Jump to content

Phydeauxdawg

Members
  • Content Count

    20
  • Joined

  • Last visited

  • Days Won

    2

Posts posted by Phydeauxdawg

  1. I have two dynamic groups, one that has old agents and one that has old anti-virus. It simply queries the installed versions and returns those computers not matching a certain version. I have a task that executes each time a client joins the dynamic group for old antivirus, but I can't assign a server task to a dynamic group for the old agents task. How do I accomplish this? The new computers  show due to the active directory sync. I am trying to make the process as automated as possible.

  2. Follow step II in this KB article hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3637&actp=search&viewlocale=en_US&searchid=1425404913962

    There isn't anything you need to do on the server, a proxy server just does that, it proxies (caches) requests from clients.  So when client A requests an update, it goes to the proxy server and asks for a file from eset.com  The proxy server will check it's own cache to see if it already has it and deliver it to the client.  If it doesn't, it grabs it from eset.com, caches it, and distributes it to the client.  So when Client B requests the same file, it should already be cached.

    This is a different process from the 5x version where it had a mirror of the updates.  It's a similar process but less involved on the server side.

  3. All I did was run "/opt/apache/bin/apachectl start"  I then checked the log files in the same location and it shows a lot of accesses from client computers for update checks as well as software upgrades (I pushed out a client upgrade).  Watching my webfilter traffic shows that there is a great reduction in the number of clients accessing eset.com.  It isn't easy to discern if all traffic had stopped as some use IP addresses instead of *.eset.com.  No idea why, must be random from the client end.

    We still need someone from ESET to create this KB article on this to determine if it's the best practice.  I haven't had time yet but from past experiences it's not difficult to create this as a "service" so it can be started on boot.

  4. I couldn't find one either, though I don't think there's anything special about eset's version, just find a setup guide on apache http proxy.  For what it's worth, if you're running the appliance, it's already installed in /opt/apache.  Just start using "/opt/apache/bin/apachectl start".  You also have to open a port in the firewall (3128).  Perhaps someone from ESET can clarify how to make it start on boot in addition to a permanent entry for iptables?  "iptables -A INPUT -i eth0 -p tcp --dport 3128 -j ACCEPT" works until reboot.  Editing /etc/iptables isnt' permanent either.

  5. I fixed my own issue by looking at the server installation log under /var/log/eset/RemoteAdministrator/EraServerInstaller.log.  Below is my command:

     ./Proxy-Linux-x86_64.sh --db-admin-password='password' --db-admin-username=root --db-driver='MySQL ODBC 5.3 Unicode Driver' --db-hostname=127.0.0.1 --db-name=era_proxy_db --db-port=3306 --db-type='MySQL Server' --db-user-password='password' --db-user-username=era --cert-path=/root/proxy.pfx --cert-password='certpassword' --cert-auth-path=/root/authority.der
    

    Also make sure you create a certificate for the proxy and export it to your machine from the web interface.

  6. I've installed the appliance and successfully upgraded it by granting super user privileges to era (grant SUPER on *.* to era@'localhost' identified by 'eraadmin';).  I upgraded the server, agent and web console.  Now I want to install the proxy on the same machine if it's possible.  This is the command I use:

    ./Proxy-Linux-x86_64.sh --db-hostname=localhost --db-admin-username=root --db-admin-password='password' --db-user-username=era --db-user-password='eraadmin' --skip-license --hostname=era --port=2222 --cert-path=/root/proxy.pfx --cert-auth-path=/root/authority.der --cert-password='certpassword'
    
    

    Of course replace the admin-password and cert-passwords as appropriate.  It fails connecting to the database, "Error: Admin connection not working. Unable to continue."

    I can successfully get into mysql using the user 'era' (mysql -u era -p) and the same password as the console.  Root has the same password as well.  No combination seems to work.

    For reference I'm following page 48 of the User Guide.

  7. These are the steps that I took:

    1. Download the Agents locally to a share on a server with Everyone read permissions to avoid security issues. (Go to www.eset.com, Downloads, Business, Remote Administrator 6, Standalone Installers, Select Agent, get both 32-bit and 64-bit)

    2. Create a new Dynamic Template (Admin->Dynamic Templates). Under Expression, use Installed Software.Application Name = ESET Remote Administrator Agent AND Installed Software.Application version (not equal) 6.1.365.0

    3. Create a new Dynamic Group (Computers -> gear -> New Dynamic Group)  Choose Template->Choose Existing and pick the template we just created.

    4. Create a new Client Task (Admin->Client Tasks->Operating System->Run Command)  Choose Target->Dynamic Group just created in 3.  Choose Trigger->Trigger Type->Joined Dynamic Group Trigger.  Go to Settings->Command line to run->\\Server\share\ESETAgent.bat

     

    Below is the contents of ESETAgent.bat.  It checks for 32-bit vs 64-bit and thus doesn't require separating computers.

    @echo off
    If defined ProgramFiles(x86) (
        msiexec /qr /i "\\server\share\Agent_64.msi" ALLUSERS=1 REBOOT=ReallySuppress P_CONNECTION_CHOSEN=Host P_HOSTNAME=Our_Hostname P_PORT=Our_Portnumber
    ) else (
        msiexec /qr /i "\\server\share\Agent_32.msi" ALLUSERS=1 REBOOT=ReallySuppress P_CONNECTION_CHOSEN=Host P_HOSTNAME=Our_Hostname P_PORT=Our_Portnumber
    )
    

    Replace Our_Hostname and Our_Portnumber with your values.

×
×
  • Create New...