Generating the installation package and manual deployment

  • From the top menu, select Computers. In the upper-right corner of the page, click Add computers. A dialog box opens that shows all platforms supported by Panda Adaptive Defense 360.

  • Click the Linux icon. The Linux dialog box opens.

Dialog box for selecting a platform supported by Panda Adaptive Defense 360

  • To add the computer to a group created in the management console, select Add computers to this group. From the drop-down list, select a folder.

  • To add the computer to an Active Directory group, select Add computers to their Active Directory path.

    The security policies assigned to a computer depend on the group it belongs to. If you select Add computers to their Active Directory path, and the Active Directory administrator moves a computer from one organizational unit to another, the change is reflected in the Panda Adaptive Defense 360 console as a group change. The security policies assigned to the computer might also change.

  • To establish a network settings profile other than the profile of the group the computer is added to, click Select the network settings to apply to the computers. From the drop-down list, select a settings profile. Initially, all the settings profiles that are applied to a computer when you add it to the console are the profiles that are assigned to the console group it belongs to. However, to avoid connectivity issues and prevent the computer from being inaccessible from the console because of incorrect network settings, you can set an alternative profile. For more information about how to create network settings profiles, see Configuring the agent remotely.

  • To send the installer to the target user by email:

    • Click the Send URL by email button. Your email application opens a new email with the download URL.

    • Add recipients to the message. Click Send.

    • When a user clicks the link, the installer downloads.

  • To download the installation package and share it with the users on the network, click Download installer.

Installation on Linux computers

Depending on the characteristics of the target computer, you can install the agent in multiple ways:

  • Installation on Linux computers with an Internet connection

  • Installation on Linux computers with Secure Boot

  • Installation on Linux computer with limited Internet access

Installation on Linux computers with an Internet connection

Make sure you have administrator permissions on the device. Make sure the downloaded package has execute permissions. The installer searches the target computer for the libraries it needs. If it cannot find the libraries, it downloads them automatically from the Internet.

  • Open a terminal in the folder where the downloaded package is located. Run these commands:

$ sudo chmod +x “/DownloadPath/Panda Endpoint Agent.run”
$ sudo “/DownloadPath//Panda Endpoint Agent.run”

  • On hardened computers, use the --target ./install/ command to generate a temporary folder in the script location.

$ sudo “/DownloadPath/Panda Endpoint Agent.run” --target ./install/

  • If you use a proxy server to access the Internet, add this parameter: --proxy. If you want to specify a list of proxy servers, use this parameter: --proxy=<proxy-list> . The installation script uses the first proxy server in the list. If the server fails, the script continues down the list of proxy servers until it finds one that works.

  • <proxy-list> is a list of proxy servers separated by commas. Users and protocols are indicated with this syntax:

<http|https>://<user1>:<pass1>@<host1>:<port1>

  • For example, to install a Linux agent that uses two proxy servers:

$ sudo “/DownloadPath/Panda Endpoint Agent.run” -- --proxy=http://user1:pass1@192.168.0.1:3128, http://user2:pass2@192.168.0.2:3128

  • To verify that the AgentSvc process is running, run this command:

$ ps ax | grep Agent Svc

  • Make sure this installation directory was created:

/usr/local/management-agent/*

Installation on Linux computers with Secure Boot

Some Linux distributions detect when a computer has Secure Boot enabled. With Secure Boot enabled, the security software that is not correctly signed is automatically disabled. Secure Boot is detected when the software is installed, or later, if the distribution did not initially support this feature but it was added in a later update. In either case, the console shows an error and the protection software does not run. To solve the protection errors related to Secure Boot from the computer experiencing the problem, make sure your system meets these requirements and complete the steps to resolve the errors:

System requirements

  • DKMS (Dynamic Kernel Module Support) systems: mokutil and openssl packages.

  • Oracle Linux 7.x/8.x with UEKR6 kernel: Repository ol7_optional_latest enabled, and openssl, keyutils, mokutil, pesign, kernel-uek-devel-$(uname -r) packages.

Enabling the security software on computers with Secure Boot

To enable the security software on the target computer:

  • Check the state of Secure Boot:

$ mokutil --sb-state

If Secure Boot is enabled on the computer, Secure Boot enabled displays.

  • Verify that the protection driver is not loaded:

$ lsmod | grep prot

  • Import the protection keys:

$ sudo /usr/src/protection-agent-<version>/scripts/sb_import_key.sh

The agent and protection files have this format: protection-agent-03.01.00.0001-1.5.0_741_g8e14e52. The name varies according to the version and the driver.

A message appears to explain the implications of Secure Boot.

  • Press C to register the certificate used to sign the modules.

  • Enter an eight-character password.

  • Restart the computer and complete the registration process:

    • To start the registration process, press any key. This screen appears for a limited time. If you do not press a key, you must restart the registration process.

    • Select Enroll MOK. To view the keys that are going to be registered, select View key.

    • Confirm the keys belong to Panda Security. Select Continue.

    • To enroll the key, select Yes.

    • Enter the password created in step 3. Select Reboot.

    • Confirm the driver is loaded:

$ lsmod | grep prot
Oracle Linux 7.x/8.x with UEKR6 kernel

When the distribution installed is Oracle Linux 7.x/8.x with UEKR6 kernel, after you complete the steps to register the certificate, follow these steps:

  • Run this command:

$ sudo /usr/src/protection-agent-<version>/scripts/sb_import_key.sh

This command adds the certificate used to sign the modules to the list of certificates trusted by the kernel. The modified kernel is signed and added to the list of kernels in GRUB.

  • Restart the computer. The module is loaded and started.

  • To confirm that the certificate was added correctly, run this command:

$ sudo /usr/src/protection-agent-<version>/scripts/sb_import_key.sh

The results should be:

The signer’s common name is UA-MOK Driver Signing
Image /boot/vmlinuz-kernel-version-panda-secure-boot is already signed
Kernel module is successfully loaded

Installation on Linux computers with limited Internet access

Panda Adaptive Defense 360 must connect to the Internet to work correctly. However, you might want to restrict Internet access for the servers on which the security software runs to prevent information from being downloaded or sent from or to unknown external sources. In such case, Panda Adaptive Defense 360 cannot complete the installation process because it requires access to external repositories to satisfy its dependencies.

This installation method enables you to install the security software on computers that can access only the Pandacloud, from which they can download a package with all required libraries.

With this installation method, the third-party libraries included in the package that have errors or vulnerabilities do not automatically update on the protected computer.

The installer is compatible with these Red Hat-based distributions:

  • Red Hat

  • CentOS

  • CentOS Stream

  • SuSE Linux Enterprise

  • openSUSE

  • Oracle Linux

  • Alma Linux

  • Rocky Linux

For more information about the supported versions of these distributions, see Supported distributions

The installer is compatible with these Linux agent and protection versions:

  • Protection version: 3.00.00.0050 and higher.

  • Agent version: 1.10.06.0050 and higher.

If you use the package with an unsupported Linux distribution, the installation process will fail. You can use this installation method only if you install the solution on a computer that does not have a previous version of the security software installed. Otherwise, the repository previous settings are kept.

To install the Panda Adaptive Defense 360 agent without an Internet connection, open a terminal in the folder where the downloaded package is located. Run these commands:

$ sudo chmod +x “/DownloadPath//Panda Endpoint Agent.run”
$ sudo "/DownloadPath/Panda Endpoint Agent.run" –- --no-deps