CentOS 8にTrend Micro ServerProtect for Linuxをインストールしてみました。
ServerProtect for Linux 3.0
https://downloadcenter.trendmicro.com/index.php?regs=jp&prodid=1320
最新は3.0 ビルド:3.0.1621でした。
システム要件
https://www.trendmicro.com/ja_jp/business/products/user-protection/sps/endpoint/serverprotect-linux.html#requirements-tm-anchor
- ダウンロード
- Unpack
- Install
- perl-Sys-Syslog Install
- Reinstall
- KHMのインストール
- splx再起動
- Firewall設定
- Webコンソールにアクセス
プログラムをダウンロードします。
1 2 3 4 |
[root@centos8 ~]# curl -O https://files.trendmicro.com/products/splx_RHEL8/SPLX30-X64-Redhat8_CentOS8_Suse15-repack.tgz/SPLX30-X64-Redhat8_CentOS8_Suse15-repack.tgz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 83.1M 100 83.1M 0 0 13.0M 0 0:00:06 0:00:06 --:--:-- 20.4M |
1 2 3 4 |
[root@centos8 ~]# tar xvfz SPLX30-X64-Redhat8_CentOS8_Suse15-repack.tgz SProtectLinux-3.0.bin [root@centos8 ~]# ls -l SProtectLinux-3.0.bin -r-xr-xr-x. 1 root root 87144706 Jan 17 13:47 SProtectLinux-3.0.bin |
ライセンス表示の後にperl-Sys-Syslogパッケージが無いと。
1 2 3 4 5 6 7 8 9 |
[root@centos8 ~]# ./SProtectLinux-3.0.bin NOTICE: Trend Micro licenses its products in accordance with certain terms and (snip) Do you agree to the above license terms? (yes or no) yes Installing ServerProtect for Linux: Dependency failed: Please install perl-Sys-Syslog package |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
[root@centos8 ~]# dnf -y install perl-Sys-Syslog Last metadata expiration check: 3:28:44 ago on Sat Jun 27 12:39:34 2020. Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: perl-Sys-Syslog x86_64 0.35-397.el8 AppStream 50 k Transaction Summary ================================================================================ Install 1 Package Total download size: 50 k Installed size: 95 k Downloading Packages: perl-Sys-Syslog-0.35-397.el8.x86_64.rpm 116 kB/s | 50 kB 00:00 -------------------------------------------------------------------------------- Total 37 kB/s | 50 kB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : perl-Sys-Syslog-0.35-397.el8.x86_64 1/1 Running scriptlet: perl-Sys-Syslog-0.35-397.el8.x86_64 1/1 Verifying : perl-Sys-Syslog-0.35-397.el8.x86_64 1/1 Installed: perl-Sys-Syslog-0.35-397.el8.x86_64 Complete! |
TMCMへの登録はNo, アクティベーションコードは無いので[Ctrl+D]でスキップしています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
[root@centos8 ~]# ./SProtectLinux-3.0.bin NOTICE: Trend Micro licenses its products in accordance with certain terms and conditions. By breaking the seal on the CD jacket in the Software package or (snip) SPLX version 3.0 Released November, 2019 Do you agree to the above license terms? (yes or no) yes Installing ServerProtect for Linux: Unpacking... Installing rpm file... Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:SProtectLinux-3.0-1621 ################################# [100%] Do you wish to connect this SPLX server to Trend Micro Control Manager? (y/n) [y] n Activate ServerProtect to continue scanning and security updates. Activation is a two-step process that you can complete during or after installation. Step 1. Register Use the Registration Key that came with your product to register online (https://olr.trendmicro.com/redirect/product_register.aspx). (Please skip this step if the product is already registered.) Step 2. Activate Type the Activation Code received after registration to activate ServerProtect. (Press [Ctrl+D] to abort activation.) Activation Code: Starting services... Starting ServerProtect for Linux: Checking configuration file: [ OK ] Starting splxcore: Starting Entity: [ OK ] Loading splx kernel module: [FAILED] Starting vsapiapp: [FAILED] ServerProtect for Linux core started. [ OK ] Starting splxhttpd: Starting splxhttpd: [ OK ] ServerProtect for Linux httpd started. [ OK ] ServerProtect for Linux started. ServerProtect has not been activated. You must activate your product to enable scanning and security updates. ServerProtect for Linux installation completed. |
下記サイトからKernel Hock Moduleをインストールします。
http://downloadcenter.trendmicro.com/index.php?clk=tbl&clkval=111®s=NABU&lang_loc=1#fragment-111
1 2 3 4 5 6 7 8 9 10 |
[root@centos8 ~]# uname -r 4.18.0-193.6.3.el8_2.x86_64 [root@centos8 ~]# curl -O https://files.trendmicro.com/products/splx/splx_kernel_module-3.0.1.0020.CentOS8_4.18.0-193.6.3.el8_2.x86_64.x86_64.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 843k 100 843k 0 0 364k 0 0:00:02 0:00:02 --:--:-- 364k [root@centos8 ~]# tar xvfz splx_kernel_module-3.0.1.0020.CentOS8_4.18.0-193.6.3.el8_2.x86_64.x86_64.tar.gz splxmod-4.18.0-193.6.3.el8_2.x86_64.x86_64.o splxmod-4.18.0-193.6.3.el8_2.x86_64.x86_64.o.md5 [root@centos8 ~]# cp splxmod-4.18.0-193.6.3.el8_2.x86_64.x86_64.o /opt/TrendMicro/SProtectLinux/SPLX.module/ |
1 |
[root@centos8 ~]# systemctl restart splx |
Webコンソールへのアクセスは
http://< ホストサーバ >:14942
または
https://< ホストサーバ >:14943
になるので、取り合えずポート14943を許可します。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[root@centos8 ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="14943" accept" success [root@centos8 ~]# firewall-cmd --reload success [root@centos8 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.1.0/24" port port="14943" protocol="tcp" accept |
Webブラウザでhttps://< ホストサーバ >:14943にアクセスすれはログイン画面が表示されます。
パスワードの初期値は無しなので、そのままログインできます。
アクティベーションコードが無いのでここまで。