[KB7812] Install ESET PROTECT on Linux and connect it to SQL Server on Windows

Issue

  • Install ESET PROTECT Server on Linux and connect it to your MS SQL database installed on a Windows Server.

Solution

Prerequisites


I. Configure MS SQL Server

  1. Allow TCP/IP connections to the SQL database on port 1433, as described here.
     
  2. Create a database and database user that you will use to access the database.
 

II. Install ESET PROTECT Server on Linux and connect it to MS SQL Server database installed on Windows

  1. Open the Terminal as root and run the code below (line by line) to install the Microsoft ODBC driver for Linux:
    ODBC versions:

    Version 13 and later of Microsoft ODBC driver is supported. We recommend that you use the latest version (version 17).

    The example below shows the installation of ODBC driver version 17 on Ubuntu 16.04 and Red Hat Enterprise Linux/CentOS 7. See the installation instructions for different Microsoft ODBC driver versions and different Linux distributions and versions on this Microsoft page.

    Ubuntu 20.04:

    apt install curl
    curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
    curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > /etc/apt/sources.list.d/mssql-release.list
    apt-get update
    ACCEPT_EULA=Y apt-get install msodbcsql17

    Red Hat Enterprise Linux 7/CentOS 7:

    curl https://packages.microsoft.com/config/rhel/7/prod.repo > /etc/yum.repos.d/mssql-release.repo
    yum remove unixODBC-utf16 unixODBC-utf16-devel
    ACCEPT_EULA=Y yum install msodbcsql17
  1. Before installing ESET PROTECT Server on Linux, make sure the system meets all other prerequisites (except the ODBC driver).
     
  2. Download the ESET PROTECT Server installation file from the ESET website.
     
  3. Open the Terminal as root, navigate to the folder where you saved the ESET PROTECT Server installer and make the file executable:

    chmod +x server-linux-x86_64.sh
  4. Run the ESET PROTECT Server installer with proper parameters (see example code below).
    Installation parameters

    See all available installation parameters in ESET PROTECT Online Help. The code below is an example - substitute highlighted text with your values:

    sudo ./server-linux-x86_64.sh \
    --skip-license \
    --db-type="MS SQL Server" \
    --db-driver="ODBC Driver 17 for SQL Server" \
    --db-hostname=10.20.30.40 \
    --db-port=1433 \
    --db-admin-username=user \
    --db-admin-password=pAssword1 \
    --server-root-password=pAssword1 \
    --db-user-username=user \
    --db-user-password=pAssword1 \
    --cert-hostname="10.20.30.50;ubuntu1"


    If the installation stops with an error Unknown database driver or data source name you may need to install a different version of MS ODBC driver.
     
  5. After the successful installation, the ESET PROTECT Server installed on Linux is connected to SQL Server database installed on Windows.
     
  6. You can continue with other ESET PROTECT installation components: Web Console and ESET Management Agent.

 


III. Enable encrypted connection to MS SQL database (optional)

To improve security, enable an encrypted connection between the ESET PROTECT Server and the SQL database.

Enable encryption on MS SQL Server:

TLS 1.2 needs to be enabled on a supported MS SQL Server, visit this Microsoft article.

Perform the steps below on the ESET PROTECT Server Linux machine:

  1. Open the terminal as root.
     
  2. Stop the eraserver service:

    service eraserver stop
  3. Open the StartupConfiguration.ini file:

    nano /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
  4. Add the following code to the end of the file:

    Encrypt=yes;TrustServerCertificate=yes;
    Below is an example of the StartupConfiguration.ini file (replace the parts highlighted in yellow with your values):

    DatabaseType=MSSQLOdbc
    DatabaseConnectionString=Driver=ODBC Driver 17 for SQL Server;Server=10.20.30.40,1433;Uid=era_user;Pwd={SecretPassword};CharSet=utf8;Database=era_db;Encrypt=yes;TrustServerCertificate=yes;

     
  5. Save the updated file.
     
  6. Start the eraserver service:

    service eraserver start
  7. If you are able to log in to the ESET PROTECT Web Console, the encrypted connection to the database works properly. If you are not able to log in to the ESET PROTECT Web Console, revert your changes to the StartupConfiguration.ini file.