Read about How to install LXC\LXD on Ubuntu: https://linuxcontainers.org/lxd/getting-started-cli/
On LXC\LXD Host Mashine create a containe with Ubuntu 18.04 with name "eset"
lxc launch images:ubuntu/18.04 eset
Forward port 443 from Host to ESET Container
lxc config device add eset tcp-443 proxy listen=tcp:0.0.0.0:443 connect=tcp:127.0.0.1:443
lxc config device add eset tcp-2222 proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:2222
lxc config device add eset tcp-2223 proxy listen=tcp:0.0.0.0:2223 connect=tcp:127.0.0.1:2223
Login to the new container "eset"
lxc exec eset /bin/bash
Create an ESET folder
mkdir -p /eset
cd /eset
chmod 755 .
Variables:
ERA_ADMINISTRATOR_WEBCONSOLE_PASSWORD=WebL0g1nPassw0rd
ERA_FQDN="eset.company.com"
ERA_AGENT_PORT=2222
ERA_CONSOLE_PORT=2223
ERA_P12_SERVER_PASSWORD=PasswordFromP12
MYSQL_ROOT_PASSWORD=S11per-MySQL-Pssw0rd
MYSQL_ERA_USER=era
MYSQL_ERA_USER_PASSWORD=S11per-ERA-Pssw0rd
Adding Tomcat7 repositories to APT (ESET WebConsole Works with Tomcat7 only)
cat <<\EOF> /etc/apt/sources.list.d/tomcat7.list
deb http://us.archive.ubuntu.com/ubuntu/ xenial main
deb http://us.archive.ubuntu.com/ubuntu/ xenial universe
EOF
Updating APT and installing depencies
apt update
apt install -y xvfb \
cifs-utils \
libqtwebkit4 \
mysql-server-5.7 \
libodbc1 \
odbcinst1debian2 \
openjdk-8-jre-headless \
tomcat7 \
openssl \
winbind \
ldap-utils \
libsasl2-modules-gssapi-mit \
snmp \
samba \
wget \
authbind \
unzip \
unixodbc
Generating CA File
openssl rand -writerand ~/.rnd
openssl req -new -x509 -out ca.crt -sha512 -keyout ca.key -newkey rsa:4096 -subj "/CN=ESET CA" -nodes -days 3650
Generating and Signing HTTPS Certificate and Key
openssl req -newkey rsa:4096 -keyout "era-server.key" -out "era-server.csr" -nodes -subj "/CN=Server certificate for host ${ERA_FQDN}"
openssl x509 -req -in "era-server.csr" -out "era-server.crt" -CA "ca.crt" -CAkey "ca.key" -days 3650 -sha512 -set_serial "$(date +%s)" -extfile <(printf "subjectAltName = DNS:${ERA_FQDN} \n nsCertType = client, server, email \n subjectKeyIdentifier = hash \n extendedKeyUsage = serverAuth, clientAuth \n keyUsage = nonRepudiation, digitalSignature, keyEncipherment \n basicConstraints = CA: FALSE")
Generating P12 and DER
openssl pkcs12 -export -out "era-server.p12" -inkey "era-server.key" -in "era-server.crt" -certfile "ca.crt" -password pass:${ERA_P12_SERVER_PASSWORD}
chmod 644 era-server.p12
openssl x509 -outform der -in ca.crt -out ca.der
Changing ESET MySQL max_allowed_packet to 33M
find /etc/mysql/ -iname "*.cnf" -exec sed -iE "s/max_allowed_packet.*/max_allowed_packet = 33M/" {} \;
Adding ESET MySQL InnoDB requirements
cat <<\EOF> /etc/mysql/mysql.conf.d/innodb.cnf
[mysqld]
innodb_log_file_size = 300M
innodb_log_files_in_group = 3
EOF
Setup MySQL: Create user for ERA, Setup the user and Root passwords
mysql -e "CREATE USER \"${MYSQL_ERA_USER}\"@'localhost' IDENTIFIED BY \"${MYSQL_ERA_USER_PASSWORD}\""
mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY \"${MYSQL_ROOT_PASSWORD}\""
Restart MySQL
systemctl restart mysql
Install ODBC 5.2 (ESMC Works with ODBC 5.2 only)
wget https://dev.mysql.com/get/Downloads/Connector-ODBC/5.2/mysql-connector-odbc-5.2.7-linux-glibc2.5-x86-64bit.tar.gz
tar xvf mysql-connector*
mkdir -p /usr/local/lib/odbc
cp mysql-connector*/bin/* /usr/local/bin
cp mysql-connector*/lib/* /usr/local/lib/odbc
rm -rf mysql-connector*
Configurate ODBC Driver For Ubuntu the file is etc/odbc.ini
cat <<\EOF> /etc/odbcinst.ini
[MySQL]
Description = ODBC for MySQL
Driver = /usr/local/lib/odbc/libmyodbc5w.so
FileUsage = 1
Server = 127.0.0.1
Port = 3306
EOF
Download ESET EEA Installation
wget -N https://download.eset.com/com/eset/apps/business/era/server/linux/latest/server-linux-x86_64.sh
chmod +x server-linux-x86_64.sh
Setup ESMC
./server-linux-x86_64.sh \
--disable-imp-program \
--db-admin-username root \
--db-admin-password "${MYSQL_ROOT_PASSWORD}" \
--db-name era \
--db-user-username "${MYSQL_ERA_USER}" \
--db-user-password "${MYSQL_ERA_USER_PASSWORD}" \
--server-root-password "${ERA_ADMINISTRATOR_WEBCONSOLE_PASSWORD}" \
--skip-license \
--db-driver=MySQL \
--db-hostname=127.0.0.1 \
--db-port=3306 \
--cert-auth-path "/eset/ca.der" \
--server-cert-path "/eset/era-server.p12" \
--server-cert-password "${ERA_P12_SERVER_PASSWORD}" \
--skip-cert \
--server-port "${ERA_AGENT_PORT}" \
--console-port "${ERA_CONSOLE_PORT}"
Setup WebConsole
systemctl stop tomcat7
rm -rf /var/lib/tomcat7/webapps/ROOT
wget -N https://download.eset.com/com/eset/apps/business/era/webconsole/latest/era.war
unzip era.war -d /var/lib/tomcat7/webapps/ROOT
find /var/lib/ -iname "EraWebServerConfig.properties" -exec sed -i "s/server_port=2223/server_port=${ERA_CONSOLE_PORT}/" {} \;
Enable TCP Port for HTTPS
touch /etc/authbind/byport/443
chmod 500 /etc/authbind/byport/443
chown tomcat7 /etc/authbind/byport/443
sed -iE "s/.*AUTHBIND.*/AUTHBIND=yes/" /etc/default/tomcat7
Setup HTTPS for Tomcat7
for debian10 use Http11Protocol
instead of Http11NioProtocol
sed -iE '/<Service name="Catalina">/,/<Engine name="Catalina" defaultHost="localhost">/c\
<Service name="Catalina"> \
<Connector server="OtherWebServer" \
port="443" \
protocol="org.apache.coyote.http11.Http11NioProtocol" \
maxThreads="150" \
SSLEnabled="true" \
scheme="https" \
secure="true" \
clientAuth="false" \
sslProtocol="TLS" \
keystoreFile="/eset/era-server.p12" \
keystorePass="${ERA_P12_SERVER_PASSWORD}" \
keystoreType="PKCS12" \
sslEnabledProtocols="TLSv1.2" \
ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384" /> \
<Engine name="Catalina" defaultHost="localhost"> ' /etc/tomcat7/server.xml
Restart Tomcat
systemctl restart tomcat7