Agent installation - Linux

Installation of the ESET Management Agent component on Linux is performed using a command in the Terminal. Make sure all prerequisites are met.

1.Download the Agent installation script:

wget https://download.eset.com/com/eset/apps/business/era/agent/latest/agent-linux-x86_64.sh

2.Make the file executable:

chmod +x agent-linux-x86_64.sh

3.Run the installation script based on the example below (New lines are split by "\" for copying the whole command to Terminal):

Server-assisted installation

sudo ./agent-linux-x86_64.sh \
--skip-license \
--hostname=10.1.179.36 \
--port=2222 \
--webconsole-user=Administrator \
--webconsole-password=aB45$45c \
--webconsole-port=2223

Offline installation

sudo ./agent-linux-x86_64.sh \
--skip-license \
--cert-path=/home/admin/Desktop/agent.pfx \
--cert-auth-path=/home/admin/Desktop/CA.der \
--cert-password=N3lluI4#2aCC \
--hostname=10.1.179.36 \
--port=2222

note

Note

We recommend that you delete commands containing sensitive data (e.g. a password) from the command line history:

1.Run history to see the list of all commands in the history.

2.Run history -d line_number (specify the line number of the command). Alternatively, run history -c to delete the entire command line history.

Parameters

Connection to the ESET PROTECT Server is resolved using the parameters --hostname and --port (port is not used when an SRV record is provided). hmtoggle_plus0Possible connection formats.

Attribute

Description

Required

--hostname

Hostname or IP address of ESET PROTECT Server to connect.

Yes

--port

ESET PROTECT Server port (default value is 2222).

Yes

--cert-path

Local path to the Agent certificate file (more about certificate).

Yes (Offline)

--cert-auth-path

Path to the server's Certificate Authority file (more about authority).

Yes (Offline)

--cert-password

Agent Certificate password.

Yes (Offline)

--cert-auth-password

Certificate Authority password.

Yes (if it is used)

--skip-license

Installation will not ask user for license agreement confirmation.

No

--cert-content

Base64 encoded content of PKCS12 encoded public key certificate plus private key used to set up secure communication channels with Server and Agents. Use only one of the --cert-path or --cert-content options.

No

--cert-auth-content

Base64 encoded content of DER encoded Certificate Authority private key certificate used to verify remote peers (Proxy or Server). Use only one of the --cert-auth-path or --cert-auth-content options.

No

--webconsole-hostname

Hostname or IP address used by Web Console to connect to the server (if left empty, value will be copied from 'hostname').

No

--webconsole-port

Port used by Web Console to connect to the server (default value is 2223).

No

--webconsole-user

Username used by Web Console to connect to the server (default value is Administrator).

No

--webconsole-password

Password used by Web Console to connect to the server.

Yes (S-a)

--proxy-hostname

HTTP Proxy hostname for connecting to the server.

If proxy is used

--proxy-port

HTTP Proxy port for connecting to the server.

If proxy is used

--proxy-user

Username for HTTP Proxy.

If proxy is used

--proxy-password

Password for HTTP Proxy.

If proxy is used

--enable-imp-program

Turn on Product improvement program.

No

--disable-imp-program

Turn off Product improvement program.

No

Connection and certificates

Connection to the ESET PROTECT Server must be provided: --hostname, --port (port is not needed if service record is provided, the default port value is 2222)

Provide this connection information for Server-assisted installation: --webconsole-port, --webconsole-user, --webconsole-password

Provide certificate information for Offline installation: --cert-path, --cert-password
Installation parameters --cert-path and --cert-auth-path require certification files (.pfx and .der) which can be exported from ESET PROTECT Web Console. (Read how to export the .pfx file and the .der file.)

Password type parameters

Password type parameters can be provided as environment variables, files, read from stdin or provided as plain text. That is:

--password=env:SECRET_PASSWORD where SECRET_PASSWORD is an environment variable with password

--password=file:/opt/secret where first line of regular file /opt/secret contains your password

--password=stdin instructs the installer to read the password from standard input

--password="pass:PASSWORD" is equal to --password="PASSWORD" and is mandatory if the actual password is "stdin"(standard input) or a string starting with "env:", "file:" or "pass:"

 

warning

Warning

The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during the initialization of the Agent.

HTTP Proxy connection

If you are using HTTP Proxy, you can specify the connection parameters in --proxy-hostname, --proxy-port, --proxy-user and --proxy-password.

EXAMPLE - offline Agent installation with HTTP Proxy Connection

./agent-linux-x86_64.sh \

--skip-license \

--cert-path=/home/admin/Desktop/agent.pfx \

--cert-auth-path=/home/admin/Desktop/CA.der \

--cert-password=N3lluI4#2aCC \

--hostname=10.1.179.36 \

--port=2222 \

--proxy-hostname=10.1.180.3 \

--proxy-port=3333 \

--proxy-user=Administrator \

--proxy-password=AdMiN_p1$$w0r4

important

Important

The communication protocol between Agent and ESET PROTECT Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESET PROTECT Server that requires authentication will not work.

If you choose to use a non-default port for the Web Console or Agent, it may require a firewall adjustment. Otherwise, the installation may fail.

Installer log

The installer log may be useful for troubleshooting and can be found in Log files.

To see if the installation was successful, verify that the service is running by executing the following command:

sudo service eraagent status

Upgrade and repair installation of Agent on Linux

If you run the Agent installation manually on a system where the Agent is already installed, the following scenarios can occur:

Upgrade - higher version of installer is run.

oServer-assisted installation - application is upgraded, but it will keep using previous certificates.

oOffline installation - application is upgraded, new certificates are used.

Repair - same version of installer is run. This can be used for migration of the Agent to a different ESET PROTECT Server.

oServer assisted installation - application is reinstalled and it will get current certificates from the ESET PROTECT Server (defined by hostname parameter).

oOffline installation - application is reinstalled, new certificates are used.

 

If you are migrating agent from older Server to a different newer ESET PROTECT Server manually, and you are using Server-assisted installation, run the installation command twice. The first will upgrade the Agent and second one will get the new certificates, so the Agent can connect the ESET PROTECT Server.