Dell Endpoint Security Suite Enterprise for Linux Administrator Guide v2.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2012-2018 Dell Inc. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction....................................................................................................................................................4 Overview............................................................................................................................................................................. 4 Contact Dell ProSupport....................................................................................................................................
1 Introduction The Endpoint Security Suite Enterprise for Linux Administrator Guide provides the information needed to install and deploy the client software. Overview Endpoint Security Suite Enterprise for Linux offers Advanced Threat Prevention at the operating system and memory layers, all centrallymanaged from the Dell Server. With centralized management, consolidated compliance reporting, and console threat alerts, organizations can easily enforce and prove compliance for endpoints.
2 Requirements Client hardware and software requirements are provided in this chapter. Ensure that the deployment environment meets the requirements before continuing with deployment tasks. Hardware The following table details the minimum supported hardware. Hardware • • • At least 500 MB free disk space 2 GB RAM 10/100/1000 or Wi-Fi network interface card NOTE: IPv6 is not currently supported. Software The following table details supported software. Operating Systems (64-bit kernels) • CentOS Linux v7.
Endpoint Security Suite Enterprise for Linux and Dependencies Endpoint Security Suite Enterprise for Linux uses Mono and dependencies to install and activate on Linux OS. The installer will download and install required dependencies. Following extraction of the package, you can view which dependencies are being leveraged by using the following command: ./showdeps.sh Compatibility The following table details compatibility with Windows, Mac, and Linux. n/a - Technology does not apply to this platform.
Features Policies Windows macOS Remote Unmap of Memory x n/a Remote Thread Creation x x Remote APC Scheduled x n/a n/a x x n/a DYLD Injection Linux Escalation LSASS Read x n/a Zero Allocate x x Execution Control x x Prevent service shutdown from device x x Kill unsafe running processes and their sub processes x x x Background Threat Detection x x x Watch for New Files x x x Maximum archive file size to scan x x x Exclude Specific Folders x x x Copy File Sam
Features Policies Windows Self Protection Level x Auto Update x Run a Detection (from Agent UI) x macOS Linux Delete Quarantined (Agent x UI and Console UI) 8 Disconnected Mode x Detailed Threat Data x Certificate Safe List x x n/a Copy malware samples x x x Proxy Settings x x x Manual Policy Check (Agent UI) x x Requirements x
3 Tasks Installation This section guides you through the Endpoint Security Suite Enterprise for Linux installation. Prerequisites Dell recommends that IT best practices are followed during the deployment of client software. This includes, but is not limited to, controlled test environments for initial tests and staggered deployments to users. Before beginning this process, ensure the following prerequisites are met: • Ensure that the Dell Server and its components are already installed.
sudo ./install.sh 4 In Dell Security Management Server Host? enter the fully qualified host name of the Dell Server to manage the target user. For example, server.organization.com. 5 In Dell Security Management Server Port?, verify the port is set to 8888. 6 Enter y when prompted to install the DellESSE package and its dependencies. 7 Enter y if prompted for Fingerprint approval. 8 Enter y when prompted to install the DellAdvancedThreatProtection package.
9 Enter y when prompted to install the CylanceDellATPPlugin package. 10 Installation is complete. 11 See Verify Endpoint Security Suite Enterprise for Linux Installation. Command Line Uninstallation To uninstall Endpoint Security Suite Enterprise for Linux using the command line, follow the steps below. 1 Access a Terminal window. 2 Uninstall the package using the following command: sudo ./uninstall.sh 3 Press Enter.
These entries detail the action taken, hash ID, and location of the threat,. • Unsafe - A suspicious file that is likely to be malware • Abnormal - A suspicious file that may be malware • Quarantined - A file that is moved from its original location, stored in the Quarantine folder, and prevented from executing on the device. • Waived - A file allowed to execute on the device. • Cleared - A file that has been cleared within the organization.
The enclosed text confirms the three Endpoint Security Suite Enterprise for Linux plugins loaded: atp -s - Includes the following: • • • Registration Status Serial Number - Use this when contacting support. This is the unique identifier of the installation.
If you are using an uncommon certificate, import the root certificate to the Linux Certificate Store then restart Endpoint Security Suite for Linux services with the following command: /usr/lib/dell/esse/agentservicecmd.sh restart 1 Access a Terminal window. 2 Enter the path to CsfConfig app: /usr/lib/dell/esse/CsfConfig 3 Run CsfConfig.app: sudo ./CsfConfig The following displays with default settings: Current Settings: ServerHost = deviceserver.company.
Prerequisites • Must be performed by an administrator with the system administrator role. • Must have connectivity to the Internet to provision on the Dell Server. • Must have connectivity to the Internet on the client to display the Advanced Threat Prevention online service integration in the Management Console. • Provisioning is based off of a token that is generated from a certificate during provisioning. • Advanced Threat Prevention licenses must be present in the Dell Server.
Tasks
The following diagram illustrates the Advanced Threat Prevention agent communication process.