Installation - G DATA Security Client for Linux
Like their Windows counterparts, Linux clients are managed by G DATA ManagementServer, allowing configuration via G DATA Administrator as well as automated virus signature update distribution. The basic client installation contains functionality for on-demand virus scans. Optionally, additional security modules for Linux servers can be installed.
The installation methods are similar to those of Windows clients: a remote installation via G DATA Administrator or a local installation using an installation script.
Local installation - G DATA Security Client for Linux
If a remote installation is not possible, you can install G DATA Security Client for Linux locally.
- Start G DATA Administrator, select the Clients panel and choose the option Create installation script for Linux/Mac clients from the Organization menu.
- After you choose a storage location, the script will be created in the background.
- Copy the installation script to the client, then add the permission to execute the script (command-line: chmod +x install-client.sh).
- Open a Terminal window and elevate the user status by typing su and entering the root password. Alternatively, execute the command from step 5 using sudo.
- Navigate to the folder to which you copied the file and execute it: ./install-client.sh -t <product[,product]>. The product parameter should be one or more of the following values:
- ALL: G DATA Security Client for Linux and all additional modules
- WS: G DATA Security Client for Linux
- SMB: Samba module
- AMAVIS: Sendmail/Postfix module
- WEB: Squid module
- In order to prevent unauthorized access to the ManagementServer, clients that are deployed through a local installation need to be authorized in G DATA Administrator under Clients > Overview before they are fully served.
Remote installation - G DATA Security Client for Linux
The most convenient way to install G DATA Security Client for Linux is to initiate a remote installation through G DATA Administrator. The prerequisites are as follows:
The Linux machine must have an SSH server installed and running.
The user account that is used to install the client must be able to log in to the SSH server using a password.
DNS name resolution for the ManagementServer and the client must be available.
The installation is carried out as follows:
- In the Clients module, select a Linux client, open the Clients menu and select the command Install G DATA Security Client for Linux/Mac.
- Select the Client type (Client for Linux).
- Optionally, select one or more Plugins (Samba, Squid oder Sendmail/Postfix). The prerequisites are described in the respective chapters.
- Enter a User name and Password. The account must have root permissions.
- Click the OK button. Installation progress will be shown in the Installation overview window.
G DATA Security Client for Linux - Additional modules
G DATA Security Client for Linux contains additional modules that provide security to multiple Linux components. If you select additional modules during the remote or local installation, the modules are automatically installed. However, some modules need additional configuration before or after the installation.
G DATA Security Client for Linux - Linux Mail Security Gateway
The Linux Mail Security Gateway module is available as an optional module.
The Linux Mail Security Gateway (Sendmail/Postfix) module has been developed as a plugin for the Amavis framework. Linux Mail Security Gateway requires Amavis 2.8.0 or higher and altermime. If Amavis is not available on the system, it will be automatically installed while installing the Linux Mail Security Gateway module. The following configuration steps are required:
- The Linux Mail Security Gateway module requires an operational Sendmail/Postfix mail server.
- Make sure that the mail server forwards email messages to Amavis. More information can be found in the documentation of Amavis or the relevant mail server.
- Make sure that spam and virus checks have been enabled in the Amavis configuration. More information can be found in the Amavis documentation.
- Edit the configuration file /etc/gdata/amavis/mms.cfg and make sure that the mail server (sub) domain name has been entered under localDomains (e.g. mail.domain.com).
Using an existing Amavis installation is not recommended, because that requires a large number of changes to configuration files directly after installing the Linux Mail Security Gateway module.
Once configured, the Linux Mail Security Gateway module will automatically check email traffic and report viruses to G DATA ManagementServer. Its settings can be managed through G DATA Administrator in the Sendmail/Postfix module.
Warning: When using an Amavis version older than 2.10.0, not all functions of the Linux Mail Security Gateway module are available. Update Amavis to version 2.10.0 or higher before deploying the Linux Mail Security Gateway module to ensure full functionality.
G DATA Security Client for Linux - Linux Web Security Gateway
The Linux Web Security Gateway module is available as an optional module.
If you select the Linux Web Security Gateway (Squid) module, the installation of G DATA Security Client for Linux automatically installs and configures Squid itself. If Squid is already present on the system, the existing version will be uninstalled beforehand.
After the installation, the host name or IP address of the Squid server should be configured as proxy server on all systems for which traffic should be filtered by Squid (port 3128). To enable HTTPS traffic scans, additionally configure an HTTPS proxy with the Squid host name or IP address and port 6789. The required certificates are located in the /etc/gdata/ssl folder on the Squid server and should be imported on all clients. If you are using your own SSL certificates, they must be saved on the server in the folder /etc/gdata/ssl.
Warning: The Squid server installation will use the package that is available in the respective distribution's repository. If that Squid version is older than 3.3.8, HTTPS scans will not be available.
Once enabled, the Linux Web Security Gateway module will automatically check traffic against a blacklist and report viruses to G DATA ManagementServer. Its settings can be managed through G DATA Administrator in the Squid module.
G DATA Security Client for Linux - Samba
After installing G DATA Security Client for Linux, Samba security can be enabled by adding the line vfs objects = gdvfs to the Samba configuration file (typically /etc/samba/smb.conf). To protect all shares, add it to the section [global]. If the line is in another section, the protection only applies to the corresponding share. After saving the configuration file, restart the Samba service.