3.2. Procedure – Installing PNS on a Ubuntu server

Purpose: 

If you want to install PNS on an existing Ubuntu server, complete the following steps.

Prerequisites: 

Steps: 

1. Login to the host as root from a local console or using SSH.

2. Update your system and upgrade the PNS-related packages. This is important, because there might be newer packages available. To update your system, enter the following commands:

   sudo apt update
   sudo apt dist-upgrade

   Note that during this step, some packages may be downgraded. This is normal.

3. Create a mount point for the PNS install medium:

   sudo mkdir -p /media/cdrom

4. Mount the PNS install medium to the previous mount point.

   sudo mount /dev/cdrom /media/cdrom -o ro

5. To allow checking of PNS package signatures by APT, install the Balasys GPG keys:

   sudo /media/cdrom/install-balasys-archive-key.sh

6. Add PNS package repositories to APT's list of available sources.

   sudo apt-cdrom add

7. Install the PNS components that you want to use on the host. Issue the following command: sudo apt-get install <PNS-components-to-install>, where replace the <PNS-components-to-install> part of the command with the package names of the PNS components that you want to use on the host. The following packages are available:

   • PNS Pro Firewall: zorpproduct-zorp
   • Management Server (MS): zorpproduct-zms
   • Authentication Server (AS): zorpproduct-zas
   • Content Filtering (CF): zorpproduct-zcv
   • NOD32 Antivirus Engine: zorpproduct-nod32
   • ClamAV Antivirus Scanner: zorpproduct-clamav
   • SpamAssassin spam filter: zorpproduct-spamassassin
   • ModSecurity: zorpproduct-modsecurity

   • Management Server: The Management Server (MS) and its corresponding packages. MS — depending on its product license — can be installed on the Zorp firewall host or on a separate machine.(Package name: zorpproduct-zms)

   • PNS Pro Firewall: The packages required for a firewall host. (Package name: zorpproduct-zorp)

   • Authentication Server: The Authentication Server (AS) enables the authentication of network traffic on the user level at the firewall using password, CryptoCard, S/key, or X.509 methods. Integrating with existing Microsoft Active Directory, LDAP, PAM, and Radius databases is also supported. The module can be installed either together with the PNS and MS modules or separately at a later date. (Package name: zorpproduct-zas)

   • Content Filtering: The Content Filtering (CF) is a framework and a uniform interface to manage various built-in and third party content vectoring modules (that is, virus and spam filtering engines). The content vectoring modules to be installed (in addition to the CF framework) can be selected from the following list. (Package name: zorpproduct-zcv)

     Warning
     The CF framework and the content vectoring modules must be installed on the same host.

     • ClamAV Antivirus Scanner: This module contains the libraries and virus signature databases needed for using the ClamAV antivirus engine. (Package name: zorpproduct-clamav)

     • NOD32 Antivirus Engine: This module contains the libraries and virus signature databases needed for using the Eset NOD32 antivirus engine. (Package name: zorpproduct-nod32)

     • SpamAssassin spam filter: This module contains the libraries and databases needed for using the SpamAssassin spam filtering engine. (Package name: zorpproduct-spamassassin)

     • ModSecurity: This module contains the libraries needed for using ModSecurity web application firewall (WAF) engine. (Package name: zorpproduct-modsecurity)

   For further information on the different modules, see the Chapter 14, Virus and content filtering using CF in Proxedo Network Security Suite 1.0 Administrator Guide.

   Below are some guidelines about which modules should be installed on the different types of machines.

   • When installing a single firewall (or a node of a cluster) that will be managed from a separate MS host, select only the PNS Pro Firewall component.

   • The third-party modules that can be used by CF must be licensed separately from PNS. Select them only if you have a valid license for them, and only when you are installing the host that will run CF.

   • When installing a MS host that will manage one or more PNS firewalls, but the machine itself will not be used as a firewall, select the Management Server (MS) component.

   • If you will use a single host as the firewall and MS, select the Management Server and the PNS Pro Firewall components. Also select Content Filtering and its required modules, and the Authentication Server component if you have purchased licenses for them.

   • Authentication Server (AS) is an optional, central authentication service that can be installed on a PNS machine. If you have license for AS select it together with the PNS Pro Firewall component. This service must be licensed separately.

   Note
   The Management Console and the Authentication Agent (also called Satyr) applications are client–side components that cannot be installed on PNS hosts. Their installation is discussed in Chapter 5, Installing the Management Console and Chapter 6, Installing the Authentication Agent (AA), respectively.

   After choosing the modules to install, select Continue.

   Note
   When you continue the installation, some steps may not appear for you, depending on the components you have selected to install.

8. Umount the PNS install medium from the file system.

   sudo umount /dev/cdrom

9. Configure network interface bootstrap by MS.

10. Reboot the system:

    sudo reboot

11. Repeat this procedure to install other hosts if needed for your environment.

12. If you have installed a Management Server (MS), install the Management Console (MC) application on the deskop of your PNS administrators. For details, see Chapter 5, Installing the Management Console.