1. Instalacja podstawowych paczek i konfiguracja
apt-get update apt-get install aptitude vim nmap mc screen screenfetch dfc sudo unzip rsync net-tools xvfb cifs-utils libqtwebkit4 ldap-utils libsasl2-modules-gssapi-mit winbind snmp samba odbcinst libodbc1 dpkg-dev
sudo visudo
username ALL=NOPASSWD:ALL
sudo dpkg-reconfigure locales
2. Instalacja MySQL v5.7!
https://help.eset.com/esmc_install/70/en-US/mysql_configuration.html
https://blog.cssoft.pl/post/mysql-on-debian-10
3. ODBC
https://help.eset.com/esmc_install/70/pl-PL/odbc_configuration.html
https://dev.mysql.com/downloads/connector/odbc/5.2.html
Instalacja ręczna ODBC
https://putokaz.wordpress.com/2018/02/12/how-to-install-the-mysql-odbc-driver-on-ubuntu-16-04-or-linux-mint-18-x/
wget https://cdn.mysql.com/archives/mysql-connector-odbc-5.3/mysql-connector-odbc-5.3.10-linux-debian9-x86-64bit.tar.gz
tar -xvf mysql-connector-odbc-5.3.10-linux-debian9-x86-64bit.tar.gz cp mysql-connector-odbc-5.3.10-linux-debian9-x86-64bit/lib/libmyodbc5* /usr/lib/x86_64-linux-gnu/odbc/ mysql-connector-odbc-5.3.10-linux-debian9-x86-64bit/bin/myodbc-installer -d -a -n "MySQL" -t "DRIVER=/usr/lib/x86_64-linux-gnu/odbc/libmyodbc5w.so;"
Test połączenia
mysql-connector-odbc-5.3.10-linux-debian9-x86-64bit/bin/myodbc-installer -s -a -c2 -n "test" -t "DRIVER=MySQL;SERVER=127.0.0.1;DATABASE=mysql;UID=root;PWD=Admin123"
odbcinst -q -d [MySQL]
4. Konfiguracja MySQL pod wymagania ESMC
https://help.eset.com/esmc_install/70/pl-PL/mysql_configuration.html
vim /etc/mysql/my.cnf
[mysqld] max_allowed_packet=33M innodb_log_file_size=100M innodb_log_files_in_group=2
sudo service mysql restart
5. Pobranie skryptu i instalacja ESMC
https://help.eset.com/esmc_install/70/pl-PL/prerequisites_server_linux.html
https://www.eset.com/pl/business/security-management-center/download/#standalone
https://help.eset.com/esmc_install/70/pl-PL/component_installation_server_linux.html
wget https://download.eset.com/com/eset/apps/business/era/server/linux/latest/server-linux-x86_64.sh
chmod +x server-linux-x86_64.sh
./server-linux-x86_64.sh --skip-license --db-driver="MySQL" --db-hostname=127.0.0.1 --server-root-password=Admin123 --db-user-username=root --db-user-password=Admin123 --cert-hostname="10.1.179.46;Ubuntu64-bb;Ubuntu64-bb.BB.LOCAL"
6. Po instalacji sprawdzić czy usługa działa
service eraserver status
7. Java, Tomcat, era.war
sudo apt-get install openjdk-11-jdk tomcat9
wget https://download.eset.com/com/eset/apps/business/era/webconsole/latest/era.war sudo cp era.war /var/lib/tomcat9/webapps/ sudo service tomcat9 restart
https://help.eset.com/esmc_install/70/pl-PL/component_installation_webconsole_linux.html
https://help.eset.com/esmc_install/70/pl-PL/web_console_requirements_linux.html
8. Install https://
openssl req -x509 -newkey rsa:2048 -keyout httpskey.pem -out httpscert.cer -days 3650 -nodes openssl pkcs12 -export -out httpscert.pfx -inkey httpskey.pem -in httpscert.cer mv httpscert* /etc/tomcat9/ chmod 664 /etc/tomcat9/httpscert.pfx
vim /etc/tomcat9/server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.3" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA" keystoreFile="/etc/tomcat9/httpscert.pfx" keystorePass="Admin123" keystoreType="PKCS12" /> <!-- <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <Connector protocol="AJP/1.3" address="::" port="8009" redirectPort="8443" />
sudo service tomcat9 restart
9. Przekierowanie na domyślny port 443 i /era (bez IP/:8443/era)
vim /etc/tomcat9/server.xml
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA" keystoreFile="/etc/tomcat9/httpscert.pfx" keystorePass="Admin123" keystoreType="PKCS12" /> <Connector protocol="AJP/1.3" address="::" port="8009" redirectPort="443" />
vim /var/lib/tomcat9/webapps/ROOT/index.html
<meta http-equiv="Refresh" content="0; url='/era'" />