Overview:
SLAC's VPN uses posture checking to enforce that antivirus software is installed and that antivirus updates are current. In addition, Cisco's AnyConnect Secure Mobility Client VPN software must be used so that the status of antivirus can be reported to the SLAC VPN ASA's.
SLAC has some pages on installing antivirus and AnyConnect, but they are somewhat distributed, and are mostly focused on systems that are SLAC supported Windows and SLAC supported MacOS. This document is an attempt at providing a streamlined recipe for a self-supported Mac running Linux.
The process described here is for a MacBook Air running the Elementary Linux distribution version 5.1 (based on the Ubuntu Linux 18.04 LTS distribution).
Ethernet and Wireless Networking
This section is very specific to the hardware used. While this is not a general recipe, it may be useful for inspiration of what to try. The MacBook Air has no built-in Ethernet, only wireless. Unfortunately, the default installation of many Linux distributions don't have the correct wireless driver, so the user is left with no way to connect to the network after installation. The Apple Thunderbolt Ethernet adapter did not work, but a Linksys USB adapter (model USB3GIGV1) was recognized. Thus, Ethernet was used to install OS updates and download wireless drivers.
To install wireless drivers, you need to know which chipset is being used. In this example case, it was a Broadcom BCM4360 802.11ac adapter. This page on Broadcom Wifi on Ubuntu provided some useful documentation. The "lspci" will display information about the PCI bus.
$ lspci
... lots of info
$ lspci -vnn | grep Network
03:00.0 Network controller [0280]: Broadcom Inc. and subsidiaries BCM4360 802.11ac Wireless Network Adapter [14e4:43a0] (rev 03)
Subsystem: Apple Inc. BCM4360 802.11ac Wireless Network Adapter [106b:0117]
On the Broadcom Wifi page listed above, the driver is given by:
pci.id 12.04 LTS 14.04 LTS and Later ... 14e4:43a0 unknown bcmwl-kernel-source ...
Installing the bcmwl-kernel-source package and rebooting allowed wireless to work. I have found wireless to be very stable.
$ sudo apt-get install bcmwl-kernel-source $ sudo reboot
Antivirus
CLAM AV is an open source antivirus engine. This page gives the following instructions for Ubuntu as well as other distributions. In this case, clamav and clamav-daemon were installed.
ClamAV can be found for Ubuntu in the apt repository. Run this command to install ClamAV: $ sudo apt-get install clamav If you need clamd, you may also want to run: $ sudo apt-get install clamav-daemon If you require support for scanning compressed RAR files you first need to enable the non-free archive, and then you can install the RAR-plugin using: $ sudo apt-get install libclamunrar6
Cisco AnyConnect VPN Client
The Service Now Linux VPN Knowledgebase article describes obtaining AnyConnect from the VPN server itself. However, the auto-detect mechanism requires Java which your system may not have. Cisco AnyConnect manual installation can be done following the instructions at Cisco AnyConnect manual install. To install, unpack the downloaded archive and run a shell script:
$ cd Downloads $ cd anyconnect-linux64-4.8.01090/ $ sudo vpn/vpn_install.sh