Endpoint Protection

 View Only
Expand all | Collapse all

Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

  • 1.  Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Jun 11, 2014 03:31 AM

    Hi All,

    What should I do in my SEPM 12.1.3 Server to make sure that the RHEL (Linux) can download the Antivirus definition automatically from my SEPM server which is now currently connected to the internet and downloading updates for all Windows wrosktation and servers ?

    is Symantec AntiVirus for Linux 1.0.14 the latest client that I need to install in all of the Red Hat Linux servers ?

    Any kind of guidance and suggestion would be greatly appreciated.

    Thanks



  • 2.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Jun 11, 2014 03:46 AM

    Hi John,

    Yes, for the moment SAVFL 10.0.14 is the solution.  The good news is that when SEP 12.1 RU5 is released in a couple months, there will at last be a managed SEP for Linux client.  This will greatly ease the tasks of deploying policies, configurign reporting, etc.

    I expect that the SEPFL clients will need to update their definitions from Internet sources or an internal LUA 2.x server, the same as SEP for Mac.

    One important article to be aware of:

    Symantec AntiVirus for Linux: Building the AutoProtect kernel modules fails on RHEL-based Linux releases 6.3 or newer
    http://www.symantec.com/docs/TECH197524

     

     

    Hope this helps!

    Mick

     



  • 3.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Jun 11, 2014 04:00 AM

    AFAIK at this time, Linux clients can only report to the SEPM.

    They cannot use it as an update source, nor can they take policies from it (as Mick2009 says though, this will hopefully change soon).

    In the meantime, please take a look at the below article (and its links);

    How to enable Symantec Endpoint Protection Manager (SEPM) 12.1.x to receive logs from legacy clients

    Article:TECH157463  |  Created: 2011-04-05  |  Updated: 2013-12-03  |  Article URL http://www.symantec.com/docs/TECH157463
     


  • 4.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Jun 11, 2014 04:01 AM

    Cool, many thanks for the update Mick. when does the SEPM 12.1.5 released ?

    As at the moment the SAVFL is manually installed and un-managed-able because there is no way to generate the Antivirus status from the SEPM console.



  • 5.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Jun 11, 2014 04:08 AM

    SMLat,

    Is there any tool that I need to install in the SEPM 12.1.3 server to get / pull the AV definition of all Red hat servers with SAVFL installed ?



  • 6.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Jun 11, 2014 04:42 AM

    No, computer status report will get you that info.

    As of now, they can only fwd the logs ( report) to SEPM..



  • 7.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Jun 11, 2014 04:45 AM

    I'm afraid not.

    As Mick mentioned, the only options for updating Linux clients is via LiveUpdate, so this means either via Symantec directly or via an internal LUA.

    As I'm sure you know, Symantec recommend against putting a LUA on the same box as a SEPM:

    http://www.symantec.com/docs/TECH93409
    http://www.symantec.com/docs/TECH154896



  • 8.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Jun 11, 2014 06:28 AM

    As an aside, you can send SAVFL logs to the SEPM via SAVFL Reporter, see Mick2009's article on setup:

    https://www-secure.symantec.com/connect/articles/sav-linux-somewhat-illustrated-guide-part-4-savfl-reporter



  • 9.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?
    Best Answer

    Posted Sep 20, 2014 02:27 AM

    SEPM 12.1 RU5 is release in English Version

    The enterprise version of Symantec Endpoint Protection now includes the Symantec Endpoint
    Protection client for Linux. The Symantec Endpoint Protection client for Linux replaces the
    Symantec AntiVirus client for Linux and supports a greater range of distributions and kernels.
    Added distributions include Red Hat Enterprise Linux Server (RHEL) 6.5 and CentOS 6.5.

    Fo more go to the below article

    http://www.symantec.com/docs/DOC7696

    Upgrading or migrating to Symantec Endpoint Protection 12.1.5

    Article:TECH224034  |  Created: 2014-08-22  |  Updated: 2014-09-19  |  Article URL http://www.symantec.com/docs/TECH224034

    Article

    https://www-secure.symantec.com/connect/blogs/symantec-has-released-new-version-symantec-endpoint-protection



  • 10.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Sep 20, 2014 08:41 AM

    It's released:

    https://www-secure.symantec.com/connect/blogs/symantec-has-released-new-version-symantec-endpoint-protection



  • 11.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Sep 23, 2014 08:01 PM

    Thanks guys,

    So in this case I can uninstall the Symantec Live Update Administrator and just rely on the SEPM on WIndows Server to manage and distributes the Live Update to both WIndows SEPM and SAVFL ?



  • 12.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Sep 23, 2014 08:32 PM

    Linux clients cannot get updates from the default management server. For Linux clients, you must specify an internal or external LiveUpdate server.

    http://www.symantec.com/docs/HOWTO81007



  • 13.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Sep 23, 2014 09:32 PM

    why is that still be the issue here in SEP 12.1.5 ?

    I thought that LUA server is no longer needed anymore when the SEPM is upgraded to 12.1.5 ?



  • 14.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Sep 23, 2014 09:42 PM

    No clue why SEP for Linux cannot get defs from the SEPM...just wasn't included in this release.



  • 15.  RE: Managing and monitoring the Red Hat Enterprise Linux client with SEPM 12.1 ?

    Posted Sep 23, 2014 10:19 PM

    yeah,that's the thing.

    hence I've logged Idea request here: https://www-secure.symantec.com/connect/ideas/linux-sep-client-update-using-windows-sepm-rather-using-separate-lua

    Hopefully someone will pick it up for the next release.