logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to Perform an Offline Air-Gapped Server Installation

EDR: How to Perform an Offline Air-Gapped Server Installation

Environment

  • EDR Server: 7.x+
  • Linux: All Supported Versions

Objective

To install EDR server onto Air-Gapped Linux servers that do not have access to the public internet. 

Resolution

The caching server is a Linux server that connects to the Internet to collect the rpm packages necessary to perform an EDR install.  It does not need to meet the Operating Environment Requirements (OER).
The air-gapped server is the production Linux server that does not connect to the Internet.  It must meet OER sizing guides.
Note: The caching server needs to matches the OS and kernel version of the air-gapped server.
Note: These steps are for a new installation only.  Using these instructions for updating EDR can result in loss of all data, configurations and certificates.

Configure the Caching Server:
  1. Install the appropriate OS on the caching server.
  2. Install the Carbon Black EDR License RPM.  
Example file name: carbon-black-release-1.0.2-1-My_Company.x86_64.rpm
  1. Install that file onto the caching server:
# rpm -ivh <carbon-black-release-file>
  1. Edit /etc/yum.conf, and set:
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=1
  1. Run:  
# yum install cb-enterprise
  1. Tar up the Yum cache directory: (the files are saved in a directory specified in /etc/yum.conf cachedir key value)
# tar --selinux -cvzf yumcache.tar.gz -C /var/cache/yum/x86_64/6/ .
  1. Take the resulting file (yumcache.tar.gz) and move it to the desired offline server.
  2. Log into the offline EDR server CLI
  3. If necessary, create the following folder hierarchy:
# mkdir /var/cache/yum/x86_64/6/
  1. Untar the file to the local offline server:
# tar -xvzf yumcache.tar.gz -C /var/cache/yum/x86_64/6/
  1. Install EDR as normal, but flag it (with -C) to only use the local cache, which will pull the RPM files from the local yum cache directory that was just created.
# yum install -C cb-enterprise
  1. Complete the installation by running the following.
# sudo /usr/share/cb/cbinit

Additional Notes

This staging/caching server must be the same OS (CentOS, RHEL) as the actual target EDR server.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
4921
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.