Jump to content

Mirrortool for Linux


Recommended Posts

  • Most Valued Members

Hi,

Can someone point out if the Linux mirrortool creates all platform's offline repositories (i.e. updates/program updates for Windows/Linux/Mac)? or is it only for Linux updates; and so I'd need to set up an offline repository for Windows?

Also, can someone point out if [1] is supposed to be a copy of [2] instead of being Linux specific?

Thanks

 

Edmund

[1] https://help.eset.com/esmc_install/70/en-US/offline-repository.html?mirror_tool_linux.html

[2] https://help.eset.com/esmc_install/70/en-US/offline-repository.html?mirror_tool_windows.html

Link to post
Share on other sites
  • Most Valued Members

Further addendum from fiddling around with setting up the offline repo:

1) The offline repository is split into different paths which I suspect are the different available versions (6.x, 7.x..etc)

2) I needed to create a new update policy to specify the actual path for the systems. 

i.e. hxxp://update.server.local/ep7/   to specify (I think) for Version 7 stuff

Edmund

Link to post
Share on other sites
  • Most Valued Members

I suspect I'm doing something wrong or misunderstanding the offline repository setup.

This is what I did (assuming that the Linux offline repository setup can also serve Windows machines):

  1. Download and ran the mirror tool via:
    1. mirrortool --mirrorType regular --intermediateUpdateDirectory ./tmp --outputDirectory /var/www/html --offlineLicenseFilename ./local_cache.lf
      1. (I assummed the offline license filename should be the "local cache" type.)
  2. setup httpd to serve /var/www/html
  3. created a new policy:  with the following:
    1. Updates->Update Server: hxxp://update.server.local/ep7/
    2. Advanced Settings-> Repository: hxxp://update.server.local/ep7/

Since I don't understand the contents of ep7/,  I'm assuming that the dll/ contents have updates to the engines/binaries.

If not, can someone clarify what I'm misunderstanding?

Thanks!

Ed

Link to post
Share on other sites
  • Administrators
2 hours ago, ewong said:

Since I don't understand the contents of ep7/,  I'm assuming that the dll/ contents have updates to the engines/binaries.

That is correct. Does Endpoint update from the mirror alright?

Link to post
Share on other sites
  • Most Valued Members
3 minutes ago, Marcos said:

That is correct. Does Endpoint update from the mirror alright?

I think it does as I see the accesses via the http logs. 

That said, I figured out what I was wrong with.  In my haste, I had looked at the offline repository setup and how to run the mirror tool and thought the commands were the same.   It took a few tries in manual updating the repo to realize my stupid mistake.   I kept on getting that offline repository needed the output repository and intermediate directories.   That's when the word "intermediateRepository" popped up.

So right now I"m running the mirrortool for both the updates and the engine/binaries.

Will see how this goes.

Thanks Marcos!

Ed

Link to post
Share on other sites
  • Administrators

By the way, do the machines have access to the Internet? If they are offline but have access to the machine that creates a mirror, it'd be much better to use HTTP proxy than mirror. With HTTP Proxy, machines would be able to communicate with LiveGrid servers and download streamed updates and so protect better from newly emerging threats.

Link to post
Share on other sites
  • Most Valued Members
On 6/1/2019 at 1:05 PM, Marcos said:

By the way, do the machines have access to the Internet? If they are offline but have access to the machine that creates a mirror, it'd be much better to use HTTP proxy than mirror. With HTTP Proxy, machines would be able to communicate with LiveGrid servers and download streamed updates and so protect better from newly emerging threats.

I've managed to fix the mirrortool situation.

Regarding the HTTP Proxy, some systems aren't supposed to have Internet access so they aren't able to access LiveGrid.   If I set up the HTTP proxy, those offline systems are now considered online (as they were activated with an offline license).  Am I right?

Ed

Link to post
Share on other sites
  • Administrators

Computers with access to the Internet should not be activated with an offline license. Offline licenses are intended only for machines that are always offline, otherwise a notification will appear in the license manager.

Computers that are without Internet connection but can connect to the machine running HTTP Proxy can still benefit from LiveGrid, streamed updates, etc. It restricts access only to ESET's servers so users won't be able to misuse it to connect elsewhere.

Link to post
Share on other sites
  • Most Valued Members
On 6/5/2019 at 12:08 PM, Marcos said:

Computers with access to the Internet should not be activated with an offline license. Offline licenses are intended only for machines that are always offline, otherwise a notification will appear in the license manager.

Computers that are without Internet connection but can connect to the machine running HTTP Proxy can still benefit from LiveGrid, streamed updates, etc. It restricts access only to ESET's servers so users won't be able to misuse it to connect elsewhere.

Ah Thanks for the clarification, Marcos!

Edmund

Link to post
Share on other sites
  • Most Valued Members
On 6/5/2019 at 12:08 PM, Marcos said:

Computers that are without Internet connection but can connect to the machine running HTTP Proxy can still benefit from LiveGrid, streamed updates, etc. It restricts access only to ESET's servers so users won't be able to misuse it to connect elsewhere.

Marcos,

I was working on fixing the whole setup; but got confused.  If the offline computers can access the HTTP Proxy system (and in turn, access the ESET servers), wouldn't that mean that they aren't truly 'offline' and thus can't use the offline license?   So with regards to those systems, do I use the offline or online license?

Thanks

Edmund

Link to post
Share on other sites
  • Administrators
Quote

If the offline computers can access the HTTP Proxy system (and in turn, access the ESET servers), wouldn't that mean that they aren't truly 'offline' and thus can't use the offline license? 

Correct. Such machines can reach ESET's servers and thus are not considered offline. An offline license is intended for activating machines that are completely offline, e.g. computers on ships.

Link to post
Share on other sites
  • Most Valued Members
1 minute ago, Marcos said:

Correct. Such machines can reach ESET's servers and thus are not considered offline. An offline license is intended for activating machines that are completely offline, e.g. computers on ships.

Thanks.. so the Eset Live grid won't work then on those instances. 

Link to post
Share on other sites
  • Administrators
4 minutes ago, ewong said:

Thanks.. so the Eset Live grid won't work then on those instances. 

Not on machines that are completely offline. If a machine can access ESET's servers via HTTP Proxy, then LiveGrid will work.

Link to post
Share on other sites
  • Most Valued Members
26 minutes ago, Marcos said:

Not on machines that are completely offline. If a machine can access ESET's servers via HTTP Proxy, then LiveGrid will work.

I have some offline systems here that I've disabled Eset Live Grid; but now instead of amber alerts, I get red alerts due to the fact that their Eset Live Grid option is disabled (via policy).    How do I get them to not give me the red alert notifications?

Thanks

 

Edmund

Link to post
Share on other sites
  • Administrators

On offline computers you can keep LiveGrid enabled but disable the application status "ESET LiveGrid is not accessible". This can be accomplished via policies as well:

image.png

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...