Skip to main content


Security Containers

For orchestrated container clusters/nodes

To deploy a Security Container instance on a cluster follow the steps below:

  1. Go to Network > Packages.

  2. Select the package you wish to use to install the instance.



    Make sure the package has the Container Protection module included. For more about creating an installation package refer to Install security agents - standard procedure.

  3. Click Download and select Security Container:


    This will open the Download Security Container screen. The screen will provide scripts for installing Security Containers on all supported Kubernetes environments.



    You can also use the Kubernetes script to install Security Containers on an OpenShift environment. When doing so, we recommend adding --openshift at the end of the Kubernetes script. It should look like this:

    curl -s | bash -s – --server ${ECS_ADDRESS} --company ${COMPANY_ID} --openshift


    Currently, Openshift environments are only supported for Azure Kubernetes Service (AKS) and VMware.

  4. Make sure no instance of BEST is installed on the targeted container host.


    This can be done through the same methods specified in step 7.

  5. Select the copy_script.PNGCopy button next to the environment you wish to install the Security Container on.

  6. Go to your Kubernetes environment and run the script.


    This will deploy an instance of Security Container on every host in your designated cluster.

  7. Verify the deployment:

    • In your Kubernetes environment by using the kubectl get pods entry.

    • In the GravityZone console, from the Network screen.

For Linux hosts

To install a Security Container on a Linux server with docker installed, run the below command :


Internet access on your docker host is critical to be able to deploy a Security Container.

docker run \
        --privileged \
        -d \
        -e "BSC_SERVER=" \
        -e "BSC_COMPANY=6076e2270a51301d552afd1a" \
        -e "BSC_LOGLEVEL=debug" \
        -v /mnt/data:/data \
        -v /sys:/mnt/host-sys \
        -v /proc:/mnt/host-proc \
        -v /etc/os-release:/mnt/host-os-release \
        -v /:/mnt/host \
        --pid host \
        --net host \
        -u :1000 \
        --name=BSC \


Before running this command you need to have a folder named /mnt/data on your machine.


These are the variables used in the command:


Get the address of the ECS in the format <GravityZone-ECS-IP[:port]> (eg. by downloading any BEST for Linux install kit and opening the installer.xml file. The process is described here.


The company ID required for GravityZone Cloud integrations. This is used on cloud environments only and can also be found in the installer.xml file. The process is described here.


The desired log level which will be configured in bdsecd.json (/log/level). Default is 'info'


The group ID under which to run the product services. This environment variable becomes required if the '-u :<gid>' argument is missing from the Docker command line.

Getting company related information from a BEST for Linux installation kit

  1. Connect and log in to Control Center.

  2. Go to Network > Packages

  3. Select your regular BEST for Linux package and click on Send download links.

  4. Expand the Installation links section and copy the link for Linux.

  5. Go to the target machine and download the kit using this entry:

    wget <donwload link>
  6. Extract the files from the archive:

    tar -xzvf setup_downloader.tar
  7. Open Installer.xml:

    cat installer.xml
  8. Get the ECS address.

In the following examples, the ECS address and company ID have been highlighted for better visibility:

Example 1. For GravityZone Cloud

Information from installer.xml

<serverAddress strVar="EpagServer"></serverAddress>

<customerId strVar="EpagCustId">6076e2270a51301d552xxxx</customerId>

Example entry:

docker run --privileged -d -e "" -e "BSC_COMPANY=6076e2270a51301d552xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0

Example 2. For GravityZone On-Premises

Information from installer.xml

<serverAddress strVar="EpagServer"></serverAddress>

<customerId strVar="EpagCustId">5ff6c05e09ec9149654xxxx</customerId>

Example entry:

docker run --privileged -d -e "BSC_SERVER=" -e "BSC_COMPANY=5ff6c05e09ec9149654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0

Example 3. For Update Server

Information from installer.xml

<serverAddress strVar="EpagServer"></serverAddress>

<customerId strVar="EpagCustId">3dd6p02e09ec3479654xxxx</customerId>

Example entry:

docker run --privileged -d -e "BSC_SERVER=" -e "BSC_COMPANY=3dd6p02e09ec3479654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0

Getting logs from a security container

To get the security logs from a security container host follow the steps below:

  1. Display running containers on the current server:


    docker ps
  2. Get the Id of the container you are interested in viewing the logs for.

  3. Download logs for that specific container:

    docker logs <container id>