[KB7907] Install ESET PROTECT On-Prem on Debian 10

Issue

You are using Debian Linux version 10, and you need to install ESET PROTECT On-Prem

Details

Click to expand

This article describes the installation process on Debian 10 as installed from the official small installation image. If you already have some software installed, the installation process might differ.

Solution

Prerequisites
Install the MySQL database
Install ODBC connector
Install the required tools
Install the server component of ESET PROTECT On-Prem
Install the Web Console
Install the ESET Management Agent
Optional: Remove redundant files

I. Prerequisites

Verify your internet connection. If you have a problem with your connection, use the following command to list the available network devices.

nmcli d

To connect to the network, use the command nmtui.

Install Linux tool nano wget.

sudo apt-get install nano wget

II. Install the MySQL database

Download the MySQL repository file.

wget https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-server_8.0.23-1debian10_amd64.deb-bundle.tar

Extract the MySQL repository.

tar -xvf mysql-server_8.0.23-1debian10_amd64.deb-bundle.tar

Install the MySQL prerequisites.

sudo apt-get install libaio1 libmecab2

Preconfigure the MySQL server.

sudo dpkg-preconfigure mysql-community-server_8.0.23-1debian10_amd64.deb

Install the MySQL server.

sudo dpkg -i mysql-{common,community-client-plugins,community-client-core,community-client,client,community-server-core,community-server,server}_8.0.23-1debian10_amd64.deb

After the server is installed, open the MySQL configuration file.

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

Add the following lines to the mysqld section:

max_allowed_packet=33M
log_bin_trust_function_creators=1
innodb_log_file_size=150M
innodb_log_files_in_group=2

Save the changes. Press CTRL + X and press Y to confirm.
Restart the MySQL service.

sudo systemctl restart mysql

Verify that the MySQL service is running.

sudo systemctl status mysql

III. Install ODBC connector

Install unixODBC drivers.

sudo apt-get install unixodbc

Download the ODBC file. Do not install using the APT, as this will install the latest version.

wget https://downloads.mysql.com/archives/get/p/10/file/mysql-connector-odbc-8.0.17-linux-debian10-x86-64bit.tar.gz

Unzip the ODBC driver archive.

gunzip mysql-connector-odbc-8.0.17-linux-debian10-x86-64bit.tar.gz

Extract the ODBC driver.

tar -xvf mysql-connector-odbc-8.0.17-linux-debian10-x86-64bit.tar

Navigate to the ODBC driver folder.

cd mysql-connector-odbc-8.0.17-linux-debian10-x86-64bit

Copy ODBC driver files.

sudo cp bin/* /usr/local/bin
sudo cp lib/* /usr/local/lib

Set up the ODBC driver.

sudo myodbc-installer -a -d -n "MySQL ODBC 8.0 Driver" -t "Driver=/usr/local/lib/libmyodbc8w.so"
sudo myodbc-installer -a -d -n "MySQL ODBC 8.0" -t "Driver=/usr/local/lib/libmyodbc8a.so"

List the installed drivers.

sudo myodbc-installer -d -l

IV. Install the required tools

Update your OpenSSL.

sudo apt-get install openssl

Install Xvfb.

sudo apt-get install xvfb

Install Cifs-utils.

sudo apt-get install cifs-utils

Install QtWebKit.

sudo apt-get install libqtwebkit4

Install Kerberos.

sudo apt-get install krb5-user

Install LDAP Search.

sudo apt-get install ldap-utils

Install SNMP.

sudo apt-get install snmp

V. Install the Server component of ESET PROTECT On-Prem

Download the ESET PROTECT Server installer.

wget https://download.eset.com/com/eset/apps/business/era/server/linux/latest/server-linux-x86_64.sh

Configure the server installation file set as an executable.

chmod +x server-linux-x86_64.sh

Create the temporary installer script.

touch server_installer.sh

Open the temporary script and paste the following code:

sudo ./server-linux-x86_64.sh \
--skip-license \
--db-type="MySQL Server" \
--db-driver="MySQL ODBC 8.0 Driver" \
--db-hostname=localhost \
--db-port=3306 \
--db-admin-username=root \
--db-admin-password=password from step II.4. \
--server-root-password=password \
--db-user-username=erauser \
--db-user-password=strong complex password \
--cert-hostname="hostname, IP, FQDN"

Update the hostname and IP address in the file to fit your installation. Use the IP address that agent machines will use to reach the Server machine. Make sure to set up a complex db-user-password. A weak password will cause the installation to fail.
Run the installer script.

sudo sh server_installer.sh

Verify that the ESET PROTECT Server service is running.

sudo systemctl status eraserver

VI. Install the Web Console

Install JDK.

sudo apt-get install openjdk-11-jdk

Verify the installed version of JDK.

java -version

Install Tomcat.

sudo apt-get install tomcat9

Verify that the Tomcat service is running.

sudo systemctl status tomcat9

Download the Web Console.

wget https://download.eset.com/com/eset/apps/business/era/webconsole/latest/era.war

Copy the Web Console file to the Tomcat folder.

sudo cp era.war /var/lib/tomcat9/webapps/

Restart the Tomcat service to deploy the era.war file.

sudo systemctl restart tomcat9

Verify the era folder is present in the Tomcat folder.

ls /var/lib/tomcat9/webapps

The output should look as follows:

era era.war

You can now connect the Web Console to other machines. For example, try the following:

http://localhost:8080/era

The ESET PROTECT Server is deployed where localhost is replaced by the IP address of your machine.

Continue to the next section if you can open the ESET PROTECT Web Console and log in with Administrator credentials (the password was set in the installer script as db-user-username).

The connection to the Web Console is now available only via HTTP. You can set up a new HTTPS connection.

VII. Install the ESET Management Agent

Download the Agent installer.

wget https://download.eset.com/com/eset/apps/business/era/agent/latest/agent-linux-x86_64.sh

Set the installer as executable.

chmod +x agent-linux-x86_64.sh

Create temporary agent_installer.sh script.

touch agent_installer.sh

For a server-assisted installation, open the temporary script and use the following code:

Replace hostname and password

The hostname is the IP or hostname of the ESET PROTECT Server machine
The Web Console password is the password you use to log in to ESET PROTECT Web Console

sudo ./agent-linux-x86_64.sh \
--skip-license \
--hostname=hostname \
--port=2222 \
--webconsole-user=Administrator \
--webconsole-password=password \
--webconsole-port=2223

Run the installer script.

sudo sh agent_installer.sh

When prompted, press y to accept the certificate.
Verify that the ESET Management Agent service is running.

sudo systemctl status eraagent

Open the ESET PROTECT Web Console and log in as Administrator. If the Computers section contains your server machine, the Agent is installed successfully.

VIII. Optional: Remove redundant files

After the components installation is finished successfully, remove the installers and scripts.

rm -rf agent_installer.sh
rm -rf agent-linux-x86_64.sh
rm -rf era.war
rm -rf server_installer.sh
rm -rf server-linux-x86_64.sh
rm -rf libmysqlclient21_8.0.23-1debian10_amd64.deb
rm -rf libmysqlclient-dev_8.0.23-1debian10_amd64.deb
rm -rf mysql-client_8.0.23-1debian10_amd64.deb
rm -rf mysql-common_8.0.23-1debian10_amd64.deb
rm -rf mysql-community-client_8.0.23-1debian10_amd64.deb
rm -rf mysql-community-client-core_8.0.23-1debian10_amd64.deb
rm -rf mysql-community-client-plugins_8.0.23-1debian10_amd64.deb
rm -rf mysql-community-server_8.0.23-1debian10_amd64.deb
rm -rf mysql-community-server-core_8.0.23-1debian10_amd64.deb
rm -rf mysql-community-server-debug_8.0.23-1debian10_amd64.deb
rm -rf mysql-community-test_8.0.23-1debian10_amd64.deb
rm -rf mysql-community-test-debug_8.0.23-1debian10_amd64.deb
rm -rf mysql-connector-odbc-8.0.17-linux-debian10-x86-64bit
rm -rf mysql-connector-odbc-8.0.17-linux-debian10-x86-64bit.tar
rm -rf mysql-server_8.0.23-1debian10_amd64.deb
rm -rf mysql-server_8.0.23-1debian10_amd64.deb-bundle.tar
rm -rf mysql-testsuite_8.0.23-1debian10_amd64.deb

Last Updated: Dec 4, 2023