In Symantec Endpoint Protection (SEP) 14.1. (14.1 ) and later, you have at least two options for downloading LiveUpdate (LU) content to Symantec Endpoint Protection clients for Mac and Linux.
Click on the link above to download Apache Directory Studio for macOS. The download appeares in the Downloads folder in Finder. Double-click on the disk image to open it. Drag-and-drop the Apache Directory Studio application on the Applications folder to install it. MAMP is a Mac utility that helps users install Apache, Nginx, PHP and MySQL on their machine and therefore have a personal web server. The name of the program is an acronym for Macintosh, Apache, MySQL and PHP. Download Apache for Mac to set up your own web server. Apache has had 1 update within the past 6 months.
Apache Webserver free download - Apache demo, Apache Tomcat (64 bit), Apache HTTP Server for Windows, and many more programs.
Note: Linux client support is added with Symantec Endpoint Protection 12.1.5 and is only available starting with that release.
- Use Symantec LiveUpdate Administrator 2.x (LUA 2.x). This is the best option for installations with larger numbers of Mac and/or Linux computers.
- For smaller installations, you can configure the Apache web server as a reverse proxy. This enables the Apache web server installed along with Symantec Endpoint Protection Manager (SEPM) to download and cache the LU content for Mac and Linux clients locally whenever new content is published. This configuration results in saving of external network bandwidth.
Below are the instructions to set up the Apache web server in Symantec Endpoint Protection Manager to allow Symantec Endpoint Protection clients for Mac and Linux to download LiveUpdate (LU) content by the webserver. Please note that this solution enables Symantec Endpoint Protection Manager to act as a cache: it does not process Mac or Linux definitions into .dax files as it does with Windows definitions. It does not enable Symantec Endpoint Protection clients for Mac or Linux to update from a Group Update Provider (GUP).
Note: You can only make these configuration changes on the enterprise version of Symantec Endpoint Protection. These instructions do not apply to Symantec Endpoint Protection Small Business Edition 12.1 (SEP SBE).
Configure the Apache web server in Symantec Endpoint Protection Manager
Take the following steps to configure Apache web server to serve as a reverse proxy:
- Stop semwebsrv (Symantec Endpoint Protection Manager Webserver) and semsrv (Symantec Endpoint Protection Manager).
- Create a folder called cache-root in the Apache folder of your Symantec Endpoint Protection Manager installation directory, e.g.
SEPM_Installapachecache-root
The default path of SEPM_Install is as follows:
Ensure that the account running Symantec Endpoint Protection Manager Webserver has full control of SEPM_Installapachecache-root.- 64-bit systems: C:Program Files (x86)SymantecSymantec Endpoint Protection Manager
- 32-bit systems: C:Program FilesSymantecSymantec Endpoint Protection Manager (12.1.x only)
- Verify if the following files are present in the folder apachemodules:
If the files are not present, copy the files from the downloaded installation folder or DVD from ToolsApache-ReverseProxy to SEPM_Installapachemodules. Refer to the section Security and Compatibility for more details.
- mod_cache.so
- mod_cache_disk.so (12.1.5 and later)
- mod_proxy.so
- mod_proxy_http.so
- mod_setenvif.so
- To make a backup of the original configuration file, navigate to SEPM_Installapacheconf, and then copy httpd.conf to httpd-orig.conf.
- Make the following changes to httpd.conf:
- Locate the following line, and add the character
#
to comment it out, as shown:#AsyncSendFile anydirectory
- Locate the following lines and remove the character # to uncomment them, and make the following change, where SEPM_Install is the actual path of your Symantec Endpoint Protection Manager installation (use forward slashes).
AsyncSendFile givendirectory
ForceAsyncSendFile 'SEPM_Install/Inetpub/content' - Optionally, to add cache logging, search for the following line in httpd.conf:
LogFormat '%h %l %u %t '%r' %>s %b' common
... and replace it with:LogFormat '%h %l %u %t %{cache-status}e '%r' %>s %b' common
- Add the following lines to the end. Replace SEPM_Install in the text below with the actual path of your Symantec Endpoint Protection Manager installation.
For 12.1.5 and later:
Note: Red text indicates file names that have changed from the version of Apache included with 12.1.4. If you previously implemented this functionality for 12.1.4, you only need to update the changed file names in httpd.conf.
- Locate the following line, and add the character
- Save and then close the file.
- Start semwebsrv (Symantec Endpoint Protection Manager Webserver) and semsrv (Symantec Endpoint Protection Manager).
To test that the proxy server is running by downloading an LU file, click Start > Run, and then enter http://localhost:8014/luproxy/masttri.zip. If your Symantec Endpoint Protection Manager Apache web server uses a different port than 8014, replace 8014 with your actual port number in the above URL.
Note: While the massttri.zip file is requested via a local URL address, the request is passed to Symantec's public LiveUpdate server. Make sure that the connection to LiveUpdate web domains can be established from the Symantec Endpoint Protection Manager server according to TECH102059. The reverse proxy also requires a direct connection to Symantec's LiveUpdate servers - it cannot itself go through another proxy.
The LU download requests to the Apache web server are logged in a separate log file, located in SEPM_Installapachelogsaccess-%Z.log.
Update LiveUpdate policy for Mac and Linux clients to point to new LiveUpdate server
Take the following steps to update your LiveUpdate policy for Mac and Linux clients for your desired groups. Once the policy is updated, these clients will point to the newly configured Apache web server for downloading LU content.
- Within Symantec Endpoint Protection Manager, click Policies > LiveUpdate. On the LiveUpdate Settings tab, double-click the LiveUpdate Settings policy that applies to your desired groups.
- Click Use a specified internal LiveUpdate Server under Mac Settings > Server Settings (or Linux Settings > Server Settings) and specify the name 'SEPM HTTP LU Proxy,' with the corresponding URL: 'http://ServerIP:8014/luproxy' or 'http://ServerName:8014/luproxy'
Where ServerIP or ServerName represents the IP number or name of the server that hosts Symantec Endpoint Protection Manager. If the Symantec Endpoint Protection Manager Apache web server uses a different port that 8014, replace 8014 with your actual port number in the above URL. - Add Symantec LiveUpdate server as a fallback mechanism (this is optional, because this is always a fallback option). Use http://liveupdate.symantecliveupdate.com.
- Enable download randomization under Mac Settings > Schedule (or Linux Settings > Schedule). If the option is not greyed out, check Randomize the start time. This prevents the Apache web server from getting overloaded at certain times in a day.
Additionally, on SEP 12.1.x clients for Linux, edit the liveupdate.conf file and set serverlogging=false. SEP For Linux 14.0 does not require this setting. See TECH230862.
Managing cache file size
To manage the size of your cache file, take the following steps.
- Verify if the htcacheclean.exe file is present in the following folder:
SEPM_Installapachebin - If the file is not present in the mentioned location, copy htcacheclean.exe from the ToolsApache-ReverseProxy folder on your DVD to SEPM_Installapachebin
- Enter the following command while logged in with an account that has full access rights on the cache-root folder:
htcacheclean -n -t -d1440 -l1024M -p'SEPM_Install/apache/cache-root'
This will run the htcacheclean tool in daemon mode. The cache cleaning will be done on a daily interval. The maximum cache size allowed on disk is 1 GB.
To automatically start the htcacheclean daemon every time Windows starts, take the following steps.
- Hold down the Windows key on your keyboard and press the letter R to open the Run dialog. Type taskschd.msc, and then click OK.
- In the Task Scheduler, in the right pane, click Create Basic Task.
- Name the new task with a description such as Manage Apache Cache Size, and then click Next.
- To set the task to run every time Windows starts, in the Task Trigger pane, click When the computer starts, and then click Next.
- In the Action dialog box, click Start a program, and then click Next.
- Enter the full path to htcacheclean into Program/script:
SEPM_Installapachebinhtcacheclean.exe - Enter the following arguments into Add arguments (optional), and then click Next.
-n -t -d1440 -l1024M -p'SEPM_Install/apache/cache-root' - To complete adding the scheduled task, click Finish.
- In the Windows Task Scheduler library, right-click the task you created, and then click Properties.
- In the Settings tab, click to deselect Stop the task if it runs longer than, and then click OK.
Since the task does not run until you restart the system, you can run it now. In the Task Scheduler, right-click the task you created, and then click Run.
Note: Ensure that the user account running the task has full control on the folder SEPM_Installapachecache-root.
Performance and scale
This configuration is designed for small numbers of Mac and/or Linux clients. You should only use this setup if there are only a few Mac and/or Linux clients and the network connecting clients and Symantec Endpoint Protection Manager has good bandwidth throughput. Assuming that each client downloads roughly 500KB of LU content on daily basis, 2000 Mac or Linux clients will result in a download of approximately 1 GB of LU content daily from the Apache web server. For configurations having large numbers of clients, you should consider an alternative like Symantec LiveUpdate Administrator.
Security and compatibility
Symantec suggests the use of only Symantec-signed binaries for Apache modules that are mentioned in this article. These signed binaries are available on the Symantec Endpoint Protection downloaded installation file. Note that the required binaries also get installed along with Symantec Endpoint Protection Manager for versions 12.1.4 and later.
For Symantec Endpoint Protection 14:
- The downloaded full installation file, ToolsApache-ReverseProxy
Because new vulnerabilities may be published after the publication of this article, please check the vulnerabilities published by the Apache project for the appropriate version of Apache web server: http://httpd.apache.org/security/
SEPM Upgrades
Note that upgrading the SEP Manager may reset or overwrite this configuration file. As such, post-SEPM upgrade ensure the changes made to httpd.conf are checked and corrected.
Get your Local Web Development Environment Up & Running on macOS High Sierra 10.13
With Apples’ new macOS High Sierra 10.13 available for download, here is how to get the AMP stack up and running on the new macOS. This tutorialwill go through the process on getting Apache, MySQL, PHP (or otherwise known as the ‘AMP’ stack)and phpMyAdmin running on the new mac OS High Sierra.
This tutorial sets up the AMP stack in more of a traditional way using the loaded Apache and PHP and downloading MySQL and phpMyAdmin.
Setting Stuff Up
Apache/WebSharing
Web serving is built into High Sierra with Apache app, it is installed ready to be fired up.
This needs to be done in the Terminal which is found in the OS filing system at /Applications/Utilities/Terminal
For those not familiar with the Terminal, it really isn’t as intimidating as you may think, once launched you are faced with a command prompt waiting for your commands – just type/paste in a command and hit enter, some commands give you no response – it just means the command is done, other commands give you feedback.
Using the prefix of sudo is required for commands that have their applications protected in certain folders – when using sudo you will need to confirm with your admin password or iCloud password if set up that way…. lets get to it….
to start Apache web sharing
to stop it
to restart it
To find the Apache version
The Apache version that comes in macOS High Sierra is Apache/2.4.27
Apache Web Server For Mac Download Windows 10
After starting Apache – test to see if the webserver is working in the browser – http://localhost – you should see the “It Works!” text.
If you don’t get the localhost test, you can try troubleshooting Apache to see if there is anything wrong in its config file by running
This will give you an indication of what might be wrong.
Document Root
Document root is the location where the files are shared from the file system and is similar to the traditional names of ‘public_html‘ and ‘htdocs‘, macOS has historically had 2 web roots one at a system level and one at a user level – you can set both up or just run with one, the user level one allows multiple accounts to have their own web root whilst the system one is global for all users. It seems there is less effort from Apple in continuing with the user level one but it still can be set up with a couple of extra tweaks in configuration files. It is easier to use the user level one as you don’t have to keep on authenticating as an admin user.
System Level Web Root
– the default system document root is still found at –
http://localhost/
The files are shared in the filing system at –
User Level Root
The other web root directory which is missing by default is the ‘~/Sites’ folder in the User account. This takes a bit longer to set up but some users are very accustomed to using it.
You need to make a “Sites” folder at the root level of your account and then it will work. Once you make the Sites folder you will notice that it has a unique icon which is a throwback from a few versions older. Make that folder before you set up the user configuration file described next.
You have to make a few additional tweaks to get the ~/Sites folder back up and running.
Sites Folder
Add a “username.conf” filed under:
If you don’t already have one (very likely), then create one named by the short username of the account with the suffix .conf, its location and permissions/ownership is best tackled by using the Terminal, the text editor ‘nano‘ would be the best tool to deal with this.
If you would rather edit config files in a text editor as an app I would suggest the free BBEdit which allows you to open hidden system files.
Launch Terminal, (Applications/Utilities), and follow the commands below, first one gets you to the right spot, 2nd one opens the text editor on the command line (swap ‘username‘ with your account’s shortname, if you don’t know your account shortname type ‘whoami‘ the Terminal prompt):
Then add the content below swapping in your ‘username’ in the code below:
Permissions on the file should be:
If not you need to change…
Open the main httpd.conf and allow some modules:
And make sure these modules are uncommented (the first 2 should already be on a clean install):
Whilst you have this file open also to get php running uncomment. (Mentioned also in the PHP part of the article).
And also uncomment this configuration file also in httpd.conf – which allows user home directories.
Save all your changes (Control + O in nano)
Then open another Apache config file and uncomment another file:
And uncomment:
Save all your changes (Control + O in nano)
Restart Apache for the new file to be read:
Then this user level document root will be viewable at:
http://localhost/~username/
You should only see a directory tree like structure if the folder is empty.
Override .htaccess and allow URL Rewrites
If you are going to use the web serving document root at /Library/WebServer/Documents it is a good idea to allow any .htaccess files used to override the default settings – this can be accomplished by editing the httpd.conf file at line 217 and setting the AllowOverride to All and then restart Apache. This is already taken care of at the Sites level webroot by following the previous step.
Also whilst here allow URL rewrites so your permalinks look clean not ugly.
Uncomment in httpd.conf – should be uncommented on a clean install.
PHP
Apache Web Server Setup
PHP 7.1.7 is a first for macOS and is loaded in this version of macOS High Sierra and needs to be turned on by uncommenting a line in the httpd.conf file.
Use “control” + “w” to search within nano and search for ‘php’ this will land you on the right line then uncomment the line (remove the #):
Write out and Save using the nano short cut keys at the bottom ‘control o’ and ‘control x’
Reload apache to kick in
To see and test PHP, create a file name it “phpinfo.php” and file it in your document root with the contents below, then view it in a browser.
MySQL
MySQL doesn’t come pre-loaded with macOS High Sierra and needs to be dowloaded from the MySQL site.
The latest version of MySQL 5.7.19 does work with the public release of macOS.
If you already have MySQL 5.7 and you have upgraded OS from El Capitan to Sierra I expect that to be ok, but will be interested if anyone comments on that.
Use the Mac OS X 10.12 (x86, 64-bit), DMG Archive version (works on macOS High Sierra).
If you are upgrading from a previous macOS and have an older MySQL version you do not have to update it. One thing with MySQL upgrades always take a data dump of your database in case things go south and before you upgrade to macOS High Sierra make sure your MySQL Server is not running.
When downloading you don’t have to sign up, look for » No thanks, just take me to the downloads! – go straight to the download mirrors and download the software from a mirror which is closest to you.
Once downloaded open the .dmg and run the installer.
When it is finished installing you get a dialog box with a temporary mysql root password – that is a MySQL root password not a macOS admin password. But I have found that the temporary password is pretty much useless so we’ll need to change it straight away, but first it is better to add mysql commands to your shell path.
You are told:
If you lose this password, please consult the section How to Reset the Root Password in the MySQL reference manual.
Add Mysql to your path
After installation, in order to use mysql commands without typing the full path to the commands you need to add the mysql directory to your shell path, (optional step) this is done in your “.bash_profile” file in your home directory, if you don’t have that file just create it using vi or nano:
The first command brings you to your home directory and opens the .bash_profile file or creates a new one if it doesn’t exist, then add in the line above which adds the mysql binary path to commands that you can run. Exit the file with type “control + x” and when prompted save the change by typing “y”. Last thing to do here is to reload the shell for the above to work straight away.
Change the MySQL root password
Note that this is not the same as the root or admin password of macOS – this is a unique password for the mysql root user.
Stop MySQL
Start it in safe mode:
This will be an ongoing command until the process is finished so open another shell/terminal window, and log in without a password as root:
Change the lowercase ‘MyNewPass’ to what you want – and keep the single quotes.
Start MySQL
Starting MySQL
You can then start the MySQL server from the System Preferences or via the command line.
Or to Command line start MySQL.
To find the MySQL version from the terminal, type at the prompt:
This also puts you in to a shell interactive dialogue with mySQL, type q to exit.
Fix the 2002 MySQL Socket error
Fix the looming 2002 socket error – which is linking where MySQL places the socket and where macOS thinks it should be, MySQL puts it in /tmp and macOS looks for it in /var/mysql the socket is a type of file that allows mysql client/server communication.
phpMyAdmin
First fix the 2002 socket error if you haven’t done so from the MySQL section-
Download phpMyAdmin, the zip English package will suit a lot of users, then unzip it and move the folder with its contents into the document root level renaming folder to ‘phpmyadmin’.
Make the config folder
Change the permissions
Run the set up in the browser
http://localhost/~username/phpmyadmin/setup/ orhttp://localhost/phpmyadmin/setup/
You need to create a new localhost mysql server connection, click new server.
Switch to the Authentication tab and set the local mysql root user and the password.
Add in the username “root” (maybe already populated, add in the password that you set up earlier for the MySQL root user set up, click on save and you are returned to the previous screen.
(This is not the macOS Admin or root password – it is the MySQL root user)
Now going to http://localhost/~username/phpmyadmin/ will now allow you to interact with your MySQL databases.
Permissions
To run a website with no permission issues it is best to set the web root and its contents to be writeable by all, since it’s a local development it shouldn’t be a security issue.
Lets say that you have a site in the User Sites folder at the following location ~/Sites/testsite you would set it to be writeable like so:
If you are concerned about security then instead of making it world writeable you can set the owner to be Apache _www but when working on files you would have to authenticate more as admin you are “not” the owner, you would do this like so:
This will set the contents recursively to be owned by the Apache user.
If you had the website stored at the System level Document root at say /Library/WebServer/Documents/testsite then it would have to be the latter:
Another easier way to do this if you have a one user workstation is to change the Apache web user from _www to your account.
That’s it! You now have the native AMP stack running on top of macOS High Sierra.