s
Installation and Administration Guide
January 9, 2008
Installing and Using Endpoint Security Agent for Linux
Server Version NGX 7.0 GA
© 2008 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their
use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by
any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book,
Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check
Point Endpoint Security, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing,
ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoreXL, CoSa,
DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX,
FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity
Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC,
OSFirewall, Pointsec, Pointsec Mobile, Pointsec PC, Pointsec Protector, Policy Lifecycle Management, Provider-1, PureAdvantage,
PURE Security, the puresecurity logo, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge,
SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Security
Management Portal, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter
UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal,
SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SMP, SMP On-Demand,
SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, UTM-1,
UTM-1 Edge, UTM-1 Edge Industrial, UTM-1 Total Security, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1
Express CI, VPN-1 Power, VPN-1 Power Multi-core, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1
SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm
Antivirus, ZoneAlarm ForceField, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs,
and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm
is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered
trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668,

5,835,726, 5,987,611, 6,496,935, 6,873,988, 6,850,943, and 7,165,076 and may be protected by other U.S. Patents, foreign
Endpoint Security Agent for Linux 3
Contents
Chapter 1 Deployment Process
and Requirements
System Requirements ............................................................... 4
Deployment workflow ................................................................ 4
Chapter 2 Managing Linux Computer Groups
Managing Linux computer groups ............................................... 6
Creating a user catalog and group for Linux computers ....................7
Setting the cm_auth parameter .....................................................7
Chapter 3 Overview of Policy Settings
Supported policy settings .......................................................... 8
Understanding policy enforcement ............................................. 9
Disconnected policy for Linux options ..........................................10
Managing the disconnected policy ............................................ 10
Chapter 4 Installing and Configuring Endpoint Security Agent
Determining the installation type ............................................. 12
Installing using the installation script ....................................... 13
Uninstalling using the installation script ......................................15
Installing using the Endpoint Security Agent RPM ..................... 16
Before you begin .......................................................................16
Building a customized RPM ........................................................17
Installing Endpoint Security Agent using RPM ..............................17
Upgrading Endpoint Security Agent using RPM ............................18
Uninstalling Endpoint Security Agent using RPM ..........................19
Customizing the Endpoint Security Agent configuration .............. 20
Configuration file settings ...........................................................20
Changing the Endpoint Security Server Connection Manager address ..
22

Changing the cm_auth parameter ................................................22
Running Endpoint Security Agent ............................................ 23
Using the command line interface ...............................................23
Using the Service Manager .........................................................25
Checking the Log .......................................................................25
Chapter
Endpoint Security Agent for Linux 4
1
Deployment Process
and Requirements
In This Chapter
Endpoint Security Agent for Linux® provides enterprise endpoint security for Linux users.
Use this guide to install and administer Endpoint Security Agent for Linux.
This chapter provides the system requirements and an overview of the deployment and
implementation process for Endpoint Security Agent for Linux in an established, Endpoint
Security server-protected enterprise network.
System Requirements
See the Endpoint Security Systems Requirements document for supported operating
systems.
Deployment workflow
To successfully deploy Endpoint Security Agent for Linux to endpoint computers on your
Endpoint Security-protected network, perform the procedures below in order. Each phase of
the deployment process is dependant on the items you verified or configured in the previous
phase.
System Requirements page 4
Deployment workflow page 4
This document is intended specifically Endpoint Security Agent for Linux. All
references in this document to Endpoint Security Agent refer to the Linux version,
unless otherwise specified.
Endpoint Security Agent for Linux 5

To deploy Endpoint Security Agent for Linux:
1. Create a user catalog and group for the protected Linux computers.
See “Creating a user catalog and group for Linux computers,” on page 7.
2. Create and assign an enterprise policy to the Linux user group.
First see “Overview of Policy Settings,” on page 8, then go to the Endpoint
Security Administrator Guide for detailed instructions on creating, configuring,
and assigning the enterprise policy.
3. Create and export a disconnected policy for Endpoint Security Agent.
First see “Supported policy settings,” on page 8, then go to the Endpoint
Security Administrator Guide for detailed instructions on creating, configuring,
and exporting a policy.
4. Install Endpoint Security Agent for Linux on the endpoint computers.
See “Installing and Configuring Endpoint Security Agent,” on page 12.
5. Customize Endpoint Security Agent for Linux (optional).
See “Customizing the Endpoint Security Agent configuration,” on page 20.
Chapter
Endpoint Security Agent for Linux 6
2
Managing Linux Computer Groups
In This Chapter
This chapter explains how to manage Linux computer groups and their policy assignments on
the Endpoint Security server.
To assign policies and ensure that those policies are exclusively deployed to the Linux users
in your environment, you may isolate Linux users on your network. You can do this by creating
user catalogs and configuring the ilagent.conf file to send the policies to that catalog.
The following describes some reasons you may want to design policies specifically for
Endpoint Security Agent for Linux.

Setting specific security policies: You may wish your Linux users to have different
security rules than your Windows users.


Reducing policy size: Since the Linux version of Endpoint Security Agent does not use
program control, you can reduce your policy size for Linux users by disabling program
control in the policy you define for them. Disabling program control reduces the policy
size by up to 80% by excluding the referenced program list from the policy. Reducing the
policy size may decrease your bandwidth requirements.
Managing Linux computer groups
In order to assign an enterprise security policy to Linux users, you must create a user catalog
group. Endpoint Security Agent users get the policy assigned to their user catalog. Linux
users who are not identified as being part of that user catalog, get the default policy.
Managing Linux computer groups page 6
For step-by-step instructions on creating and assigning policies, refer to the
Endpoint Security Administrator Guide.
Endpoint Security Agent for Linux 7
Endpoint Security Agent for Linux 7
To manage Linux computer groups:
1. Create a user catalog and group for Linux computers. See “Creating a user
catalog and group for Linux computers,” on page 7
2. Set the cm_auth parameter to the catalog and group you created in step 1. See
“Setting the cm_auth parameter,” on page 7.
Creating a user catalog and group for Linux
computers
Create a new custom catalog and group that you can use to assign a policy to
computers running Endpoint Security Agent.
To create a user catalog and group for protected Linux computers:
1. Log onto the Endpoint Security Server administrator console.
2. Go to the Endpoint Manager page, and select New Catalog | Custom.
The New Custom Catalog page appears.
3. Complete fields for the custom catalog.
4. Click Save.

The new custom catalog for Linux is created.
5. Select the catalog you created in step 4, then click New Group.
6. Complete fields for the user group.
7. Click Save.
The new user group for Linux is created.
Setting the cm_auth parameter
When configuring the ilagent.conf file, set the cm_auth parameter to the user catalog
and group you created in
“Creating a user catalog and group for Linux computers,”
on page 7. See “Customizing the Endpoint Security Agent configuration,” on page 20
for more information about setting the ilagent.conf file parameters.
Chapter
Endpoint Security Agent for Linux 8
3
Overview of Policy Settings
In This Chapter
Endpoint Security Agent enforces the following two policies:

The enterprise policy that is managed on the Endpoint Security server Server. Endpoint
Security Agents enforce this policy when the protected computer is connected to the
Endpoint Security server.

The disconnected policy for Linux is centrally created but can only be managed on the
protected computer. You can configure Endpoint Security Agent to enforce this policy
when the protected computer is not connected to the Endpoint Security server.
Supported policy settings
Endpoint Security Agent enforces most classic firewall rule settings and connection state
related client settings in an Endpoint Security security policy. It ignores all other
unsupported settings that are included in the policy.
The following describes Endpoint Security Agent supported policy settings:


Names and Notes. Policy information, name, description and notes, used to identify the
policy on both Endpoint Security server and protected computer.

Most classic firewall rule settings. Blocks or allows network traffic by source, destination,
and protocol.
Supported policy settings page 8
Understanding policy enforcement page 9
Managing the disconnected policy page 10
Use Policy Studio, as described in the Endpoint Security Administrator Guide, to
manage enterprise policies and create and export a disconnected policy.
Endpoint Security Agent for Linux 9

Client-Server Communications

Heartbeat frequency and Log transfer frequency

Policy Arbitration Rules

Permit user to shutdown the Endpoint Security client when enterprise
policy is active

Enforce this policy when client is disconnected.

Policy assignment. Delivers enterprise security policies to protected computers.
To define a user group for Linux users, see “Creating a user catalog and group for
Linux computers,” on page 7 of this manual.
Understanding policy enforcement
The policy Endpoint Security Agent enforces changes according to the protected
computers connection state as follows:


When the protected computer disconnects from Endpoint Security server. On
disconnection, Endpoint Security Agent loads and enforces the disconnected
policy.

When the protected computer connects to the Endpoint Security server. On
connection, Endpoint Security Agent loads and enforces the enterprise policy
deployed by the server.
Endpoint Security Agent supports all classic firewall settings EXCEPT the following:

Time and day settings. Rules with these settings are enforced all the time.

IGMP protocol type and number. Rules with these settings are enforced for all IGMP
traffic.
If the computer is not compliant with the minimum version, Endpoint Security
Agent logs the event in the log file. The session is not restricted.
See the Endpoint Security Administrator Guide for policy configuration instructions.
If you enable Enforce this policy when client is disconnected in the enterprise
policy, Endpoint Security Agent enforces the enterprise policy whether it is
connected or not.
Endpoint Security Agent for Linux 10

When the protected computer is connected and receives a different enterprise
policy from Endpoint Security server. Endpoint Security Agent loads and enforces
the new enterprise policy. The IPtable settings are overwritten by the new policy.
Disconnected policy for Linux options
Consider the following options when setting up and configuring the disconnected
policy for Linux:

To provide a more permissive policy when protected computers are not connected,

create and export a disconnected policy with limited number of classic firewall
rules.

To reduce the policy size, set Program Rules, Program Control for policy_name:
Disable program control. This setting excludes the list of referenced programs from
the policy.

To provide the same level of security when protected computers are not connected,
in the enterprise policy set Client Settings, Policy arbitration rules: Enforce this
policy when client is disconnected. Endpoint Security Agent enforces the
enterprise policy when disconnected.

To allow the users to configure their own security settings when the protected
computer is not connected, do not include a disconnected policy in the installation
package or change the disconnected policy value in the Endpoint Security Agent
configuration file to null.
Managing the disconnected policy
This section explains how to change the name or location of the disconnected policy.
After you install the Endpoint Security Agent, you can modify the disconnected policy
settings only on the protected computer. If you modify settings or replace the
disconnected policy (without changing the file name or location), simply restart
Endpoint Security Agent. No other configuration tasks are required.
To change the name or location of the disconnected policy:
1. Using the Endpoint Security Administration Console, create and export a
disconnected policy.
Endpoint Security Agent for Linux does not display any alerts to the user upon
enforcement.
You can configure Endpoint Security Agent to only enforce a policy when it is
connected to the Endpoint Security server Server by setting the disconnected_policy
value to null (““) in the Endpoint Security Agent configuration file.