ESET Online Help

Search English
Select the category
Select the topic

Agent installation - Linux

Installation of the ESET Management Agent component on Linux is performed using a command in the Terminal. Make sure all prerequisites are met.

1.Download the Agent installation script:


2.Make the file executable:

chmod +x

3.Run the installation script based on the example below (New lines are split by "\" for copying the whole command to Terminal):

Server-assisted installation

sudo ./ \
--skip-license \
--hostname= \
--port=2222 \
--webconsole-user=Administrator \
--webconsole-password=aB45$45c \

Offline installation

sudo ./ \
--skip-license \
--cert-path=/home/admin/Desktop/agent.pfx \
--cert-auth-path=/home/admin/Desktop/CA.der \
--cert-password=N3lluI4#2aCC \
--hostname= \


ESET recommends that you delete commands containing sensitive data (for example, a password) from the command line history:

1.Run history to see the list of all commands in the history.

2.Run history -d line_number (specify the line number of the command). Alternatively, run history -c to delete the entire command line history.


Connection to the ESET PROTECT Server is resolved using the parameters --hostname and --port (port is not used when an SRV record is provided). arrow_down_businessPossible connection formats.





Hostname or IP address of ESET PROTECT Server to connect.



ESET PROTECT Server port (default value is 2222).



Local path to the Agent certificate file (more about certificate).

Yes (Offline)


Path to the server's Certificate Authority file (more about authority).

Yes (Offline)


Agent Certificate password.

Yes (Offline)


Certificate Authority password.

Yes (if it is used)


Installation will not ask user for license agreement confirmation.



Base64 encoded content of PKCS12 encoded public key certificate plus private key used to set up secure communication channels with Server and Agents. Use only one of the --cert-path or --cert-content options.



Base64 encoded content of DER encoded Certificate Authority private key certificate used to verify remote peers (Proxy or Server). Use only one of the --cert-auth-path or --cert-auth-content options.



Hostname or IP address used by Web Console to connect to the server (if left empty, value will be copied from 'hostname').



Port used by Web Console to connect to the server (default value is 2223).



Username used by Web Console to connect to the server (default value is Administrator).


You cannot use a user with two-factor authentication for server-assisted installations.



Password used by Web Console to connect to the server.

Yes (Server-assisted)


HTTP Proxy hostname. Use this parameter to enable using of HTTP Proxy (which is already installed in your network) for replication between ESET Management Agent and ESET PROTECT Server (not for caching of updates).

If proxy is used


HTTP Proxy port for connecting to the server.

If proxy is used


Turn on Product improvement program.



Turn off Product improvement program.


Connection and certificates

Connection to the ESET PROTECT Server must be provided: --hostname, --port (port is not needed if service record is provided, the default port value is 2222)

Provide this connection information for Server-assisted installation: --webconsole-port, --webconsole-user, --webconsole-password

Provide certificate information for Offline installation: --cert-path, --cert-password. Installation parameters --cert-path and --cert-auth-path require certification files (.pfx and .der) which can be exported from ESET PROTECT Web Console. (Read how to export the .pfx file and the .der file.)

Password type parameters

Password type parameters can be provided as environment variables, files, read from stdin or provided as plain text. That is:

--password=env:SECRET_PASSWORD where SECRET_PASSWORD is an environment variable with password

--password=file:/opt/secret where first line of regular file /opt/secret contains your password

--password=stdin instructs the installer to read the password from standard input

--password="pass:PASSWORD" is equal to --password="PASSWORD" and is mandatory if the actual password is "stdin" (standard input) or a string starting with "env:", "file:" or "pass:"



The certificate passphrase must not contain the following characters: " \ These characters cause a critical error during the initialization of the Agent.

HTTP Proxy connection

If you are using HTTP Proxy for replication between ESET Management Agent and ESET PROTECT Server (not for caching of updates), you can specify the connection parameters in --proxy-hostname and --proxy-port.

EXAMPLE - offline Agent installation with HTTP Proxy Connection

./ \

--skip-license \

--cert-path=/home/admin/Desktop/agent.pfx \

--cert-auth-path=/home/admin/Desktop/CA.der \

--cert-password=N3lluI4#2aCC \

--hostname= \

--port=2222 \

--proxy-hostname= \

--proxy-port=3333 \



The communication protocol between Agent and ESET PROTECT Server does not support authentication. Any proxy solution used for forwarding Agent communication to ESET PROTECT Server that requires authentication will not work.

If you choose to use a non-default port for the Web Console or Agent, it may require a firewall adjustment. Otherwise, the installation may fail.

Installer log

The installer log may be useful for troubleshooting and can be found in Log files.

To see if the installation was successful, verify that the service is running by executing the following command:

sudo service eraagent status

Upgrade and repair installation of Agent on Linux

If you run the Agent installation manually on a system where the Agent is already installed, the following scenarios can occur:

Upgrade - higher version of installer is run.

oServer-assisted installation - application is upgraded, but it will keep using previous certificates.

oOffline installation - application is upgraded, new certificates are used.

Repair - same version of installer is run. This can be used for migration of the Agent to a different ESET PROTECT Server.

oServer assisted installation - application is reinstalled and it will get current certificates from the ESET PROTECT Server (defined by hostname parameter).

oOffline installation - application is reinstalled, new certificates are used.

If you are migrating agent from older Server to a different newer ESET PROTECT Server manually, and you are using Server-assisted installation, run the installation command twice. The first will upgrade the Agent and second one will get the new certificates, so the Agent can connect the ESET PROTECT Server.