Agent installation - Linux

Installation of the ESET Management Agent component on Linux is performed using a command in the Terminal. Make sure all prerequisites are met. Connection to the ESMC Server is resolved using the parameters --hostname and --port (port is not used when an SRV record is provided). hmtoggle_plus0Possible connection formats.

validation-status-icon-warning IMPORTANT

The communication protocol between Agent and ESMC Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESMC Server that requires authentication will not work.

If you choose to use a non-default port for the Web Console or Agent, it may require a firewall adjustment. Otherwise, the installation may fail.

Example of an installation script
(New lines are split by "\" for copying the whole command to Terminal.)

Server-assisted installation

./agent-linux-x86_64.sh \
--skip-license \
--hostname=10.1.179.36 \
--port=2222 \
--webconsole-user=Administrator \
--webconsole-password=aB45$45c \
--webconsole-port=2223

Offline installation

./agent-linux-x86_64.sh \
--skip-license \
--cert-path=/home/admin/Desktop/agent.pfx \
--cert-auth-path=/home/admin/Desktop/CA.der \
--cert-password=N3lluI4#2aCC \
--hostname=10.1.179.36 \
--port=2222

Parameters

Attribute

Description

Required

--hostname

Hostname or IP address of ESMC Server to connect.

Yes

--port

ESMC Server port (default value is 2222).

Yes

--cert-path

Local path to the Agent certificate file (more about certificate).

Yes (Offline)

--cert-auth-path

Path to the server's Certificate Authority file (more about authority).

Yes (Offline)

--cert-password

Certificate Authority password. Must match the Agent certificate password.

Yes (Offline)

--cert-auth-password

Certificate Authority password.

Yes (if it is used)

--skip-license

Installation will not ask user for license agreement confirmation.

No

--product-guid

Product GUID (if not defined, it will be generated).

No

--cert-content

Base64 encoded content of PKCS12 encoded public key certificate plus private key used to set up secure communication channels with Server and Agents. Use only one of the --cert-path or --cert-content options.

No

--cert-auth-content

Base64 encoded content of DER encoded certificate authority private key certificate used to verify remote peers (Proxy or Server). Use only one of the --cert-auth-path or --cert-auth-content options.

No

--webconsole-hostname

Hostname or IP address used by Web Console to connect to the server (if left empty, value will be copied from 'hostname').

No

--webconsole-port

Port used by Web Console to connect to the server (default value is 2223).

No

--webconsole-user

Username used by Web Console to connect to the server (default value is Administrator).

No

--webconsole-password

Password used by Web Console to connect to the server.

Yes (S-a)

--proxy-hostname

HTTP Proxy hostname for connecting to the server.

If proxy is used

--proxy-port

HTTP Proxy port for connecting to the server.

If proxy is used

--proxy-user

Username for HTTP Proxy.

If proxy is used

--proxy-password

Password for HTTP Proxy.

If proxy is used

--enable-imp-program

Turns on Product improvement program.

No

--disable-imp-program

Turns off Product improvement program.

No

Connection and certificates

Connection to the ESMC Server must be provided: --hostname, --port (port is not needed if service record is provided, the default port value is 2222)

Provide this connection information for Server-assisted installation: --webconsole-port, --webconsole-user, --webconsole-password

Provide certificate information for Offline installation: --cert-path, --cert-password
Installation parameters --cert-path and --cert-auth-path require certification files (.pfx and .der) which can be exported from ESMC Web Console. (Read how to export the .pfx file and the .der file.)

Password type parameters

Password type parameters can be provided as environment variables, files, read from stdin or provided as plain text. That is:

--password=env:SECRET_PASSWORD where SECRET_PASSWORD is an environment variable with password

--password=file:/opt/secret where first line of regular file /opt/secret contains your password

--password=stdin instructs the installer to read the password from standard input

--password="pass:PASSWORD" is equal to --password="PASSWORD" and is mandatory if the actual password is "stdin"(standard input) or a string starting with "env:", "file:" or "pass:"

 

validation-status-icon-warning IMPORTANT

The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during the initialization of the Agent.

HTTP Proxy connection

If you are using HTTP Proxy, you can specify the connection parameters in --proxy-hostname, --proxy-port, --proxy-user and --proxy-password.

EXAMPLE - offline Agent installation with HTTP Proxy Connection

./agent-linux-x86_64.sh \

--skip-license \

--cert-path=/home/admin/Desktop/agent.pfx \

--cert-auth-path=/home/admin/Desktop/CA.der \

--cert-password=N3lluI4#2aCC \

--hostname=10.1.179.36 \

--port=2222 \

--proxy-hostname=10.1.180.3 \

--proxy-port=3333 \

--proxy-user=Administrator \

--proxy-password=AdMiN_p1$$w0r4

Installer log

The installer log may be useful for troubleshooting and can be found in Log files.

To see if the installation was successful, verify that the service is running by executing the following command:

sudo service eraagent status

Upgrade and repair installation of Agent on Linux

If you run the Agent installation manually on a system where the Agent is already installed, the following scenarios can occur:

Upgrade - higher version of installer is run.

oServer-assisted installation - application is upgraded, but it will keep using previous certificates.

oOffline installation - application is upgraded, new certificates are used.

Repair - same version of installer is run. This can be used for migration of the Agent to a different ESMC Server.

oServer assisted installation - application is reinstalled and it will get current certificates from the ESMC Server (defined by hostname parameter).

oOffline installation - application is reinstalled, new certificates are used.

 

If you are migrating agent from older Server to a different newer ESMC Server manually, and you are using Server-assisted installation, run the installation command twice. The first will upgrade the Agent and second one will get the new certificates, so the Agent can connect the ESMC Server.