linuxhitman
-
Posts
11 -
Joined
-
Last visited
Posts posted by linuxhitman
-
-
Thanks for all the help -- I actually got it to work -- but management has decided they want to go with Microsoft Defender for Endpoint.
-
3 hours ago, MartinK said:
Have you actually tried to set HTTP proxy parameters to product configuration via WEB interface it provides? I have not verified it, but that is most probably standard way how to configure product, and I would expect it to use those settings also when performing activation via command line.
I do not know what you mean by "WEB interface it provides". These are headless Linux boxes. There are no browsers available.
I cannot register directly using the general outgoing NAT IP because the registration server is located in Slovakia and we have a country level block on traffic from Slovakia. That is highly unlikely to go away anytime soon. Apparently, the Cisco Firepower cannot apply a whitelist to the NAT address to override the block.
I can register using a statically NATed IP and a whitelist but I do not have enough V4 IPs to provide one for each of several hundred internal servers. Even if I was willing to provide that level of exposure. So the proxy is a compromise. I can create a static NAT between a DMZ and a public IP which can then be whitelisted.
Otherwise, it is a chicken-or-egg problem. I cannot set the proxy until I register but I cannot register without the proxy.
Thank you for your reply.
-
Finally have some time to test eset with a proxy. I set it up based on the instruction at https://help.eset.com/esmc_install/72/en-US/http_proxy_installation_linux.html.
I deactivated one of my test boxes in the "trusted" network from the console (https://eba.eset.com/ba/devices). I then tried to run /opt/eset/efs/sbin/lic to register it again but there does not appear to be an option to specify a proxy to handle the request.
$ sudo /opt/eset/efs/sbin/lic --help Usage: lic [OPTIONS..] ESET File Security License management utility Options: -s, --status Activation status -k, --key=VALUE Activation using a License Key -f, --file=FILE Activation using an offline license file -u, --username=USERNAME Activation using ESET Business Account or ESET License Administrator -i, --pool-id=VALUE Pool Id -p, --public-id=VALUE Public Id Common options: -h, --help show help and quit -v, --version show version information and quit Copyright © 1992-2021 ESET, spol. s r. o. All rights reserved. To report issues, please visit hxxp://www.eset.com/support
I can register via a static one-to-one NAT but that is impractical except for a tiny number of machines. Even if I had that many public IPs to burn I certainly do not want the inside servers exposed to the Internet like that.
Can someone point me to a resource explaining how to get a server to register via a proxy? If there is another path to solving the problem, I am listening.
-
Finally have some time to test eset with a proxy. I set it up based on the instruction at https://help.eset.com/esmc_install/72/en-US/http_proxy_installation_linux.html.
I deactivated one of my test boxes in the "trusted" network from the console (https://eba.eset.com/ba/devices). I then tried to run /opt/eset/efs/sbin/lic to register it again but there does not appear to be an option to specify a proxy to handle the request.
$ sudo /opt/eset/efs/sbin/lic --help Usage: lic [OPTIONS..] ESET File Security License management utility Options: -s, --status Activation status -k, --key=VALUE Activation using a License Key -f, --file=FILE Activation using an offline license file -u, --username=USERNAME Activation using ESET Business Account or ESET License Administrator -i, --pool-id=VALUE Pool Id -p, --public-id=VALUE Public Id Common options: -h, --help show help and quit -v, --version show version information and quit Copyright © 1992-2021 ESET, spol. s r. o. All rights reserved. To report issues, please visit hxxp://www.eset.com/support
I can register via a static one-to-one NAT but that is impractical except for a tiny number of machines. Even if I had that many public IPs to burn I certainly do not want the inside servers exposed to the Internet like that.
Can someone point me to a resource explaining how to get a server to register via a proxy? If there is another path I am listening.
-
Oh. I see now. You didn't mean a policy in AD but in ESET Protect. I'll give it a try.
-
Policy implies Windows. These are being installed on Linux. Specifically, CentOS and Oracle Linux.
Does this means I cannot just set up an Apache proxy and point the individual installations to it?
-
OK, it was definitlly that the communal NAT IP could not talk to servers in Slovakia. Why is a mystery of the Cisco Firepower security model.
The next step is to create a proxy so how do I configure your software to use a proxy?
-
@kurco
The dump was good idea. It established to a high degree of confidence that traffic is being blocked. I see SYN packets to 91.228.166.181:80 leaving but no SYN-ACK packets come back. This may have to wait unitl the firewall admin gets back from Arizona. At elat unitl tomorrow morning...
-
First thing I noticed is that I must have picked the wrong package to install. I installed efs-8.0.375.0.x86_64.rpm which does not have the utility listed. Once the other package -- eea-8.0.3.0-el7.x86_64.rpm -- was installed, I tried again. Same error
I did find this in the logs:
Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Cannot receive data from server: Network is unreachable Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Activation failed in association. Apr 15 10:48:56 scageosocket01d.lereta.net licensed[56507]: ESET Endpoint Antivirus Error: Activation was not successful: 0x4e26
Any idea what server the software is trying to go to? It may need to be whitelisted at the firewall.
I can see an established connection to 38.90.226.51 on port 8883. The certificate from that IP and port identities it as epns.eset.com which has at least two IPs -- 38.90.226.51 and 91.228.165.145.
-
I have a temporary license and an I created a business account. I installed on a test machine from the rpm file efs-8.0.375.0.x86_64.rpm. What I cannot do yet is get the client activated. Is there some documentation I can use to get this moving?
I tried:
sudo /opt/eset/efs/sbin/lic --key=TEMP_OR_ARY_LICENCE_KEY
but it just returns after a minute or so with:
Activation error: Activation failed in association.
This is a headless machine without a GUI so command line only.
Activate a Client
in ESET PROTECT On-prem (Remote Management)
Posted
Thanks for the help and I was able to get a node registered. However, the word came down today that management has decided to use Microsoft Defender for Endpoint.