.Edit: I am led to believe that the way Docker Images work in UnRAID is that they do not adhere to the normal DHCP assignment (i.e. 192.168.1.XXX) therefore simply forwarding from Sophos to Unraid server on the opened port will not work. Simple server that scrapes Nginx vts stats and exports them via HTTP for Prometheus consumption. Sophos Anti-Virus for Windows: How to check the version Ensure endpoint is running on the latest virus definitions and with the best protection configuration On the computer that you suspect may be infected, Right-click the Sophos shield in the system tray, click Open Sophos Endpoint Security and Control. From here, perform the following tasks. Welcome to TECHmarC, a Home Assistant and Information Technology blog dedicated to bringing you tutorials on Home Assistant as well as guides, tutorials and technical documenation for various technologies including; Windows 10, SCCM, Office365, Sophos UTM.

1. Sophos Utm Dockery
2. Sophos Utm Documentation
3. Sophos Utm Dockers
4. Sophos Utm Home Edition Docker

Required to proceed:

• Completed Upload and Create a Sophos UTM ProfitBricks Data Center
• Using Firefox

Instructions:

1. In the Primary Data Center you deployed for the Sophos UTM, click on the arrow in the top right corner of Sophos UTM server Box then the “Remote Console” button.

   To do the install you have to use the Remote Console. You will not be able to SSH into the server until a operating system has been installed.

2. A new window will popup with the Remote console session. It will have the Sophos Introduction box Hit the “Enter” button on your keyboard to select <Start>

   NOTE- You can only use the keyboard for the console sessions during the install

3. The Detected Hardware window will appear. Hit “Enter” on your keyboard to select <OK>

4. Use the up and down arrows on your keyboard to select the Keyboard layout. Then hit the “Tab” button on your keyboard to highlight the <OK> button and hit the “Enter” to select.

5. Use the up and down arrows on your keyboard to select your area. Then hit the “Tab” button twice on your keyboard to highlight the “<next>” button and hit the “Enter” to select.

6. Use the up and down arrows on your keyboard to select your Timezone. Then hit the “Tab” button twice on your keyboard to highlight the “<next>” button and hit the “Enter” to select.

7. Check and make sure the date and time are correct. If they are hit the “Enter” key on your keyboard.

8. Highlight “eth0” and hit the “Tab” key twice to highlight “<next>”, the hit the “Enter” key on your keyboard.

9. For the network configuration options we need to look at the Data Center Designer and click on the Networking tab of the Sophos UTM Server. We are going to use the static IP you assigned to eth0 for the network configuration of the Sophos install.

   Back in the Remote Console window change the “Address:” to your static IP address. Leave the “Netmask:” as “255.255.255.0” and the “Gateway:” your static ip but the last set at “.1”

   Hit “Tab” twice to highlight <Next> and hit “Enter” to select it.

10. It is going to ask you if you want to install the 64-Bit Kernel of Sophos. Hit “Enter” to select <No>.

    DO NOT INSTALL THE 64-Bit Version. There are issues with KVM.

11. Hit “Enter” to select <Yes> for do you want to install all capabilities.

12. Hit “Enter” to select <Yes> to erase all existing data on ‘/dev/vda’ (Disk).

13. You will see the installation configure the disks and run the install. Once it is completes you will see the installation Finished Message appear. Right down the URL to access the Sophos UTM and hit “Enter” to select <Reboot>. The server will start the reboot process.

14. Go back to the Data Center Designer and click on the Sophos UTM server, then the Storages Tab in the Inspect Element Box to the right. Go to the Virtual CD-ROM drive and click on the image menu and select “Remove Image”. Then set the Storage as the “Boot Device”. Last click the “Unapplied Changes” Button.

15. Hit the “Provision” button in the window that pops up and wait for the changes to provision and the server to restart one more time.

    When the “Saved Successfully” window appears, click the “OK” button

16. Open a new tab in Firefox and go to the UTM address you wrote down in Step 13. It will be https://<your_static_ip>:4444 a security exception message will appear. Click “I understand the risks” and then “Add Exception”

    Then click the “Confirm Security Exception” button

17. Fill out the hostname, Company Name, City, and Country Fields. Create a Admin password and enter the Admins email address (this is where you will get status notifications. Check the “I accept the license agreement” box and click on the “Perform Basic System Setup” button.

    Be patient once you click the “Perform Basic System Setup” button, it can take up to a minute to respond. You will notice a little green message in the bottom of the window.

18. The page will refresh and you will have to Click “I understand the risks” and then “Add Exception” again and the “Confirm Security Exception” button again.

19. Login with the Username: admin (all lowercase) the password you created in Step 17.

20. Select “Continue” and then “Next”

21. Click on the File icon next to the License FIle Field

    Click the Browse button

    Select the Sophos License File you downloaded in Part One and select “Open”

    Click the “Start Upload” button

    Then the “Next” button

22. Make sure the Internal (LAN) IP is your public Static IP and the Netmask: is “/24 (255.255.255.0)” we are going to change this connection to be the External (WAN) later. Leave “Enable DHCP server on internal interface” unchecked.

23. Check “Setup Internet connect later” then click “Next”

24. You can check the Allowed services you would like to be allowed for devices on the internal LAN. Then click “Next”

25. Check “Intrusion Prevention Engine” and “Command & Control/Botnet Detection Engine” and click “Next”

26. Check “Scan sites for viruses” and click “Next”

27. You can Select Scan email fetched over POP3 or Configure internal mail server. For this tutorial, we are going to leave both unchecked and click “Next”

28. The summary page will appear click the “Finish” button

29. The Sophos Dashboard will come up. Click on the “Interfaces & Routing” Menu then the “Interfaces” option.

30. Click the Edit Button next to the “Internal” network adapter

    Change the Name: from “Internal” to “External (WAN)” and Click “Save”

31. Click on the “New Interface...” button

    Go to the Data Center Manager and look at what IP has been assigned to NIC2

    Back in the Sophos UTM Configuration Tab name the new interface “Internal (LAN)”.- Set the Type: “Ethernet Static” and for Hardware: Select “eth1 Virtio network device”.- For IPv4 address: type in the IP that was assigned to NIC2 in the Data Center Manager.- Make sure the Netmask: is “/24 (255.255.255.0)”- leave “IPv4 Default Gateway” unchecked.- Click “Save”

    Clock the Status Switch next to “Internal (LAN)’ to enable it.

32. Click on the “Management” Menu, then “Systems Settings” menu and the “Shell Access” Tab >

    Turn on SSH Shell Access by clicking the switch in the top right corner so it turns Green.

    Create a password for the root and loginuser ssh accounts and click the “Set specified passwords” button.

33. Now we are going to create Firewall rules to allow servers behind Sophos to talk to each other and to access the Internet so that they can run updates and other servers. Click on the “Network Protection” menu, then “Firewall” and then the “New rule...” button

    NOTE - The firewall rules and setting we will do in the following steps are very basic. We HIGHLY recommend that you create custom firewall rules that best fit your network environment for best security practices.

34. Configuring rule to allow servers behind Sophos UTM to talk to eachother.

    • Leave Group as “No Group”
    • Set Position as “Top”

    Click the folder icon in the “Sources:” box and drag “Internal (LAN) (Network)” into the Sources: box

    Click the folder icon in the “Services:” box and drag the “Any” icon into the “Services:” box

    Click the folder icon in the “Destinations:” box and drag the “Internal (LAN) (Network)” into the Destinations: box

    • Action: is “Allow”
    • Click “Save”
    • Check the “Switch” next to the new rule so it turns green to enable it

35. Configuring general rule to allow servers behind Sophos UTM to be able to access the internet.

    • Leave Group as “No Group”
    • Set Position as “Top”

    Click the folder icon in the “Sources:” box and drag “Internal (LAN) (Network)” into the Sources: box

    Click the folder icon in the “Services:” box and drag the “Any” icon into the “Services:” box

    Click the folder icon in the “Destinations:” box and drag the “Any” into the Destinations: box- Action: is “Allow”- Click “Save”- Check the “Switch” next to the new rule so it turns green to enable it

36. Now we are going to configure Masquerading to allow the servers behind Sophos UTM to be able to access the internet.

    Click on “NAT” under the “Network Protection” menu and then click the “New masquerading rule...” button.

    Click the folder icon next to Network: and drag drag “Internal (LAN) (Network)” into the Network: box- Set Position: as “Top”- Interface: “External (WAN)”- Use Address: <<Primary address>>- Click “Save”

    Click the switch next to the new masquerading rule to enable it.

37. Your base Sophos UTM configuration is complete and you now have a Sophos Firewall protecting the servers in your Data Center. In the next Parts of this tutorial we will configure Site-to-Site VPN’s and Configure the Sophos UTM to direct traffic request to the proper servers behind the Sophos UTM.

This article details the addition of support for Docker containers within Sophos Antivirus for Linux.

The following sections are covered:

Applies to the following Sophos products and versions
Sophos Anti-Virus for Linux

As containers are becoming more widely deployed on Linux Servers, the need for security is paramount to ensure any running containers have not been injected with malware.

Sophos Utm Dockery

Sophos Antivirus for Linux has been enhanced to improve detection of malware in Docker containers using on-access scanning and to improve the way in which detections in Docker containers are presented within the Sophos management consoles. Now, when a threat is identified within a Docker container, the threat report will state the path and hostname of the container. This will be displayed as (container hostname=<hostname>).

Threat detection within Docker containers has been available since the following versions of Sophos Antivirus for Linux:

• SAV for Linux version 9.13.0+
• SAV for Linux version 10.1.1+ (Sophos Central only)

For Sophos Antivirus for Linux to detect threats in Docker containers, the Talpa on-access driver must be used. The FAnotify kernel interface does not support scanning inside containers.

A recent, supported version of Docker will need to be installed and configured, preferably from the operating system vendor’s package repositories.

The Sophos Antivirus for Linux Docker scanning functionality is available on Supported releases of the following platforms:

Red Hat, Ubuntu, CentOS, SUSE

For more information on Sophos Anti-virus for Linux see: supported platforms and operating systems

From the Docker web site, the following anti-virus consideration is recommended:

When antivirus software scans files used by Docker, these files may be locked in a way that causes Docker commands to hang.

Sophos Utm Documentation

One way to reduce these problems is to add the Docker data directory (/var/lib/docker on Linux or $Env:ProgramData on Windows Server) to the antivirus’s exclusion list. However, this comes with the trade-off that viruses or malware in Docker images, writable layers of containers, or volumes are not detected. If you do choose to exclude Docker’s data directory from background virus scanning, you may want to schedule a recurring task that stops Docker, scans the data directory, and restarts Docker.

Sophos Utm Dockers

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Sophos Utm Home Edition Docker

Related: