Creating an offline installation package for the Endpoint Protection Linux Agent
search cancel

Creating an offline installation package for the Endpoint Protection Linux Agent

book

Article ID: 206671

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to install the Endpoint Protection Linux agent on a client that does not have internet access.

 

Environment

Symantec Endpoint Protection version: 14.3 RU1 or greater

Resolution

Use the SEP Linux Packager Tool (seplpkg), to create a full or offline LinuxInstaller package on Linux or Windows platform.

You can download the seplpkg-linux-amd64 or the installer for windows and use this tool in any machine that has internet access.

Below is an example of creating an offline package for the installation of SEP in Air-gapped environment:

  1. Download the seplpkg tool from above link to Linux machine that has internet access.
  2. Download the LinuxInstaller from SEPM machine from the group where you want the SEP client to be a member of.
  3. Use the following command to create the offline package for Linux OS
    [user@localhost user]# ./seplpkg-linux-amd64 --platform "rhel8" --product SEP14.3ru6 rp ./LinuxInstaller
    Command :    repackage
    Installer :  /home/user/LinuxInstaller
    Output Dir:  /home/user/SEPLPackage
    Repo URL:    https://ent-shasta-rrs.symantec.com/linuxrepo/SAL/1.2
    Platform:    [rhel8]
    Product:     SEP14.3RU6

    Copying LinuxInstaller to /home/user/SEPLPackage/tmp4075617917/LinuxInstaller_cust

    Extracting /home/user/SEPLPackage/tmp4075617917/LinuxInstaller_cust ...
    Copying SEPM credentials [sylink.xml serdef.dat sep.slf manifest]

    Downloading rhel8 packages ..

            Package                                  Size
            ---------------------------------------- ------------
            sdcss-6.9.3.2543.el8.x86_64.rpm           25.68 MB
            sdcss-caf-2.0.6.227.el8.x86_64.rpm        10.45 MB
            sdcss-kmod-10.0.6.2250.el8.x86_64.rpm      8.92 MB
            sdcss-scripts-2.2.8.35.el8.noarch.rpm     41.25 KB


    Downloaded 4 packages ( 45.09 MB )
    Downloading Stub from Repo: https://ent-shasta-rrs.symantec.com/linuxrepo/SAL/1.2/misc/LinuxInstaller

    Repackaging all with /home/user/LinuxInstaller...
    RHEL8 SEPM Installer: /home/user/SEPLPackage/LinuxInstaller.rhel8.sep14.3ru6.202408091025
    ############################################################################################################
    Change the platform according to your Linux OS
     ### Available Platforms
            - amazonlinux2023 (aka "amzn2023", "al2023")
            - amazonlinux2    (aka "amzn2", "al2")
            - debian10        (aka "deb10")
            - rhel7           (aka "el7", "redhat7", "centos7")
            - rhel8           (aka "el8", "redhat8", "centos8", "rocky8")
            - rhel9           (aka "el9", "redhat9", "rocky9")
            - sles15          (aka "suse15", "sle15")
            - ubuntu16        (aka "ub16")
            - ubuntu18        (aka "ub18")
            - ubuntu20        (aka "ub20")
            - ubuntu22        (aka "ub22", "kubuntu22")
    Change the product to the version you need.
    Make sure that the LinuxInstaller you are using is the one you download from SEPM.
    ############################################################################################################

     

  4. Copy the resulting package LinuxInstaller.rhel8.sep14.3ru6.202408091025 to the target machine where you want to install SEP.
  5. Install SEP client ./LinuxInstaller.rhel8.sep14.3ru6.202408091025

 

Alternatively:

Note: This only works with clients managed by the Endpoint Protection Manager (SEPM).

In order to create an offline installation package the following is required:

  1. An "online" client with internet access that runs the same Operating System and supported kernel version.
  2. An "offline" client(s) will still need http or https access to the Endpoint Protection Manager (SEPM) for policy updates. 
  3. An "offline" client(s) will still need to download content from LiveUpdate Administrator (preferred) or from a SEPM configured as a reverse proxy

NoteĀ¹: Linux Agent needs access to the following site to create the offline package: https://linux-repo.us.securitycloud.symantec.com
NoteĀ²: An "online" client should be registered with the Operating System's registration system, if required (e.g. Red Hat Subscription).

Please review the article URLs that allow SEP and SES to connect to Symantec servers for more information on Symantec sites.

To create an offline installation package:

  1. Export the LinuxInstaller package from the SEPM and copy it to the "online" client. 
  2. From the "online" client, run the following command:  

    ./LinuxInstaller -R
    or 
    ./LinuxInstaller --repackage

    The --repackage switch downloads the packages from the repository for this platform and then repackages it into a single installer file.  The results will be stored in LinuxInstaller.<plat>.  For example, if you run this on Ubuntu 20.x, the filename would be: LinuxInstaller.ubuntu20

Copy the new installer to the "offline" clients and run the install with -g (ignore repository and use local packages). For example:

chmod a+x LinuxInstaller
./LinuxInstaller -- -g

Note: The "-g" parameter does not work in SEP 14.3 RU1, RU2 and RU3. Please upgrade to SEP 14.3 RU4 or later to ignore repository and use local packages.

Additional Information

Below is the full list of dependent packages which are required to be installed on the "online" Linux client where creating the offline installation package. 

Core System Packages:
upstart             "An event-driven init system." (Before RHEL/CentOS 7)
bash                "The GNU Bourne Again shell (bash)."
sed                 "A GNU stream text editor."
gzip                "The GNU data compression program."
tar                 "The GNU file archiving program."
gawk                "The GNU version of the awk text processing utility."
grep                "The GNU versions of grep pattern matching utilities."
findutils           "The GNU versions of find utilities (find and xargs)."
coreutils           "The GNU core utilities -- a set of commonly used utility applications."
module-init-tools   "Kernel module management utilities." (Before RHEL/CentOS 7)
util-linux-ng       "A collection of basic system utilities." (Before RHEL/CentOS 7)
filesystem          "The basic directory layout for a Linux system."
shadow-utils        "Utilities for managing accounts and shadow password files."
zip                 "A file compression and packaging utility compatible with PKZIP."

Dependent Libraries:
openssl             "The OpenSSL toolkit (x86_64)."
glibc               "The GNU libc libraries (x86_64)."
libstdc++           "The GNU Standard C++ Library v4 (x86_64)."
libgcc              "GCC version 4.0 shared support library (x86_64)."
pam                 "PAM Authentication Libraries (64bit libpam.so)."
zlib                "A Massively Spiffy Yet Delicately Unobtrusive Compression Library (x86_64)."
libacl              "Utilities to administer Access Control Lists (x86_64)."
at                  "Job spooling tools"
Powered by Wolken Software