PARTNERS

Security Containers

For orchestrated container clusters/nodes

To deploy a Security Container instance on a cluster follow the steps below:

  1. Go to Network > Packages.

  2. Select the package you wish to use to install the instance.

    98834_1.png

    Note

    Make sure the package has the Container Protection module included. For more about creating an installation package refer to Install security agents - standard procedure.

  3. Click Download and select Security Container:

    98834_2.png

    This will open the Download Security Container screen. The screen will provide scripts for installing Security Containers on all supported Kubernetes environments.

    98834_3.png

    Note

    You can also use the Kubernetes script to install Security Containers on an OpenShift environment. When doing so, we recommend adding --openshift at the end of the Kubernetes script. It should look like this:

    curl -s https://download.bitdefender.com/business/k8s/bitdefender-security-container | bash -s – --server ${ECS_ADDRESS} --company ${COMPANY_ID} --openshift

    Important

    Currently, Openshift environments are only supported for Azure Kubernetes Service (AKS) and VMware.

  4. Make sure no instance of BEST is installed on the targeted container host.

    Note

    This can be done through the same methods specified in step 7.

  5. Select the copy_script.PNG Copy button next to the environment you wish to install the Security Container on.

  6. Go to your Kubernetes environment and run the script.

    Note

    This will deploy an instance of Security Container on every host in your designated cluster.

  7. Verify the deployment:

    • In your Kubernetes environment by using the kubectl get pods entry.

    • In the GravityZone console, from the Network screen.

For Linux hosts

To install a Security Container on a Linux server with docker installed, run the below command :

Note

Internet access on your docker host is critical to be able to deploy a Security Container.

docker run \
        --privileged \
        -d \
        -e "BSC_SERVER=10.17.14.154:7074" \
        -e "BSC_COMPANY=6076e2270a51301d552afd1a" \
        -e "BSC_LOGLEVEL=debug" \
        -v /mnt/data:/data \
        -v /sys:/mnt/host-sys \
        -v /proc:/mnt/host-proc \
        -v /etc/os-release:/mnt/host-os-release \
        -v /:/mnt/host \
        --pid host \
        --net host \
        -u :1000 \
        --name=BSC \
        bdfbusiness/bitdefender-security-container:7.0

Note

Before running this command you need to have a folder named /mnt/data on your machine.

Note

These are the variables used in the command:

BSC_SERVER	Y

Get the address of the ECS in the format <GravityZone-ECS-IP[:port]> (eg. fry.npunix.bitdefender.biz:8443) by downloading any BEST for Linux install kit and opening the installer.xml file. The process is described here.

BSC_COMPANY	N	

The company ID required for GravityZone Cloud integrations. This is used on cloud environments only and can also be found in the installer.xml file. The process is described here.

BSC_LOGLEVEL	N	

The desired log level which will be configured in bdsecd.json (/log/level). Default is 'info'

BSC_GID	N

The group ID under which to run the product services. This environment variable becomes required if the '-u :<gid>' argument is missing from the Docker command line.

Getting company related information from a BEST for Linux installation kit

  1. Connect and log in to Control Center.

  2. Go to Network > Packages

  3. Select your regular BEST for Linux package and click on Send download links.

  4. Expand the Installation links section and copy the link for Linux.

  5. Go to the target machine and download the kit using this entry:

    wget <donwload link>
  6. Extract the files from the archive:

    tar -xzvf Bitdefender_for_Linux.tar
  7. Open Installer.xml:

    cat installer.xml
  8. Get the ECS address.

In the following examples, the ECS address and company ID have been highlighted for better visibility:

Example 1. For GravityZone Cloud

Information from installer.xml

<serverAddress strVar="EpagServer"> cloudgz-ecs.gravityzone.bitdefender.com/hydra</serverAddress>

<customerId strVar="EpagCustId">6076e2270a51301d552xxxx</customerId>

Example entry:

docker run --privileged -d -e "BSC_SERVER=cloudgz-ecs.gravityzone.bitdefender.com" -e "BSC_COMPANY=6076e2270a51301d552xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0


Example 2. For GravityZone On-Premises

Information from installer.xml

<serverAddress strVar="EpagServer">https://10.10.10.10:8443/hydra</serverAddress>

<customerId strVar="EpagCustId">5ff6c05e09ec9149654xxxx</customerId>

Example entry:

docker run --privileged -d -e "BSC_SERVER=10.10.10.10:8443" -e "BSC_COMPANY=5ff6c05e09ec9149654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0


Example 3. For Update Server

Information from installer.xml

<serverAddress strVar="EpagServer">http://10.10.10.154:7074/hydra.php</serverAddress>

<customerId strVar="EpagCustId">3dd6p02e09ec3479654xxxx</customerId>

Example entry:

docker run --privileged -d -e "BSC_SERVER=10.10.10.154:7074" -e "BSC_COMPANY=3dd6p02e09ec3479654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0


Getting logs from a security container

To get the security logs from a security container host follow the steps below:

  1. Display running containers on the current server:

    Docker

    docker ps
  2. Get the Id of the container you are interested in viewing the logs for.

  3. Download logs for that specific container:

    docker logs <container id>