This article describes the prerequisites and requirements for the GFI LanGuard server to scan and install missing patches on Linux Operating Systems, as well as the supported distributions and versions of Linux OS.
GFI LanGuard allows scanning and patching for Linux computers connected to the Internet, with all the requirements in place, and running a supported distribution.
Supported Distributions and Versions
- Oracle Linux 7/8
- Mac OS X 10.5 and higher
- Red Hat Enterprise Linux 5 and higher
- CentOS 5 and higher
- Ubuntu 10.04 and higher
- Debian 6 and higher
- SUSE Linux Enterprise 11 and higher
- openSUSE 11 and higher
- Fedora 19 and higher
Scanning usually works for other Linux Distributions too, but patching won't be available. LanGuard server communicates with the Linux machine's Package Manager which does the scanning and patching.
For some Linux distributions (Redhat Linux Enterprise and SUSE) updates are only available for computers with valid vendor subscriptions.
Access to the Internet from the target Linux machine(s).
If a Linux computer is not connected to the Internet, GFI LanGuard won't be able to patch it. There is no workaround.
LanGuard server must be able to resolve the name of the Linux computer and the client machine should be able to resolve the LanGuard server name. You can verify this with the ping.
If either Forward or Reverse DNS lookup is not working, or LanGuard can not ping the Linux machine by hostname and IP address, operations will simply keep failing. Also, make sure the client machine can ping the server by both hostname and IP.
SSH port (TCP 22) on the Linux machine should be reachable from the LanGuard server. Ensure that SSH is enabled and listening on Linux and no firewall is blocking Port 22. You can test the ssh connectivity manually with putty or a similar tool. If the connection is allowed you should be asked for authentication.
If the SSH port has been changed for security reasons, this can be addressed from the LanGuard console. Go to Configuration, right-click on the Scanning Profiles > Scanning Profiles Management, select the Scan Profile you want to edit, and in the Scanner Options tab add the value for the Alternative SSH ports.
Use the root account or credentials of a local user with sudo privileges for the Linux computer’s Package Manager.
The cloned root account is not supported.
For the GFI LanGuard Version 12 or earlier - root access to the Linux computer’s Package Manager.
- The expect, gdb, and diff packages to be present.
On Fedora 22 and above (a Linux distribution): Yum package manager installed.
- Python 2 or 3 must be installed on the Linux machines.