Skip to main content

Security Containers

For orchestrated container clusters/nodes

To deploy a Security Container instance on a cluster, follow the steps below:

  1. In GravityZone Control Center, go to Network > Packages.

  2. Select the package you want to use for the installation process.

    98834_1.png

    The package must have the Container Protection module enabled.

    Tip

    For information on how to edit or create a new package, refer to Create installation packages.

  3. Click Download and select Security Container:

    98834_2.png

    This opens the Download Security Container screen. The screen provides scripts for installing Security Container on all supported Kubernetes environments.

    98834_3.png

    Important

    Currently, Openshift environments are compatible only with Azure Kubernetes Service (AKS) and VMware.

  4. Select the copy_script.PNGCopy button next to the environment on which you want to install the Security Container.

  5. Go to your Kubernetes environment and run the script.

    Note

    This will deploy an instance of Security Container on every host in your designated cluster.

  6. Verify the deployment using either of these options:

    • In your Kubernetes environment, use the kubectl get pods -n bitdefender-security-container entry.

    • In the GravityZone console, go to the Network page from the left side menu.

For Linux hosts

To install a Security Container on a Linux server with docker installed, run the following command :

docker run \
        --privileged \
        -d \
        -e "BSC_SERVER=10.17.14.154:7074" \
        -e "BSC_COMPANY=6076e2270a51301d552afd1a" \
        -v /mnt/data:/data \
        -v /sys:/mnt/host-sys \
        -v /proc:/mnt/host-proc \
        -v /etc/os-release:/mnt/host-os-release \
        -v /:/mnt/host \
        --pid host \
        --net host \
        -u :10000 \
        --name=BSC \
        bdfbusiness/bitdefender-security-container:7.0

The variables used in the command are:

Variable

Mandatory

Description

BSC_SERVER

yes

Get the address of the Communication Server by downloading any BEST for Linux installation kit and opening the installer.xml file.

Note

The format of the address is <FQDN[:port]> (eg. fry.npunix.bitdefender.biz:8443). The process is described here.

BSC_COMPANY

no

The company ID required for GravityZone Cloud integrations. This is used on cloud environments only and can also be found in the installer.xml file. The process is described here.

BSC_LOGLEVEL

no

The desired log level which will be configured in /log/level/bdsecd.json. The default value is info.

BSC_GID

no

The group ID under which to run the product services. This environment variable is required if the -u :<gid> argument is missing from the Docker command line.

Getting company related information from a BEST for Linux installation kit

  1. In GravityZone Control Center, go to Network > Packages

  2. Select your regular BEST for Linux package and click Send download links.

  3. Expand the Installation links section and copy the link for Linux.

  4. Go to the target machine and download the kit using this command:

    wget <donwload link>
  5. Extract the files from the archive:

    tar -xzvf setup_downloader.tar
  6. Open installer.xml using this command:

    cat installer.xml
  7. Get the Communication Server address.

    In the following examples, the Communication Server address and company ID are highlighted:

    Example 1. For GravityZone Cloud

    Information from installer.xml

    <serverAddress strVar="EpagServer"> cloudgz-ecs.gravityzone.bitdefender.com/hydra</serverAddress>
    
    <customerId strVar="EpagCustId">6076e2270a51301d552xxxx</customerId>
    

    Example entry

    docker run --privileged -d -e "BSC_SERVER=cloudgz-ecs.gravityzone.bitdefender.com" -e "BSC_COMPANY=6076e2270a51301d552xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0


    Example 2. For GravityZone On-Premises

    Information from installer.xml

    <serverAddress strVar="EpagServer">https://10.10.10.10:8443/hydra</serverAddress>
    
    <customerId strVar="EpagCustId">5ff6c05e09ec9149654xxxx</customerId>
    

    Example entry

    docker run --privileged -d -e "BSC_SERVER=10.10.10.10:8443" -e "BSC_COMPANY=5ff6c05e09ec9149654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0


    Example 3. For Update Server

    Information from installer.xml

    <serverAddress strVar="EpagServer">http://10.10.10.154:7074/hydra.php</serverAddress>
    
    <customerId strVar="EpagCustId">3dd6p02e09ec3479654xxxx</customerId>

    Example entry

    docker run --privileged -d -e "BSC_SERVER=10.10.10.154:7074" -e "BSC_COMPANY=3dd6p02e09ec3479654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0


Getting logs from a Security Container

To get the security logs from a Security Container host, follow these steps:

  1. Display running containers on the current server:

    docker ps
  2. Get the ID of the container for which you want to view the logs.

  3. Download the logs using this command:

    docker logs <container id>