[KB7838] Install ESET PROTECT on CentOS 7 (8.x–10.x)
Issue
- You are using CentOS Linux version 7 and you need to install ESET PROTECT
Details
Click to expand
This article describes the installation process on CentOS 7 as installed from the official Minimal installer. If you already have some software installed, the installation process might differ.
Solution
- Prerequisites
- Install the database
- Install ODBC connector
- Install the prerequisites
- Install the server component of ESET PROTECT
- Install the Web Console
- Install the ESET Management Agent
- Remove redundant files
I. Prerequisites
- Check your internet connection. For example, try searching for a website on google.
If you have a problem with your connection, use the following command to list available network devices:
nmcli dTo connect to the internet, use the simple tool nmtui which works in the command line.
- Install some basic Linux tools.
To finish the installation, you can use a basic Linux tool of your choice. This guide uses nano wget.
sudo yum install nano wget -yII. Install the database
- Download the MySQL repository file.
wget https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm- Import the GPG Key for MySQL.
rpm -import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022- Install the MySQL repository.
sudo rpm -Uvh mysql80-community-release-el7-3.noarch.rpm- Install the MySQL server.
sudo yum install mysql-community-server -y- After the server is installed, open the MySQL configuration file.
sudo nano /etc/my.cnf- Add the following lines to the [mysqld] section:
max_allowed_packet=33M
log_bin_trust_function_creators=1
innodb_log_file_size=150M
innodb_log_files_in_group=2- Save the changes. Press CTRL + X and press Y to confirm.
- Start the MySQL service.
sudo systemctl start mysqld- The database root temporary password is created automatically during the installation. Retrieve it using the following command:
sudo grep 'temporary' /var/log/mysqld.log- Copy and save the password.
- Open the MySQL.
mysql -u root -p- Type in the password from step 9.
- Change the root password.
ALTER USER 'root'@'localhost' IDENTIFIED BY 'super_strong_new_password';- The output should resemble the following:
Query OK, 0 rows affected (0.02 sec)- Quit the MySQL console.
quit- Install unixODBC drivers.
sudo yum install unixODBC -y- Download the file directly. Do not install the driver using YUM as it will not install the latest compatible version.
wget https://downloads.mysql.com/archives/get/p/10/file/mysql-connector-odbc-8.0.17-1.el7.x86_64.rpm- Install the ODBC driver.
sudo rpm -ivh mysql-connector-odbc-8.0.17-1.el7.x86_64.rpm --nodeps- Setup the ODBC driver.
sudo myodbc-installer -a -d -n "MySQL ODBC 8.0.17" -t "Driver=/usr/lib64/libmyodbc8w.so"- List the installed drivers:
sudo myodbc-installer -d -l- Update your OpenSSL.
sudo yum install openssl -y- Install Xvfb.
sudo yum install xorg-x11-server-Xvfb -y- Install Cifs-utils.
sudo yum install cifs-utils- The QtWebKit is not in the standard CentOS repository. You can install the EPEL release and use the
qtwebkit-develpackage.
sudo yum install -y epel-release
sudo yum install qtwebkit-devel- Install Kerberos.
yum install krb5-workstation- Install LDAP Search.
sudo yum install openldap-clients cyrus-sasl-gssapi cyrus-sasl-ldap -yV. Install the Server component of ESET PROTECT
- Download the ESET PROTECT Server installer.
wget https://download.eset.com/com/eset/apps/business/era/server/linux/latest/server-linux-x86_64.sh- Configure the server installation file set as an executable.
chmod +x server-linux-x86_64.sh- Create the temporary installer script.
touch installer.sh- Open the temporary script and paste the following code:
sudo ./server-linux-x86_64.sh \
--skip-license \
--db-type="MySQL Server" \
--db-driver="MySQL ODBC 8.0.17" \
--db-hostname=localhost \
--db-port=3306 \
--db-admin-username=root \
--db-admin-password=password form step II.12. \
--server-root-password=password \
--db-user-username=erauser \
--db-user-password=strong complex password \
--cert-hostname="hostname, IP, FQDN"- Modify the code in the file to fit your installation, including the hostname and IP address of your machine. Use the IP address that agent machines will use to reach the Server machine. Make sure to set up a complex
db-user-password. A weak password will cause the installation to fail. - Run the installer script.
sudo sh installer.sh- The installation may end with
SELinux policy... failure. That can be ignored if you do not use SELinux. - Start the ESET PROTECT Server service.
sudo systemctl start eraserver
sudo systemctl status eraserverYou should see that the service is active.
- Install JDK and Tomcat.
yum install java-1.8.0-openjdk tomcat- Download the Web Console.
wget https://download.eset.com/com/eset/apps/business/era/webconsole/latest/era.war- Move the Web Console file to the Tomcat folder.
sudo cp era.war /var/lib/tomcat/webapps/- Restart the Tomcat service to deploy the
era.warfile.
sudo systemctl restart tomcat- Check the tomcat folder, if the era folder is present.
ls /var/lib/tomcat/webappsThe output should resemble the following:
era era.war- You can now connect the Web Console from other machines. For example, try the following:
http://10.1.0.1:8080/eraThe PROTECT Server is deployed where 10.1.0.1 is replaced by the IP address of your machine.
Continue to the next section if you can open the ESET PROTECT Web Console and log in with Administrator credentials (the password was set in the installer script as server-root-password).
The connection to the Web Console is now available only via HTTP. You can set up HTTPS connection..
Troubleshooting the Web Console connection
If you are unable to connect to the Web Console, there are a few possible reasons:
- Check if all services are running:
If one of the services is not active, start it.sudo systemctl status eraserver sudo systemctl status tomcat
To start Tomcat service:
To make Tomcat start after each boot run:sudo systemctl start tomcatsudo systemctl enable tomcat - Check if network ports are open. The CentOS can have a firewall blocking the 8080 port for outside connection. CentOS7 uses
FirewallD, so use the following commands to permanently open port 8080:
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload- Download the Agent installer.
wget https://download.eset.com/com/eset/apps/business/era/agent/latest/agent-linux-x86_64.sh- Set the installer as executable.
chmod +x agent-linux-x86_64.sh- Create agent_installer.sh script.
touch agent_installer.sh- Open the file for editing:
nano agent_installer.sh- Paste and modify the following script (for server-assisted installation) to the file and save it.
sudo ./agent-linux-x86_64.sh \
--skip-license \
--hostname=10.1.0.1 \
--port=2222 \
--webconsole-user=Administrator \
--webconsole-password=password \
--webconsole-port=2223where:
- The hostname is the IP or hostname of the PROTECT Server machine
- The Web Console password is the password you use to log in to ESET PROTECT Web Console
- Run the installer script.
sudo sh agent_installer.shWhen prompted, press y to accept the certificate.
You can ignore any errors about SELinux returned by the installer.
7. Set the ESET Management Agent service to start and enable starting after computer boot-up.
sudo systemctl enable eraagent
sudo systemctl start eraagent- Open the ESET PROTECT Web Console and log in as Administrator. If the Computers section contains your server machine, the Agent is installed successfully.
- After the components installation is finished successfully, remove the installers and scripts.
rm -rf agent_installer.sh
rm -rf agent-linux-x86_64.sh
rm -rf installer.sh
rm -rf era.war
rm -rf mysql80-community-release-el7-3.noarch.rpm
rm -rf mysql-connector-odbc-8.0.17-1.el7.x86_64.rpm
rm -rf qtwebkit-2.3.4-29.fc32.x86_64.rpm
rm -rf server-linux-x86_64.sh
Last Updated: Nov 10, 2022
