Use the LiveUpdate Administrator 2.x to download updates for Symantec Endpoint Protection for Linux.

book

Article ID: 162069

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Set up an internal LiveUpdate Administrator server to download updates and virus definitions for Symantec Endpoint Protection for Linux (SEP for Linux or SEPFL) clients.

Resolution

LiveUpdate Administrator
 

  • Since there is no centralized management server for SEPFL, many users use the LiveUpdate Administrator (LUA) in their environment to update client definitions.
  • If it is necessary to assist in setting up LUA follow these steps:

   
Remember that there are four required areas to set up for definitions in LUA 2.x.
These four areas are:

  • Configure > My Symantec Products                             Set the list of Symantec Products in the environment            
  • Configure > Distribution Centers > Product List         Set the list of Symantec products a particular distribution center provides updates for.        
  • Download & Distribute > Download Schedule             Set a schedule to download the Linux definitions to the LUA            
  • Download & Distribute > Distribution Schedule          Set a schedule to distribute the Linux definitions to the distribution centers

 To update the LUA 2.x Server's Symantec Product Catalog

  1. Select the Configure button in the menu bar.
  2. On the left pane in the MySymantec Products window, under MySymantec Products Tasks, click Update Symantec Product Catalog

 
To add the SEPFL product to the product list

  1. Select Configure in the menu bar.
  2. On the MySymantec Products window, click Add New Products.
  3. Select Symantec Endpoint Protection 
  4. Scroll down to view the list of available SEP products and enable the versions and languages appropriate for your environment.
    • For example: Symantec Endpoint Protection 14.3 English
  5. Click OK.

 
To create a new download schedule

  1. On the Download & Distribute tab, in the Schedules window, click Add Download.
  2. In the Add Download Schedule box, enter the following:
    • Download schedule name A descriptive name for this schedule.
    • Status Enabled or Disabled
    • Description Enter a description for this schedule.
  3. In the "Select Products" box, click Add.

 You can check the full product family to get all definition sets, including Linux definitions, OR

  1. Click the + symbol next to the product name to expand the list of available updates to download
  2. Click the + symbol again next to Content Updates to get the full list of virus definition content updates:
    • SEP 14.x: Check the box next to Virus and Spyware Definitions for Linux and next to Client - SymPlatform Definitions (Linux)

After making your selection(s):

  1. Select the test status that you want to assign to the schedule. 
  2. By default, the test status is set to Skip Test. Set the status to Must Test to test the updates before you publish them.
  3. Under Set Schedule, choose the appropriate frequency for the virus definition content updates (on a time, Daily, Weekly, Monthly or once)
  4. In the Select Schedule box, set the download schedule.
  5. Click OK to save the schedule, or click Cancel to cancel this action.
  6. To run a manual download request that is based on an existing schedule. In the right pane, under Schedules, select an existing Download Schedule, and then click Run Now.

Scheduling Distribution:
After you've downloaded your updates, they can be sent to either a testing distribution server, or published to a production distribution server where they can be downloaded by your LiveUpdate clients. When you add a distribution schedule, you also select the products and components that you want to associate with the schedule. This list of products and components is compared with the updates in the Manage Updates folder. Any revisions that are not already published will then be published in the current distribution session.

Note: The added products must also be added to the distribution center/s. This is accomplished through Configure Distribution Centers, then edit an existing distribution center to add to the Product List.

To add a new distribution schedule

  1. On the Download & Distribute tab, in the Schedules window, click Add Distribution.
  2. In the Add Distribution Schedule box, enter the following:
    • Distribution Schedule name
    • Status, either Enabled or Disabled
    • Description
  3. Select the products and components for which updates can be distributed by clicking Add.
  4. In the "Select products to be added" window, select the product or products you want to add to this distribution schedule, and then click Add.
  5. In the "Select Product Components" box, select the components that you want to include in the distribution schedule.
  6. Click the component name and click Add.
    • Or select all components by clicking Add All.
  7. In the "Distribute Content To" box, select the distribution center type, Testing, Production, or both.
  8. Select the Distribution Centers. You can select all Distribution Centers, or a subset of the centers.
  9. Select a "distribution schedule."
  10. Click OK to save the schedule or click Cancel to cancel this action.

 
To set up clients to download updates from the internal LiveUpdate server 

For Managed SEP for Linux Clients

  1. Within the SEPM, choose Policies in the left pane.
  2. Under View Policies, highlight LiveUpdate.
  3. Either edit the pre existing LiveUpdate policy that assigned to the group to which your Linux clients belong or create a new policy under Tasks >Add a LiveUpdate Settings Policy..., to be assigned after the policy is saved.
  4. In the new window that appears, click on Server Settings.
  5. Ensure that Use a LiveUpdate server is checked, select the button next to Use a specified internal LiveUpdate server, then choose Add...
  6. Fill in the following information:
    • Server Name: A name to identify the LUA server. This is not the path from which clients update.
    • Description (optional): More information on the LUA server.
    • URL: The URL must appear as an HTTP or FTP path, not the local or network path to the folder on your LiveUpdate Server. For LUA, the default production distribution center for LUA 2.2 or higher would be: (server IP address):7070/clu-prod
    • Example: 10.0.0.1:7070/clu-prod 
  7. You can confirm by looking in the LUA console under Configure, then Client Settings.
    • NOTE: LUA by default uses a separate web server; if you are using a Windows IIS website to serve Linux updates, be sure to register all extensions with the MIME types list.
      - User name or Password: only needed if your server requires these for access.
  8. Click OK, then OK again to save the changes. If this is a new policy, you will be asked to assign the policy to a group; click on Yes, then assign it to the group containing the Linux clients.
  9. Linux clients will get the updated policy depending on communication settings and frequency of heartbeat. You can view the Policy Serial Number by looking under Management.

 
For unmanaged SEP for Linux clients
There are two ways:


1. Client Settings Host File: 
 
For unmanaged SEP For Linux clients, export the client settings host file "Settings.Hosts.LiveUpdate." This is used to configure Windows LiveUpdate clients to download updates from the Distribution Center.  The liveupdt.hst file is used by Java LiveUpdate clients (unmanaged SEP for Linux)
 
To generate a host file for Java LiveUpdate clients:
 

  1. Click the Configure tab, and then click Client Settings.
  2. Select the Distribution Center for which you want to create a host file, and then click Export Java Settings.
  3. Click Save.
  4. Select the location to save the file, and then click Save.


The file for Java LiveUpdate clients should be saved as liveupdt.hst. It can then be copied to the SEPFL client's working directory, which by default should be /tmp.

It may be necessary to add an extra entry that explicitly provides the location to the LiveUpdate host file:
hostfile=/tmp/liveupdt.hst
If the hostfile= entry is specified, then it will override any other transport settings in the LiveUpdate.conf file.
workdir=/tmp 
logfile=/opt/Symantec/LiveUpdate/liveupdt.log
 

2. Modify the liveupdate.conf file directly.

 
To do it open liveupdate.conf file in VI editor and edit the file manually.
 
1. Backup the existing liveupdate.conf file
In a terminal line:
# cp /etc/liveupdate.conf /etc/liveupdate.conf.orig
2. Enter the following line as it is into the file /etc/liveupdate.conf
# cd /etc
# vi liveupdate.conf
 
hosts/0/url=http://YOUR_SERVER_IP_HERE:7070/clu-prod


Example of a working SEPFL /etc/liveupdate.conf file working with LUA:
 
hosts/0/url=http://YOUR_SERVER_IP_HERE:7070/clu-prod
workdir=/opt/Symantec/LiveUpdate/tmp

logfile=/opt/Symantec/LiveUpdate/liveupdt.log
maxTriFileSize=10485760
maxPackageSize=1073741824
maxPackageContentSize=1342177280
connectionRetryInterval=20
severlogging=true
maxZipFileSize=614400
downCacheSize=4096


When the LiveUpdate client runs, it will use the host file for information on where to download updates.