Create Local Linux Repository on CentOS/RHEL 7 and 8

Note: Configuring the local Linux repository (repo) is not in the scope of Broadcom Support. Below is the step-by-step guide you can follow for the same. Steps are given for reference only

Step 1: Install Nginx Web Server

1. First start by installing the Nginx HTTP server from the EPEL repository using the YUM package manager as follows. Also installs wget command needed to sync the Repo

yum install -y epel-release nginx wget

2. Once you have installed the Nginx web server, you can start it for the first time and enable it to start automatically at system boot.

systemctl start nginx
systemctl enable nginx
systemctl status nginx

3. Next, you need to open port 80 to allow web traffic to Nginx service, update the system firewall rules to permit inbound packets on HTTP using the commands below.

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload

4. Now you can confirm that your Nginx server is up and running, using the following URL; if you see the default Nginx web page, all is well.
Note: In this example, I use linux.example.com, replace it with IP or domain name of your repo server.

http://SERVER_DOMAIN_NAME_OR_IP

Step 2: Create the local Repository

1. Create the necessary directories that will store packages and any related information (package metadata).

mkdir -p /var/www/html/repos

2. Create a local mirror of the latest packages from the repository
Note: The first time being run, may take some time (~15-30sec), subsequent calls only updates if files are newer so may take less time (~5 sec)

In the example given here, we are replicating SEP Linux 14.3RU3 Repo.

The repo branches are named as follows:

/sep_linux/14.3RU1/
/sep_linux/14.3RU2/
/sep_linux/14.3RU3/

... and starting in RU4:
/SAL/1.0/

For 14.3 RU5:
/SAL/1.1/

For 14.3 RU6:
/SAL/1.2/

For 14.3 RU8:
/SAL/1.3/

For 14.3 RU9:
/SAL/1.4/

wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/sep_linux/14.3RU3/latest.txt   # FOR RU3
wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.0/latest.txt   # FOR RU4
wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.1/latest.txt   # FOR RU5
wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.2/latest.txt   # FOR RU6
wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.3/latest.txt   # FOR RU8
wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.4/latest.txt   # FOR RU9

Latest repo replication notes

Wget command-line parameters:
-q      Quiet
-P dir  Download to the directory prefix
-x      Keep directory structure
-N      Only download if newer
-nH     No host directories
-i      Input file

IMPORTANT: If you plan on using the Local Repo for installing for Cloud managed systems on Ubuntu or Debian, you need to run the following command to make the metadata available.

find /var/www/html/repos/sep_linux/* -type d -name sep_linux |xargs -i{} ln -sf "{}" "{}_cdm"

3. To enable viewing of repositories and packages in them, via a web browser, create an Nginx server block that points to the root of your repositories as shown.

vim /etc/nginx/nginx.conf

Find the server section and update the server_name, root, and location (if desired), as follows:

/etc/nginx/nginx.conf

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name linux.example.com; # change to your real domain
root /var/www/html/repos; # change to match top level directory of repo

# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

location / {
index index.php index.html index.htm;
autoindex on; #enable listing of directory index
}

...

}

4. If SELinux is enabled and in Enforcing mode, allow files to be served from the Repo

getenforce  # If Enforcing, continue
chcon -Rt httpd_sys_content_t /var/www/html/repos   # Allow Repo files to be hosted by nginx

5. Then restart your Nginx server and view the repositories from a web browser using the following URL.

systemctl restart nginx

http://linux.example.com/sep_linux/14.3RU3

Step 3: Create a cron job to keep the Local Repo in sync

1. Next, add a cron job that will automatically synchronize your local repos with the official CentOS repos to grab the updates and security patches.

vim /etc/cron.daily/update-localrepos

Add these commands in the script.

/etc/cron.daily/update-localrepos

#!/bin/bash
# Pull the latest Repo files for SEP Linux 14.3 # Uncomment desired release repos

# wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/sep_linux/14.3RU1/latest.txt # for RU1# wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/sep_linux/14.3RU2/latest.txt # for RU2
wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/sep_linux/14.3RU3/latest.txt # for RU3 wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.0/latest.txt # for RU4 wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.1/latest.txt # for RU5 wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.2/latest.txt # for RU6wget -q -P /var/www/html/repos -x -N -nH -i https://linux-repo.us.securitycloud.symantec.com/SAL/1.3/latest.txt # for RU8

Save the script and close it and set the appropriate permissions on it.

chmod 755 /etc/cron.daily/update-localrepos

Step 4: Install using the local Repository

1. Install using your local repo on any support Linux client machine in your network.
Replace linux.example.com with your Repo server domain name or IP.

Note: Use the latest LinuxInstaller from 14.3RU3 or newer

# ./LinuxInstaller -- --local-repo http://linux.example.com/sep_linux/14.3RU3


Configuring Local Repo (http://linux.example.com/sep_linux/14.3RU3) for
Symantec Agent for Linux
Symantec Endpoint Protection (Cloud) ..

Symantec Agent for Linux
Symantec Endpoint Protection (Cloud) 14.3.202.3000

Installing scripts package:
Package Version Source
---------------------------------------- --------------- ------
sdcss-scripts                            2.2.5-77        (repo)

Installing packages:
Package Version Source
---------------------------------------- --------------- ------
sdcss-caf                                2.0.3-118       (repo)
sdcss                                    6.9.2-202       (repo)
sdcss-kmod                               10.0.2-1102     (repo)

Agent installed successfully
Starting Agent..

Symantec Agent for Linux
Symantec Endpoint Protection (Cloud) 14.3.202.3000

Daemon status:
cafagent running
sisamdagent running
sisidsagent running
sisipsagent running

Module status:
sisevt loaded
sisap loaded

Communication status:
..........
server connection success