agar start saat OS Restart

systemctl enable mysqld

Download ERA war ( Web-console )

wget https://download.eset.com/com/eset/apps/business/era/webconsole/latest/era.war

Kopi file ESET Protect Console cp era.war /var/lib/tomcat/webapps/

Restart Service Tomcatsystemctl restart tomcat

Set Tomcat agar start saat OS Restart systemctl enable tomcat

Download package server-linux, Agent-linux, RDSensor-Linux untuk link installer : https://www.eset.com/us/business/download/eset-protect/#standalone

#Download package ESET Protect pastikan sesuai berdasarkan OS.
wget https://download.eset.com/com/eset/apps/business/era/server/linux/latest/server-linux-x86_64.sh
wget https://download.eset.com/com/eset/apps/business/era/agent/latest/agent-linux-x86_64.sh
wget https://download.eset.com/com/eset/apps/business/era/rdsensor/latest/rdsensor-linux-x86_64.sh

# Ubah permission installer agar bisa di install chmod +x server-linux-x86_64.sh agent-linux-x86_64.sh mdmcore-linux-x86_64.sh rdsensor-linux-x86_64.sh

NOTE : Package installer mdm untuk install ESET mobile. jika tidak di install untuk mobile bisa di skip bagian MDM.

# Install ESMC Server ( sesuaikan dengan password mysql, password yang akan dipakai login ESMC )

./server-linux-x86_64.sh --skip-license --db-driver="MySQL ODBC 5.3 Unicode Driver" --db-hostname=127.0.0.1 --db-port=3306 --db-admin-username=root --db-admin-password=mysqlpassword --server-root-password="Passwordlogin" --db-user-username=root --db-user-password=mysqlpassword --cert-hostname="*" --enable-imp-program

# Coba Akses ESET Protect Webconsole silakan lanjutkan tahap Openfirewall
http://IP_ADDRES_ATAU_HOSTNAME:8080/era

# Backup Certificate
#https://help.eset.com/esmc_admin/70/en-US/export_a_public_key.html
#https://help.eset.com/esmc_admin/70/en-US/export_a_public_key.html?export_certificate.html

# Install Agent (sesuaikan dengan password login ESET Protect yang telah dibuat Sebelumnya)

./agent-linux-x86_64.sh --skip-license --hostname=localhost --port=2222 --webconsole-hostname=localhost --webconsole-port=2223 --webconsole-user=administrator --webconsole-password="passwordlogin" --cert-auto-confirm --enable-imp-program

Install RDSensor

./rdsensor-linux-x86_64.sh --skip-license

Open Port Firewall (silakan skip jika tidak terinstall)

firewall-cmd --zone=public --add-port=2222/tcp --permanent 
firewall-cmd --zone=public --add-port=2223/tcp --permanent
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=139/tcp --permanent
firewall-cmd --zone=public --add-port=445/tcp --permanent
firewall-cmd --zone=public --add-port=137/udp --permanent
firewall-cmd --zone=public --add-port=138/udp --permanent
firewall-cmd --zone=public --add-port=1237/udp --permanent
firewall-cmd --zone=public --add-port=1238/udp --permanent

# Jika Spesifik

firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="8080" protocol="tcp" accept' --permanent
firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="3128" protocol="tcp" accept' --permanent
firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.2.0/24" port port="2222" protocol="tcp" accept' --permanent
firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.2.0/24" port port="2223" protocol="tcp" accept' --permanent

Enable startup firewall systemctl reload firewalld

Install OPTIONAL Jika lisensi Minimal EEPS/EEPA

#Bahan yang diperlukan
#- export certificate agent dari ESMC
#- buat certificate mdm baru di ESMC lalu export dalam bentuk pfx

# Install MDM (pastikan mdm hostnamenya FQDN yang sifatnya public, untuk mysql password dan console password disamakan dengan ESMC yang telah dibuat sebelumnya)

./MDMCore-Linux-x86_64.sh --https-cert-path=PATH_Certificate_MDM_ESMC --port=2222 --db-type="MySQL" --db-driver="MySQL ODBC 5.3 Unicode Driver" --db-admin-username="root" --db-admin-password=PASSWORD_MYSQL --db-user-password=PASSWORD_MYSQL --db-hostname="127.0.0.1" --hostname=IP_ESMC --webconsole-password=PASSWORD_LOGIN_WEB_ESMC --cert-auto-confirm --mdm-hostname=FQDN_MDM --skip-license --enable-imp-program

Jika Upgrade dari versi sebelumnya

./MDMCore-Linux-x86_64.sh --hostname=IP_ESMC --webconsole-password=PASSWORD_LOGIN_WEB_ESMC --mdm-hostname=FQDN_MDM --https-cert-path=PATH_Certificate_MDM_ESMC --skip-license --enable-imp-program

Open Port Firewall(silakan skip jika tidak terinstall)

firewall-cmd --zone=public --add-port=9977/tcp --permanent
firewall-cmd --zone=public --add-port=9978/tcp --permanent
firewall-cmd --zone=public --add-port=9980/tcp --permanent
firewall-cmd --zone=public --add-port=9981/tcp --permanent
firewall-cmd --zone=public --add-port=9981/tcp --permanent
firewall-cmd --zone=public --add-port=5223/tcp --permanent
firewall-cmd --zone=public --add-port=2195/tcp --permanent
firewall-cmd --zone=public --add-port=2196/tcp --permanent

# Tes Mobile Device Connector jika anda menginstall MDM

https://IP_ADDRESS_ATAU_HOSTNAME:9980/

#Info lebih lengkap
http://kb.eset.co.id
https://help.eset.com/protect_install/80/en-US/installation.html
https://support.eset.com/