Select the tab
ESET PROTECT On-Prem – Table of Contents

Server prerequisites—Linux

Ensure to meet the following prerequisites to install the ESET PROTECT Server on Linux:

You must have a supported Linux operating system.

The required ports must be open and available—see the complete list of ports.

A database server must be installed and configured with a root account. A user account does not have to be created before the installation. The installer can create the account. Microsoft SQL Server on Linux is not supported. However, you can connect the ESET PROTECT Server on Linux to Microsoft SQL Server on Windows.


Note

The ESET PROTECT Server stores large data blobs in the database. Configure MySQL to accept large packet size for ESET PROTECT On-Prem to run properly.

The ESET PROTECT Server supports only the default MySQL database authentication method: caching_sha2_password.

ODBC Driver—The ODBC Driver is used to establish a connection with the database server (MySQL).

Set the server installation file as an executable using the Terminal command:

chmod +x server_linux_x86_64.sh

OpenSSL—ESET PROTECT Server 13.1 and later supports OpenSSL 3.x, and does not support OpenSSL 1.x. ESET Management Agent supports both OpenSSL 3.x and OpenSSL 1.x—The minimum supported version of OpenSSL for Linux is openssl-1.0.1e-30, but we recommend using the latest version of OpenSSL 1.1.1. There can be more versions of OpenSSL installed on one system simultaneously. At least one supported version must be present on your system.

oUse the command openssl version to show the current default version.

oYou can list all versions of OpenSSL present on your system. See the filename endings listed using the command sudo find / -iname *libcrypto.so*

oVerify if your Linux client is compatible using the following command: openssl s_client -connect google.com:443 -tls1_2

oFollow the Knowledgebase article to upgrade OpenSSL 1.1.1 to OpenSSL 3.x.

cifs-utils—Required for proper Agent deployment to a Windows operating system.

kinit + klist—Kerberos is used to authenticate a domain user when logging in and the Active Directory synchronization task. Ensure to configure Kerberos properly (/etc/krb5.conf). ESET PROTECT On-Prem supports synchronization with multiple domains.

ldapsearch—Used in AD synchronization task and for authorization.

snmptrap—Optional; used to send SNMP traps. SNMP also requires configuration.

SELinux devel package—Used during application installation to build SELinux policy modules. The package is only required on systems with SELinux enabled (RHEL). SELinux may cause problems with other applications. For ESET PROTECT Server, it is not necessary.

lshw—Install the lshw package on the client/server Linux machine for the ESET Management Agent to report the hardware inventory correctly.

The table below contains the appropriate terminal commands for each package described above for various Linux distributions (run the commands as sudo or root):

Package

Debian and Ubuntu distributions

Red Hat distributions and Rocky Linux

ODBC Driver

See ODBC installation and configuration.

See ODBC installation and configuration.

OpenSSL

apt install openssl -y

dnf install openssl -y

cifs-utils

apt install cifs-utils -y

dnf install cifs-utils -y

kinit + klist (optional)

apt install krb5-user -y

dnf install krb5-workstation -y

ldapsearch

apt install ldap-utils libsasl2-modules-gssapi-mit -y

dnf install openldap-clients cyrus-sasl-gssapi cyrus-sasl-ldap -y

snmptrap (optional)

apt install snmp -y

dnf install net-snmp-utils net-snmp -y

SELinux devel package (optional)

apt install selinux-policy-dev -y

dnf install policycoreutils-devel -y

samba (optional; necessary only for remote deployment)

apt install samba -y

dnf install samba samba-winbind-clients -y

lshw

apt install lshw -y

dnf install lshw -y