Jump to content

Sneaker Net Updates from One Proxy to Another?


croeloc
 Share

Recommended Posts

We have a few isolated networks with no Internet or external connectivity and need to be able to update the virus signature database of our Mac OS x systems on the isolated networks.

 

I have configured ESET Remote Administrator (6.x) on a Windows system connected to the Internet to facilitate downloading the updates but I am confused as to how to manually transfer the updates to our Mac systems with ESET NOD 32 (6.x). I would like to just update the files using a USB but with version 6.x I do not see that option. I have also thought of the possibility of configuring the Apache HTTP Proxy on the Mac and pointing updates locally but I do not see any instructions for installing the proxy on a Mac client.

 

From my research near as I can tell with version 6.x I am going to need a Windows or Linux system to serve as a proxy on each isolated network in order to update the Mac systems. In total I am only updating about 10 Macs and would like to avoid having to specifically configure a Windows or Linux proxy for each one Mac to get updates. Also, if I go this route can I manually place the files in a folder on the isolated network proxy server since these will also not have Internet access?

 

I may be way off and just can't find the correct documentation. If anyone has ideas or can direct me to the best solution for sneaker netting the updates to the isolated network and updating Mac OS x please provide guidance.

Link to comment
Share on other sites

  • ESET Staff

Have you considered use of Mirror tool? It is simple command line utility that is capable of creating offline mirror of ESET modules to disk. Unfortunately it does not support HTTP sharing, but content of mirror is easily transferable to offline environment where you would have to use your own "sharing" mechanism (shared disk or your own HTTP server).

Link to comment
Share on other sites

I was directed to the Mirror tool and successfully downloaded updates to a USB drive but now I am having an issue getting the Mac to update from the USB. ESET Support instructed me to add the path to the USB in the "Update Server" field however when I do this I receive a "Server not Found" error. I believe the Mac might not have all of the configuration options that are available with Windows.

 

This should be simple i.e. download the updates, point the client to the folder, and install. ESET doesn't appear to offer this for the Mac clients. The only way I have been able to update a Mac is by connecting it to the Internet.

Link to comment
Share on other sites

  • ESET Staff

In case of a mac, you have to server the updates using a http server, as mac product is not able to update "from files". So you will need either a Linux server, or a Windows application, that will serve as the update mirror component.

Link to comment
Share on other sites

Can the web server be local i.e. configure web services on the Mac, copy the files to the web server directory then point the update server to itself. If so does it matter what port? What would be the syntax in the update server? hxxp://localhost/Mirror?

 

OR

 

Does the update mirror component have something specific in the install to respond to the client? One last question...do I have to have the ESET client installed on the Windows or Linux system in order to create the Mirror or can this be done without the  client?

Link to comment
Share on other sites

  • ESET Staff

Can the web server be local i.e. configure web services on the Mac, copy the files to the web server directory then point the update server to itself. If so does it matter what port? What would be the syntax in the update server? hxxp://localhost/Mirror?

 

Local HTTP server should definitely work, unfortunately I am not able to verify port configuration, but I would expect hxxp://localhost:8080/Mirrorto work as expected.

 

Does the update mirror component have something specific in the install to respond to the client? One last question...do I have to have the ESET client installed on the Windows or Linux system in order to create the Mirror or can this be done without the  client?

 

You do not need any ESET product on machine where MirrorTool is executed - it is standalone and only offline license file is required to work properly.

 

Does the update mirror component have something specific in the install to respond to the client?

 

Could you be more specific? I am not sure what are you asking ...

Link to comment
Share on other sites

 

Local HTTP server should definitely work, unfortunately I am not able to verify port configuration, but I would expect hxxp://localhost:8080/Mirrorto work as expected.

 

 

Before your response I copied the files from the Mirror Tool download to the local HTTP server root directory and configured the Update Server setting to hxxp://localhost:80/Mirror since 80 is the port the local webserver is listening on but still received the "Server not Found" error. Is 8080 required for ESET or should my configuration have worked? The structure under the Mirror folder is \eset_upd with subfolders \eset_upd\era, \eset_upd\ep6, \eset_upd\v4, \eset_upd\v5.

 

 

 

You do not need any ESET product on machine where MirrorTool is executed - it is standalone and only offline license file is required to work properly.

 

 

This question was geared more towards creating a Mirror Server. The windows client seems to have an option to configure it as a Mirror Server which also appears to install an HTTP server. Is there a difference between using my own HTTP server i.e. the Mac Web Services and the Mirror Server configured by the client other than the Mirror Server connecting to ESET and downloading the updates?

 

 

Could you be more specific? I am not sure what are you asking ...

 

 

The Mirror Tool download folder structure does not appear to have an html, php or similar file that the clients would read when connecting to the server. Therefore I do not see how copying the Mirror Tool download files to a folder on my local HTTP or any HTTP server works...something in the background I am not seeing?? This is why I am asking if the Mirror Server has an additional component or if it is something I am missing concerning the files being visible to the client via HTTP.

Link to comment
Share on other sites

  • ESET Staff

The Mirror Tool download folder structure does not appear to have an html, php or similar file that the clients would read when connecting to the server. Therefore I do not see how copying the Mirror Tool download files to a folder on my local HTTP or any HTTP server works...something in the background I am not seeing?? This is why I am asking if the Mirror Server has an additional component or if it is something I am missing concerning the files being visible to the client via HTTP.

 

Clients will be attempting to download metadata file most probably called update.ver. This also answers your first question -> mirror should be configured so that this file is in root or URL in configuration, for example hxxp://localhost/Mirror/eset_upd/ep6/. Specific sub-directory depends on product and its version you want to update (and also on what products you specified during mirror creation). Port 8080 was only example, any port should work but I recommend to use default 80 to verify everything works.

 

This question was geared more towards creating a Mirror Server. The windows client seems to have an option to configure it as a Mirror Server which also appears to install an HTTP server. Is there a difference between using my own HTTP server i.e. the Mac Web Services and the Mirror Server configured by the client other than the Mirror Server connecting to ESET and downloading the updates?

 

There should be no difference except automation of update process and also switching mirror types. From updated client's point of view it will be the same.

Link to comment
Share on other sites

I had actually entered hxxp://<ip address>/Mirror and it did not work. This morning I changed the Update Server to hxxp://localhost/Mirror/eset_upd/ep6 and the system updated. I will attempt again with the latest files and on another system to verify this is consistent. This should suffice although I am not thrilled about having to enable the Web server to update the system.

Link to comment
Share on other sites

  • ESET Staff

Just to let you know, we will prepare a dedicated KB article, concerning the update of our Mac Product from the mirror as the procedure is different compared to the Windows one. Just out of curiosity, is your environment mac only, or you have also some Windows machines within your environment?

Link to comment
Share on other sites

All of our ESET installations are specific to Mac. I was able to repeat the process on a second Mac but had to specify the path to the installed version as you suggested and use hxxp://localhost opposed to the IP address but I see where that may be due to the Webserver configuration. I'm still fine tuning but think I have a solution. For our small environment the Mirror Tool will be the preferred method to update opposed to ERA. I can see where ERA would be beneficial if we add additional systems.

Link to comment
Share on other sites

  • ESET Staff

I was able to repeat the process on a second Mac but had to specify the path to the installed version as you suggested

 

By default MirrorTool creates separate update mirrors for various products and versions, which can be tweaked by command line parameter --excludedProducts (see documentation). In case you are using only ESET v6 security products, only ep6 will be required and excluding remaining products may reduce overall mirror size and internet traffic when updating.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...