Installation manual

ManualsBrandsESET ManualsPrint & ScanGATEWAY SECURITY - FOR LINUX BSD AND SOLARIS

ESET Gateway Security

Installation Manual

and User Guide

Summary of content (40 pages)

PAGE 1
ESET Gateway Security Installation Manual and User Guide
PAGE 2
Table of contents 1. Introduction .......................................................................................... 3 2. Terminology and abbreviations..........................................................5 3. Installation.............................................................................................. 9 4. Architecture Overview.......................................................................11 5.Integration with Internet Gateway services...................................
PAGE 3
Chapter 1: Introduction
PAGE 4
Dear user, you have acquired ESET Gateway Security - the premier security system running under the Linux/BSD/Solaris OS. As you will soon find out, ESET's state-of-the-art scanning engine has unsurpassed scanning speed and detection rates combined with a very small footprint that makes it the ideal choice for any Linux/BSD/Solaris OS server. Key features of the system: • The ESET antivirus scanning engine algorithms provide the highest detection rate and the fastest scanning times.
PAGE 5
Chapter 2: Terminology and abbreviations
PAGE 6
In this section we will review the terms and abbreviations used in this document. Note that a boldface font is reserved for product component names and also for newly defined terms and abbreviations. Terms and abbreviations defined in this chapter are expanded upon later in this document. ESETS ESET Security is a standard acronym for all security products developed by ESET, spol. s r.o. for Linux, BSD and Solaris operating systems.
PAGE 7
abbreviation @BINDIR@ will be used for future references to this directory. The @BINDIR@ value for the following Operating Systems is listed below: Linux: /usr/bin Linux RSR: /opt/eset/esets/bin FreeBSD: /usr/local/bin NetBSD: /usr/pkg/bin Solaris: /opt/esets/bin ESETS system binary files directory The directory where the relevant ESET Gateway Security system binary files are stored. The abbreviation @SBINDIR@ will be used for future references to this directory.
PAGE 8
PAGE 9
Chapter 3: Installation
PAGE 10
After purchasing ESET Gateway Security, you will receive your authorization data (username/ password and license key). This data is necessary for both identifying you as our customer and allowing you to download updates for ESET Gateway Security. The username/password data is also required for downloading the initial installation package from our web site. ESET Gateway Security is distributed as a binary file: esets.i386.ext.
PAGE 11
Chapter 4: Architecture Overview
PAGE 12
Once ESET Gateway Security is successfully installed, you should become familiar with its architecture. Figure 4-1. Structure of ESET Gateway Security. WWW INTERFACE CONFIGURATION esets.cfg license AGENTS UTILITIES scripts esets_lic esets_ftp esets_http esets_icap esets_ssfi.so CORE system service esets_quar scanning engine esets_setup esets_update The structure of ESET Gateway Security is shown in Figure 4-1.
PAGE 13
@ETCDIR@/esets.cfg This is the most important configuration file, as it controls all major aspects of the product‘s functionality. The esets.cfg file is made up of several sections, each of which contains various parameters. The file contains one global and several "agent“ sections, with all section names enclosed in square brackets. Parameters in the global section are used to define configuration options for the ESETS daemon as well as default values for the ESETS scanning engine configuration.
PAGE 14
PAGE 15
Chapter 5: Integration with Internet Gateway services
PAGE 16
ESET Gateway Security protects the organization’s HTTP and FTP services against viruses, worms, trojans, spyware, phishing and other internet threats. The term 'Gateway Server' refers to layer 3, or 'router' level of the ISO/OSI model. In this chapter we review the process of ESET Gateway Security integration with various services. 5.1. Transparent HTTP/FTP proxy configuration The configuration for transparent proxying is based on a standard routing mechanism as shown in Figure 5-1 below: Figure 5-1.
PAGE 17
5.2. Manual HTTP/FTP proxy configuration The manual proxy configuration (see Figure 5-2) is characterized by explicitly configuring the proxied user agent to listen on a specific port and address of the parent proxy. Figure 5-2. Scheme of ESET Gateway Security as a manual proxy INTERNET Eset Gateway security Proxy Cache Gateway User Agent Client User Agent Client User Agent Client Local Network With this configuration, the proxy server usually modifies transferred requests and/or responses, i.e.
PAGE 18
To configure Firefox to use esets_http, click Tools > Options from the main menu, and click Advanced. Click the Network tab and then click the Settings... button. In the Connection Settings window, select the Manual Proxy Configuration option. Finally, enter the host name or IP address in the HTTP Proxy (or FTP Proxy) field, and enter the Port values which esets_http listens on (in this example, IP address 192.168.1.10 and port 8080 shall be specified).
PAGE 19
cache_peer 192.168.1.10 parent 8080 0 no-query prefer_direct off To reread the newly created configuration, reload the ESETS daemon. 5.3. Internet Content Adaptation configuration The Internet Content Adaptation is a well known method aimed at providing object-based content vectoring for HTTP services. It is based on the Internet Content Adaptation Protocol (ICAP) described in the RFC-3507 memo. Configuration for integrating the ICAP services is shown in Figure 5-3: Figure 5-3.
PAGE 20
The second step of the ICAP configuration method is activating the ICAP client functionality within the Proxy Cache. The ICAP client must be configured in order to properly request the esets_icap for the infiltration scanning service. The initial request line of the ICAP request must be entered as follows: METHOD icap://server/av_scan ICAP/1.
PAGE 21
To enable this technique, the parameter lo_partscan_enabled is entered in the [http] section of the ESETS configuration file. This will cause large objects to be scanned for infiltrations during transfer in predefined intervals, while the data which has already been scanned is sent to an awaiting end-point such as a client or server.
PAGE 22
configuration by clicking the Save settings button. Comment: ESET Gateway Security Profiles: antivirus The SafeSquid plug-in is operational immediately after installation, but additional fine tuning should be performed. In the following paragraphs, we explain how to configure SafeSquid to use ESETS predefined blocking templates, in the event that a transferred source object is infected (or not scanned). Logon to the SafeSquid Web Administration Interface.
PAGE 23
Chapter 6: Important ESET Gateway Security mechanisms
PAGE 24
6.1. Handle Object Policy The Handle Object Policy (see figure 6-1) mechanism provides filtering of scanned objects based on their status. This functionality is based on the following configuration options: ‘action_ av‘, ‘action_av_infected‘, ‘action_av_notscanned‘, ‘action_av_deleted‘. For detailed information on these options, please refer to the esets.cfg(5) man page. Figure 6-1. Scheme of Handle Object Policy mechanism.
PAGE 25
[http] agent_enabled = yes listen_addr = ”192.168.1.10” listen_port = 8080 action_av = ”scan” To provide individual parameter settings, define the ‘user_config’ parameter with the path to the special configuration file where the individual setting will be stored. In the next example, we create a reference to the special configuration file ‘esets_http_spec.cfg’, which is located in the ESETS configuration directory. See below: [http] agent_enabled = yes listen_addr = ”192.168.1.
PAGE 26
To create the ‘white-list’ used by esets_http it is necessary to create the following group section within the special configuration file ‘esets_http_spec.cfg’ which was introduced in the previous section. See below: [white-list] action_av = ”accept” Adding HTTP servers to the list is self-explanatory. 6.4. Samples Submission System The Samples submission system is an intelligent ThreatSense.
PAGE 27
Substitute your own values for the parameters in italics and direct your browser to ’https:// address:port’ (note the https). Login with ’name/pass’. Basic usage instructions can be found on the help page and technical details about esets_wwwi can be found on the esets_wwwi (1) man page. 6.6 Remote Administration ESETS supports ESET Remote Administration for file security management in large computer networks. For more information, please read the ESET Remote Administrator Manual.
PAGE 28
PAGE 29
Chapter 7: ESET Security system update
PAGE 30
7.1. ESETS update utility To maintain the effectiveness of ESET Gateway Security, the virus signature database must be kept up to date. The esets_update utility has been developed for this purpose (see the esets_update (8) man page for details). To launch an update, the configuration options ‘av_ update_username‘ and ‘av_update_password‘ must be defined in the [global] section of the ESETS configuration file.
PAGE 31
7.3. ESETS mirror http daemon ESETS mirror http daemon is installed automatically with ESET Gateway Security. The http mirror daemon starts if the option 'av_mirror_httpd_enabled' in the [global] section of the ESETS configuration file is set to 'yes' and the Mirror is enabled. Options 'av_mirror_httpd_port' and ´av_mirror_httpd_addr´ define the port (default 2221) and address (default: all local tcp addresses) where the http server listens.
PAGE 32
PAGE 33
Chapter 8: Let us know
PAGE 34
Dear user, we hope this Guide has provided you with a thorough understanding of the requirements for ESET Gateway Security installation, configuration and maintenance. However, our goal is to continually improve the quality and effectiveness of our documentation. If you feel that any sections in this Guide are unclear or incomplete, please let us know by contacting Customer Care: http://www.eset.com/support or use directly the support form: http://www.eset.
PAGE 35
Appendix A.
PAGE 36
A.1. Setting ESETS for scanning of HTTP communication - transparent mode HTTP scanning is performed using the esets_http daemon. In the [http] section of the ESETS configuration file, set the following parameters: agent_enabled = yes listen_addr = ”192.168.1.10” listen_port = 8080 In the example above, ‘listen_addr’ is the address of the local network interface named if0. Restart the ESETS daemon. The next step is to redirect all HTTP requests to esets_http.
PAGE 37
If IP-filtering is being performed by the iptables administration tool, the rule is: iptables -t nat -A PREROUTING -p tcp -i if0 \ --dport 21 -j REDIRECT --to-ports 2121 On FreeBSD, the rule is: ipfw add fwd 192.168.1.10,2121 tcp \ from any to any 21 via if0 in On NetBSD and Solaris, the rule is: echo 'rdr if0 0.0.0.0/0 port 21 -> 192.168.1.10 \ port 2121 tcp' | ipnat -f - A.3.
PAGE 38
PAGE 39
Appendix B.
PAGE 40
The PHP License, version 3.01 Copyright (c) 1999 - 2006 The PHP Group. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2.