This is a howto for scanning for malicious files on a Debian/Ubuntu server using ESET File Security for Linux.
In the examples I use example paths, usernames, and values in places, change them to what you actually have or it won’t work. For example, I’m using the 192.168.0.0/24 network. You have roughly 100% change of that not being what your’e using, so you have to change those numbers in all places in the howto.I show this as root, however you get there. If you use Debian Wheezy or one of the Ubuntu variants, you might have to change little stuff, but it should work without doing much modification. First you download and install the .deb package (I just used winscp to transfer it after I clicked the email link to download it to a windows box) like:
su apt-get install ed libc6-i386 cd /home/whateveruseryouare/Downloads/ sh ./esets.amd64.deb.bin (accept agreement)
Now you have to edit the main config file and add the av update username and password you got with your order. NOTE: DON’T delete the leading #’s at the beginning of these lines, they’re not really used like commented lines like normal, well some are, but the ones you want to change still need the pound sign for some reason.
vi /etc/opt/esets/esets.cfg #av_update_username = "EAV-xxxxxxx" <- put the real one in the quotes #av_update_password = "xxxxxxxxx" <- put the real one in the quotes
Now import your license like:
/opt/eset/esets/sbin/esets_lic --import /home/whateveruseryouare/Downloads/nod32.lic
Now start esets_daemon like:
If you get an error like:
>: /etc/init.d/esets restart [....] Restarting ESET Security: esets_daemonerror[21d00000]: Cannot initialize scanner: License not found failed!
your import didn’t work.
Now check to see if it’s running now like:
ps -A | grep esets 8755 ? 00:00:00 esets_daemon 8757 ? 00:00:00 esets_daemon
If you don’t see anything, it’s not running.
ESET File Linux File Security version 7
V7 is MUCH different than previous versions like 4.x.
- It basically wants to be managed by a web gui on port 8443, which is configured during setup
- It has more features like LiveGrid, scheduled times to do updates
- Almost all of the scripts do different things from previous versions, many scripts don’t exist anymore
You still have SCP the efs.x86_64.bin package that you downloaded from your laptop onto your server, so do that first. Then you have to agree with the license like:
./efs.x86_64.bin This is an ESET File Security distribution script. Press Enter to show the Licence... (press q after you have read the License to continue extraction) ... hit q ... GUI is enabled. URL: https://some.hostname.com:8443 Username: Administrator Password: ******* To upgrade ESET File Security to newer version, use: apt-get install ./efs-7.0.1152.0.x86_64.deb To uninstall ESET File Security, use: apt-get remove efs
Remember that password it gave you, you’ll need it to login to the management GUI later. Now install it like:
apt install linux-headers-amd64 gcc cpp apt-get install ./efs-7.0.1152.0.x86_64.deb
It will install some dependencies (depending on whether you already have them), then install. Now you have to install a license based on a license key you should have on your order:
cd /opt/eset/efs/sbin ./lic -k XXXX-XXXX-XXXX-XXXX-XXXX
Now you can manually run an update like:
cd ../bin ./upd -u
It will set up the web GUI by default, but if you want to change the address or port, do something like:
./setgui -i 192.168.1.50:9999
You can change the password by doing:
You should be able to see if efs is running and/or start the daemon now by doing:
systemctl | grep running | grep efs
If you get no response, it’s not running, so start it like:
systemctl start efs systemctl | grep running | grep efs efs.service loaded active running ESET File Security
Now you should be able to login to the URL you set up in your browser, in this example https://192.168.1.50:9999 and use username: Administrator and the password the setup gave you.