Installing using the command line
Preliminary notes
Before you begin the installation, please ensure that the system requirements are met.
If the MetaDefender Storage Security installer package dependencies are not installed on your system the installer will attempt to automatically download them over the internet.
Acquire the package
In order to acquire the package please visit https://www.opswat.com/solution
To limit the required resources, use the ENABLED_MODULES
environment variable in the customer.env
file to select which modules to install when deploying MetaDefender Storage Security, you can follow these steps:
- Locate the
customer.env
file in your MetaDefender Storage Security deployment. This file contains environment variables used for customization. - Open the
customer.env
file in a text editor. - Add the
ENABLED_MODULES
environment variable to the file. The variable should be in the formatENABLED_MODULES=<module_list>
, where<module_list>
is a comma-separated list of the modules you want to enable. For example, if you want to enable modules Amazon S3, Google Cloud, and Azure Blob storage units, yourcustomer.env
file should include the following line: ENABLED_MODULES=azureblob,amazonsdk,googlecloud - Save the
customer.env
file. - Proceed with the deployment of MetaDefender Storage Security.
Advanced installation
We recommend that production deployments use an external database and ensure that web traffic is encrypted. For detailed information on how to configure an external database or HTTPS see advanced installation section:
- Production considerations for Unix-based deployments
- Production considerations for Windows-based deployments
Debian / Ubuntu package (.deb)
- Update your packages
sudo apt update
- Install the necessary package dependencies
sudo apt install jq curl gnupg-agent software-properties-common
- Move to the folder containing the installer and install it
sudo dpkg -i <name of the file>.deb || sudo apt-get install -f
- After the installation is completed, check if everything went fine
man mdss
or using the help menu
sudo mdss -h
- Run the following command in order to initialize MetaDefender Storage Security
sudo mdss -u init
- Start the service
sudo mdss -c start
- Optionally, you can check the status using the following command:
sudo mdss -c status
- Open a browser and navigate to the web interface http://<server> to configure your deployment.
Red Hat Enterprise Linux / CentOS package (.rpm)
Please note that Docker Engine is officially supported only on RHEL s390x architecture, but you may be able to install it manually following the CentOS installation steps: https://docs.docker.com/engine/install/centos/
- Update your packages
sudo yum -y update
- Move to the folder containing the installer and install it
sudo yum install -y <name of the file>.rpm
- After the installation is completed, check if everything went fine
sudo man mdss
or using the help menu
sudo mdss -h
- Run the following command in order to initialize MetaDefender Storage Security
sudo mdss -u init
Note: If you don’t have docker already installed, the installer will do that for you, but you will be prompted to sign out and sign back in. This is necessary because your current user needs to be added to the docker group.
- Start the service
sudo mdss -c start
- Optionally, you can check the status using the following command:
sudo mdss -c status
- Open a browser and navigate to the web interface http://<server> to configure your deployment.
- If you are using firewall (on CentOS8 and RHEL 8) you may need to update it’s policies:
# Check what interface docker is using, e.g. 'docker0'
ip link show
# Check available firewalld zones, e.g. 'public'
sudo firewall-cmd --get-active-zones
# Check what zone the docker interface it bound to, most likely 'no zone' yet
sudo firewall-cmd --get-zone-of-interface=docker0
# So add the 'docker0' interface to the 'public' zone. Changes will be visible only after firewalld reload
sudo nmcli connection modify docker0 connection.zone public
# Masquerading allows for docker ingress and egress (this is the juicy bit)
sudo firewall-cmd --zone=public --add-masquerade --permanent
# Optional open required incomming ports (wasn't required in my tests)
# sudo firewall-cmd --zone=public --add-port=443/tcp
# Reload firewalld
sudo firewall-cmd --reload
# Reload dockerd
sudo systemctl restart docker
Podman Configuration
MDSS can also run using the Podman container engine instead of the default Docker one on RHEL operating systems. Podman
, podman-docker
and docker-compose
need to be installed and running before installing MDSS.
After the installation is complete, MDSS needs to be configured to skip the checks for the default Docker engine. This is done by setting SKIP_DOCKER_CHECKS=yes
in the /etc/mdss/customer.env
file. The following commands can be used to install Podman and MDSS on RHEL.
# install podman, podman-docker and docker-compose
sudo yum install podman
sudo yum install podman-docker
sudo curl -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo systemctl enable podman.socket
sudo systemctl start podman.socket
# disable SELinux temporarily
setenforce 0
# to disable selinux permanetly 'SELINUX=disabled' needs to be set in the following config file
sudo vim /etc/selinux/config
# install additional MDSS dependencies
sudo subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo yum install lvm2
sudo yum install wget
# install MDSS
sudo rpm -i mdss-3.3.2-1.noarch.rpm
# edit customer.env and add SKIP_DOCKER_CHECKS=yes
sudo vim /etc/mdss/customer.env
# start MDSS
sudo mdss -c start
Windows package (.exe)
From the command line interface, it is possible to install the product by executing
PS> .\metadefender-for-secure-storage.exe /silent
where the possible keys and their default values are the following:
Key | Description |
---|---|
/silent or /passive | Suppress the installation wizard |
InstallFolder=”C:\Program Files\OPSWAT\MetaDefender for Secure Storage” | Customize the installation directory |
/uninstall | Perform an uninstallation |