eset/eramdc at master · Cat5TV/eset · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
#!/bin/bash

########
#
# ESET Remote Administrator Mobile Device Connector Script for ERA Virtual Appliances (v6)
# By Robbie Ferguson
#
# Deploy Mobile Device Connector on an ESET Remote Administrator virtual appliance
# Typically when deploying the OVA, you'd choose one option or the other. This script lets you have both on one VM.
#
# This can be deployed without any purchase necessary, however an active ESET business license must be added in order to deploy clients
#
# Download the appliance:
#
#  - OVA (VMware vSphere, VMware Player, VMware Workstation, Oracle VirtualBox, ESXi 5.0+)
#    https://download.eset.com/com/eset/apps/business/era/appliance/latest/era_appliance.ova
#
#  - VHD (Microsoft Hyper-V)
#    https://download.eset.com/com/eset/apps/business/era/appliance/latest/era_appliance.vhd.zip
#
# SSH to server:
#  IP address will be displayed in the VM console.
#  Username: root
#  Password: eraadmin (this will change when you set one during activation)
#
# Prepare for Installation:
#  ./eramdc prep
#
# Follow the on-screen instructions during prep to configure the ESET Remote Administrator appliance in your browser.
#
# Install MDC on ERA VM (you will need to re-enter the password you created above)
#  ./eramdc install
#
########

#### Begin Configuration

  version="6.5.510.0" # from MDM's URL as found in the download section
  nic="eth0"

#### End Configuration

ip=$(/sbin/ip -f inet addr show $nic | grep -Po 'inet \K[\d.]+')
me=$(/usr/bin/basename $0)
command=$1

if [[ "$command" == "prep" ]]; then

  # Get the latest version of the MDC installer
  wget -O /root/eset_installers/MDMCore-Linux-x86_64-$version.sh https://download.eset.com/com/eset/apps/business/era/mdm/v6/$version/mdmcore-linux-x86_64.sh
  chmod +x /root/eset_installers/MDMCore-Linux-x86_64-$version.sh && rm -f /root/eset_installers/MDM.sh && ln -s /root/eset_installers/MDMCore-Linux-x86_64-$version.sh /root/eset_installers/MDM.sh

  # Add PHP for use by tools shell script
  if [[ ! -e /usr/bin/php ]]; then
    yum -y install php-cli
  fi

  # Add driver named "MySQL"
  if ! grep -q "\[MySQL\]" /etc/odbcinst.ini; then
    odbc=$(find /usr/lib64/libmyodbc*w.so)
    echo "[MySQL]
Driver=$odbc
UsageCount=1
" >> /etc/odbcinst.ini
/usr/bin/odbcinst -i -d -f /etc/odbcinst.ini
  fi

  echo ""
  echo "---

  Load https://$ip in browser and set up ESET Remote Administrator Server Appliance.

  Set Hostname to $(hostname)

  Enter a password. Remember this will be your new SSH password after the reboot.

  Setup Windows domain credentials, or leave blank if not applicable.

  Check off the HTTP Proxy option for locally-mirrored updates.

  Save and allow the virtual server to reboot.

  After reboot, wait for the "Configuring" message to disappear and then SSH in.

  To complete the installation, run: $0 install

  ---

  "
  touch /var/log/eramdc.log
  exit

elif [[ "$command" == "install" ]]; then

  if [[ ! -f /var/log/eramdc.log ]]; then
    echo "You have not prepared the system yet."
    echo "Usage: $0 prep"
    echo ""
    exit
  fi

read -s -p "Enter your password again: " password

# Create Firewall Rules

  # Web interface
    iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT

  # MDC
    # Mobile Device Enrollment
    iptables -A INPUT -m state --state NEW -p tcp --dport 9980 -j ACCEPT
    # Mobile Device Communication
    iptables -A INPUT -m state --state NEW -p tcp --dport 9981 -j ACCEPT
    # Notifications via Apple Push services
    iptables -A INPUT -m state --state NEW -p tcp --dport 2195 -j ACCEPT
    # Apple Feedback service
    iptables -A INPUT -m state --state NEW -p tcp --dport 2196 -j ACCEPT

  # Mirror Server
    iptables -A INPUT -m state --state NEW -p tcp --dport 2221 -j ACCEPT

  # Client/Server Connections
    iptables -A INPUT -m state --state NEW -p tcp --dport 2222 -j ACCEPT
    iptables -A INPUT -m state --state NEW -p tcp --dport 2223 -j ACCEPT

  # Wake-up Call
    iptables -A INPUT -m state --state NEW -p tcp --dport 1237 -j ACCEPT
    iptables -A INPUT -m state --state NEW -p tcp --dport 1238 -j ACCEPT

  # Apache HTTP Proxy
    iptables -A INPUT -m state --state NEW -p tcp --dport 3128 -j ACCEPT

  # LDAP Synchronization
    iptables -A INPUT -m state --state NEW -p tcp --dport 389 -j ACCEPT

  # Save and reload firewall rules
    service iptables save
    service iptables restart

# End Firewall Rules


# Generate a new cert
#  openssl req -out /tmp/cert.csr -new -newkey rsa:2048 -nodes -keyout /tmp/cert.key
#  openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/cert.key -out /tmp/cert.crt
#  openssl pkcs12 -export -out /tmp/cert.pfx -inkey /tmp/cert.key -in /tmp/cert.crt -certfile /tmp/cert.crt
#  cert=/tmp/cert.pfx

# Use the cert that was created during setup
  cert=/opt/eset/RemoteAdministrator/Server/server-certificate.pfx
  /root/eset_installers/MDM.sh \
  --skip-license \
  --https-cert-path="$cert" \
  --port=2222 \
  --db-type="MySQL" \
  --db-driver="MySQL" \
  --db-admin-username="root" \
  --db-admin-password=$password \
  --db-user-password=$password \
  --db-hostname=127.0.0.1 \
  --webconsole-password=$password \
  --hostname=$(hostname) \
  --mdm-hostname=$ip

echo ""
echo "As soon as the server returns from a reboot, you should be all set."
echo "To test, visit https://$ip:9980"
echo ""
exit
reboot

else
  echo "Usage: ./$me [prep|install]"
fi