search cancel

How to create a local mirror of Endpoint Protection Linux repository

book

Article ID: 228295

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to create a local mirror of the Symantec Endpoint Protection (SEP) Linux repository

Cause

A local mirror of the SEP Linux repository may be desired when installing and updating SEP Linux Agent on machines that do not have connections to the internet.

Environment

SEP 14.3 RU1 and newer on Linux

Resolution

Mirroring the repository

All you need is a Linux shell command line (bash, et al) connected to internet. This could be a physical Linux machine, or virtual machine (e.g. Windows Subsystem for Linux), or even the Cygwin Terminal for Windows. The two lines of shell script below will mirror the entire 14.3 RU5 repository into the current working directory (assumed to be /path/to/mirror/ for the examples here). 

repo=https://linux-repo.us.securitycloud.symantec.com/SAL/1.1/
wget -q -x -N -nH -i $repo/latest.txt

Note that /SAL/1.1/ is used in the examples on this page — Symantec Agent for Linux v1.1, the repository branch for SEP 14.3 RU5. Be sure to change this if you want to mirror a different version. The Symantec repository branches are named as follows:

SEP 14.3 RU1 thru RU3:
/sep_linux/14.3RU1/
/sep_linux/14.3RU2/
/sep_linux/14.3RU3/

SEP 14.3 RU4:
/SAL/1.0/

SEP 14.3 RU5:
/SAL/1.1/

If you want to mirror only part of the Symantec repository, e.g. only the packages for RHEL 8.x, you can filter the mirroring by Linux distribution identifier:

repo=https://linux-repo.us.securitycloud.symantec.com/SAL/1.1/
wget -q -x -N -nH $(printf "$repo/%s\n" `curl -s $repo/latest.txt | grep rhel8`)

The currently supported distribution Linux identifiers are:

amazonlinux
amazonlinux2
debian9
debian9
rhel6
rhel7
rhel8
sles11
sles12
sles15
ubuntu14
ubuntu16
ubuntu18
ubuntu20

This repository mirror can be copied or shared as a file folder or served up by an FTP or web server. How to do this is left as an exercise for the customer. For more extended instructions that include an example of setting up a web server and using cron to keep the mirror up-to-date, see Create Local Linux Repository on CentOS/RHEL 7 and 8.

IMPORTANT: If you plan on using this mirror for installing for cloud-managed systems on Ubuntu or Debian, you need to run the following command to make the metadata available:

find /path/to/mirror/* -type d -name sep_linux | xargs -i{} ln -sf "{}" "{}_cdm"

If using Cygwin, the Windows CYGWIN environment variable should be set to winsymlinks:nativestrict for the link command above to create proper NTFS symlinks.

 

Just the packages, please

If you want only the *.rpm packages downloaded to the current working directory and don't want to duplicate the rest of the repo structure, then filter on Linux distribution identifier and package name:

repo=https://linux-repo.us.securitycloud.symantec.com/SAL/1.1/
wget -q $(printf "$repo/%s\n" `curl -s $repo/latest.txt | grep rhel8.*rpm`)

... or for *.deb packages, e.g. Ubuntu18:

repo=https://linux-repo.us.securitycloud.symantec.com/SAL/1.1/
wget -q $(printf "$repo/%s\n" `curl -s $repo/latest.txt | grep ubuntu18.*deb`)

The packages for Linux distribution(s) can be manually combined with the unzipped LinuxInstaller stub to create an offline installer as described in Creating an offline installation package for the Endpoint Protection Linux Agent.

 

Using the SEP LinuxInstaller command with a local repository

Use the -h (--local-repo) option. 

To install SEP Linux Agent and configure it to use a local repository mirror in a local folder or file share: 

./LinuxInstaller -- -h file:///path/to/mirror/SAL/1.1/

NOTE the triple backslash in example above is not a typo; that is how a local folder reference is formatted.

To install SEP Linux Agent using a repository mirror shared by a HTTPS web server:

./LinuxInstaller -- -h https://path/to/mirror/SAL/1.1/

NOTE the repository folder version referenced— /SAL/1.1/ for SEP 14.3 RU5 in installer command line examples above— must also match the version of LinuxInstaller otherwise it will return "No packages found that need update" - e.g. if LinuxInstaller version is 14.3 RU2, then use the 14.3 RU2 branch name (/sep_linux/14.3RU2/) in repository URL.