linuxhitman
Members-
Posts
11 -
Joined
-
Last visited
Everything posted by linuxhitman
-
Activate a Client
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
Thanks for the help and I was able to get a node registered. However, the word came down today that management has decided to use Microsoft Defender for Endpoint. -
Registering Via a Proxy
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
Thanks for all the help -- I actually got it to work -- but management has decided they want to go with Microsoft Defender for Endpoint. -
Registering Via a Proxy
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
I do not know what you mean by "WEB interface it provides". These are headless Linux boxes. There are no browsers available. I cannot register directly using the general outgoing NAT IP because the registration server is located in Slovakia and we have a country level block on traffic from Slovakia. That is highly unlikely to go away anytime soon. Apparently, the Cisco Firepower cannot apply a whitelist to the NAT address to override the block. I can register using a statically NATed IP and a whitelist but I do not have enough V4 IPs to provide one for each of several hundred internal servers. Even if I was willing to provide that level of exposure. So the proxy is a compromise. I can create a static NAT between a DMZ and a public IP which can then be whitelisted. Otherwise, it is a chicken-or-egg problem. I cannot set the proxy until I register but I cannot register without the proxy. Thank you for your reply. -
Finally have some time to test eset with a proxy. I set it up based on the instruction at https://help.eset.com/esmc_install/72/en-US/http_proxy_installation_linux.html. I deactivated one of my test boxes in the "trusted" network from the console (https://eba.eset.com/ba/devices). I then tried to run /opt/eset/efs/sbin/lic to register it again but there does not appear to be an option to specify a proxy to handle the request. $ sudo /opt/eset/efs/sbin/lic --help Usage: lic [OPTIONS..] ESET File Security License management utility Options: -s, --status Activation status -k, --key=VALUE Activation using a License Key -f, --file=FILE Activation using an offline license file -u, --username=USERNAME Activation using ESET Business Account or ESET License Administrator -i, --pool-id=VALUE Pool Id -p, --public-id=VALUE Public Id Common options: -h, --help show help and quit -v, --version show version information and quit Copyright © 1992-2021 ESET, spol. s r. o. All rights reserved. To report issues, please visit hxxp://www.eset.com/support I can register via a static one-to-one NAT but that is impractical except for a tiny number of machines. Even if I had that many public IPs to burn I certainly do not want the inside servers exposed to the Internet like that. Can someone point me to a resource explaining how to get a server to register via a proxy? If there is another path to solving the problem, I am listening.
-
Activate a Client
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
Finally have some time to test eset with a proxy. I set it up based on the instruction at https://help.eset.com/esmc_install/72/en-US/http_proxy_installation_linux.html. I deactivated one of my test boxes in the "trusted" network from the console (https://eba.eset.com/ba/devices). I then tried to run /opt/eset/efs/sbin/lic to register it again but there does not appear to be an option to specify a proxy to handle the request. $ sudo /opt/eset/efs/sbin/lic --help Usage: lic [OPTIONS..] ESET File Security License management utility Options: -s, --status Activation status -k, --key=VALUE Activation using a License Key -f, --file=FILE Activation using an offline license file -u, --username=USERNAME Activation using ESET Business Account or ESET License Administrator -i, --pool-id=VALUE Pool Id -p, --public-id=VALUE Public Id Common options: -h, --help show help and quit -v, --version show version information and quit Copyright © 1992-2021 ESET, spol. s r. o. All rights reserved. To report issues, please visit hxxp://www.eset.com/support I can register via a static one-to-one NAT but that is impractical except for a tiny number of machines. Even if I had that many public IPs to burn I certainly do not want the inside servers exposed to the Internet like that. Can someone point me to a resource explaining how to get a server to register via a proxy? If there is another path I am listening. -
Activate a Client
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
Oh. I see now. You didn't mean a policy in AD but in ESET Protect. I'll give it a try. -
Activate a Client
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
Policy implies Windows. These are being installed on Linux. Specifically, CentOS and Oracle Linux. Does this means I cannot just set up an Apache proxy and point the individual installations to it? -
Activate a Client
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
OK, it was definitlly that the communal NAT IP could not talk to servers in Slovakia. Why is a mystery of the Cisco Firepower security model. The next step is to create a proxy so how do I configure your software to use a proxy? -
Activate a Client
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
@kurco The dump was good idea. It established to a high degree of confidence that traffic is being blocked. I see SYN packets to 91.228.166.181:80 leaving but no SYN-ACK packets come back. This may have to wait unitl the firewall admin gets back from Arizona. At elat unitl tomorrow morning... -
Activate a Client
linuxhitman replied to linuxhitman's topic in ESET PROTECT On-prem (Remote Management)
First thing I noticed is that I must have picked the wrong package to install. I installed efs-8.0.375.0.x86_64.rpm which does not have the utility listed. Once the other package -- eea-8.0.3.0-el7.x86_64.rpm -- was installed, I tried again. Same error I did find this in the logs: Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Cannot receive data from server: Network is unreachable Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Activation failed in association. Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Activation was not successful: 0x4e26 Any idea what server the software is trying to go to? It may need to be whitelisted at the firewall. I can see an established connection to 38.90.226.51 on port 8883. The certificate from that IP and port identities it as epns.eset.com which has at least two IPs -- 38.90.226.51 and 91.228.165.145. -
I have a temporary license and an I created a business account. I installed on a test machine from the rpm file efs-8.0.375.0.x86_64.rpm. What I cannot do yet is get the client activated. Is there some documentation I can use to get this moving? I tried: sudo /opt/eset/efs/sbin/lic --key=TEMP_OR_ARY_LICENCE_KEY but it just returns after a minute or so with: Activation error: Activation failed in association. This is a headless machine without a GUI so command line only.