Security Containers
For orchestrated container clusters/nodes
To deploy a Security Container instance on a cluster follow the steps below:
Go to Network > Packages.
Select the package you wish to use to install the instance.
Note
Make sure the package has the Container Protection module included. For more about creating an installation package refer to Install security agents - standard procedure.
Click Download and select Security Container:
This will open the Download Security Container screen. The screen will provide scripts for installing Security Containers on all supported Kubernetes environments.
Note
You can also use the Kubernetes script to install Security Containers on an OpenShift environment. When doing so, we recommend adding
--openshift
at the end of the Kubernetes script. It should look like this:curl -s https://download.bitdefender.com/business/k8s/bitdefender-security-container | bash -s – --server ${ECS_ADDRESS} --company ${COMPANY_ID} --openshift
Important
Currently, Openshift environments are only supported for Azure Kubernetes Service (AKS) and VMware.
Make sure no instance of BEST is installed on the targeted container host.
Note
This can be done through the same methods specified in step 7.
Select the
Copy button next to the environment you wish to install the Security Container on.
Go to your Kubernetes environment and run the script.
Note
This will deploy an instance of Security Container on every host in your designated cluster.
Verify the deployment:
In your Kubernetes environment by using the
kubectl get pods
entry.In the GravityZone console, from the Network screen.
For Linux hosts
To install a Security Container on a Linux server with docker installed, run the below command :
Note
Internet access on your docker host is critical to be able to deploy a Security Container.
docker run \ --privileged \ -d \ -e "BSC_SERVER=10.17.14.154:7074" \ -e "BSC_COMPANY=6076e2270a51301d552afd1a" \ -e "BSC_LOGLEVEL=debug" \ -v /mnt/data:/data \ -v /sys:/mnt/host-sys \ -v /proc:/mnt/host-proc \ -v /etc/os-release:/mnt/host-os-release \ -v /:/mnt/host \ --pid host \ --net host \ -u :1000 \ --name=BSC \ bdfbusiness/bitdefender-security-container:7.0
Note
Before running this command you need to have a folder named /mnt/data on your machine.
Note
These are the variables used in the command:
BSC_SERVER MANDATORY
Get the address of the ECS in the format <GravityZone-ECS-IP[:port]>
(eg. fry.npunix.bitdefender.biz:8443
) by downloading any BEST for Linux install kit and opening the installer.xml
file. The process is described here.
BSC_COMPANY OPTIONAL
The company ID required for GravityZone Cloud integrations. This is used on cloud environments only and can also be found in the installer.xml
file. The process is described here.
BSC_LOGLEVEL OPTIONAL
The desired log level which will be configured in bdsecd.json (/log/level). Default is 'info'
BSC_GID OPTIONAL
The group ID under which to run the product services. This environment variable becomes required if the '-u :<gid>' argument is missing from the Docker command line.
Getting company related information from a BEST for Linux installation kit
Connect and log in to Control Center.
Go to Network > Packages
Select your regular BEST for Linux package and click on Send download links.
Expand the Installation links section and copy the link for Linux.
Go to the target machine and download the kit using this entry:
wget <donwload link>
Extract the files from the archive:
tar -xzvf setup_downloader.tar
Open
Installer.xml
:cat installer.xml
Get the ECS address.
In the following examples, the ECS address and company ID have been highlighted for better visibility:
Information from installer.xml
<serverAddress strVar="EpagServer"> cloudgz-ecs.gravityzone.bitdefender.com/hydra</serverAddress> <customerId strVar="EpagCustId">6076e2270a51301d552xxxx</customerId>
Example entry:
docker run --privileged -d -e "BSC_SERVER=cloudgz-ecs.gravityzone.bitdefender.com" -e "BSC_COMPANY=6076e2270a51301d552xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0
Information from installer.xml
<serverAddress strVar="EpagServer">https://10.10.10.10:8443/hydra</serverAddress> <customerId strVar="EpagCustId">5ff6c05e09ec9149654xxxx</customerId>
Example entry:
docker run --privileged -d -e "BSC_SERVER=10.10.10.10:8443" -e "BSC_COMPANY=5ff6c05e09ec9149654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0
Information from installer.xml
<serverAddress strVar="EpagServer">http://10.10.10.154:7074/hydra.php</serverAddress> <customerId strVar="EpagCustId">3dd6p02e09ec3479654xxxx</customerId>
Example entry:
docker run --privileged -d -e "BSC_SERVER=10.10.10.154:7074" -e "BSC_COMPANY=3dd6p02e09ec3479654xxxx" -v /mnt/data:/data -v /sys:/mnt/host-sys -v /proc:/mnt/host-proc -v /etc/os-release:/mnt/host-os-release -v /:/mnt/host --pid host --net host -u :1000 bdfbusiness/bitdefender-security-container:7.0
Getting logs from a security container
To get the security logs from a security container host follow the steps below:
Display running containers on the current server:
Docker
docker ps
Get the Id of the container you are interested in viewing the logs for.
Download logs for that specific container:
docker logs <container id>