ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Creating an offline installation package for the Endpoint Protection Linux Agent

book

Article ID: 206671

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You need to install the Endpoint Protection Linux agent on a client that does not have internet access.

Note: This only works with clients managed by the Endpoint Protection Manager (SEPM).

Environment

Release : 14.3 RU1 or greater

Resolution

In order to create an offline installation package, you will need the following:

  1. An "online" client with internet access that runs the same Operating System and supported kernel version.
  2. Your "online" client should be registered to Red Hat Subscription Management. You can use subscription-manager to register.
  3. Your "offline" client(s) will still need http or https access to the Endpoint Protection Manager (SEPM) for policy updates. 
  4. Your "offline" client(s) will still need to download content from LiveUpdate Administrator (preferred) or from a SEPM configured as a reverse proxy

Note: Linux Agent needs access to the following site to create the offline package (https://linux-repo.us.securitycloud.symantec.com (as of 14.3 RU1))

Please review the article URLs that allow SEP and SES to connect to Symantec servers for more information on Symantec Sites

To create an offline installation package:

  1. Export the LinuxInstaller package from your SEPM and copy it to your "online" client. 
  2. From the "online" client, run the following command: 

    ./LinuxInstaller -R
    or
    ./LinuxInstaller --repackage

    The --repackage switch downloads the packages from the repository for this platform and then repackages it into a single installer file.  The results will be stored in LinuxInstaller.<plat>.  For example, if you run this on Ubuntu 20, the filename would be LinuxInstaller.ubuntu20

  3. Copy your new installer to your "offline" clients. Extract it, switch to extracted directory and run install script with -g (ignore repository and use local packages). For example:

    ./LinuxInstaller.rhel7 -xt SEP
    cd SEP
    ./installagent.sh -g

OR... 

  1. On the "online" client, run:

    ./LinuxInstaller -dt /path/to/folder

    ... to unzip the installer files into target folder and download rpm/deb packages suitable for current system. You may also manually add additional packages for other various targets.

    You may then distribute this folder to offline systems and in that folder run "./installagent.sh -g" to install Linux Agent and use only the packages in current working directory—the installer will not check the SEP repositories. The sylink.xml file in that folder can be replaced with that from other SEPM groups to change the group that the new agent will join after installation. The rpm/deb packages may supplemented with newer or different versions by repeating these steps on the online/build system at later dates or on different systems. This folder can also be uses to update existing clients, via "./installagent.sh -g --update-kmod"

Additional Information

See How to create a local mirror of Endpoint Protection Linux repository for instructions on creating a local copy of SEP Linux installation packages.

Below is the full list of dependent packages which are required to be present at the Online Linux client where you are creating the Offline installation package. 
In case if any package(s) is\are missing, you will need to install them.

Core System Packages List :- 
upstart             "An event-driven init system."
bash                "The GNU Bourne Again shell (bash)."
sed                 "A GNU stream text editor."
gzip                "The GNU data compression program."
tar                 "The GNU file archiving program."
gawk                "The GNU version of the awk text processing utility."
grep                "The GNU versions of grep pattern matching utilities."
findutils           "The GNU versions of find utilities (find and xargs)."
coreutils           "The GNU core utilities -- a set of commonly used utility applications."
module-init-tools   "Kernel module management utilities."
util-linux-ng       "A collection of basic system utilities."
filesystem          "The basic directory layout for a Linux system."
shadow-utils        "Utilities for managing accounts and shadow password files."
zip                 "A file compression and packaging utility compatible with PKZIP."

Dependent Libs :-
openssl             "The OpenSSL toolkit (x86_64)."
glibc               "The GNU libc libraries (x86_64)."
libstdc++           "The GNU Standard C++ Library v4 (x86_64)."
libgcc              "GCC version 4.0 shared support library (x86_64)."
pam                 "PAM Authentication Libraries (64bit libpam.so)."
zlib                "A Massively Spiffy Yet Delicately Unobtrusive Compression Library (x86_64)."
libacl              "Utilities to administer Access Control Lists (x86_64)."
at                  "Job spooling tools"