Overview:
SLAC's VPN uses posture checking to enforce that antivirus software is installed and that antivirus updates are current. In addition, Cisco's AnyConnect Secure Mobility Client VPN software must be used so that the status of antivirus can be reported to the SLAC VPN ASA's.
SLAC has some pages on installing antivirus and AnyConnect, but they are a bit scatter. This document is an attempt at providing a streamlined recipe.
This process was tested on a MacBook Air running the Elementary distribution version 5.1 (based on the Ubuntu Linux 18.04 LTS distribution).
Ethernet and Wireless Networking
This section is very specific to the hardware used. While this is not a general recipe, it may be useful for inspiration of what to try. The MacBook Air has no built-in Ethernet, only wireless. Unfortunately, the default installation of many Linux distributions don't have the correct wireless driver, so the user is left with no way to connect to the network after installation. I was unable to get an Apple Thunderbolt Ethernet adapter to work, but a Linksys USB adapter (model USB3GIGV1) was recognized. Thus, I could get networking up with Ethernet to install OS updates and download wireless drivers.
To install wireless drivers, you need to know which chipset is being used. In my case, it was a Broadcom BCM4360 802.11ac adapter. This page on Broadcom Wifi on Ubuntu provided some useful documentation. The "lspci" will display information about the PCI bus.
$ lspci ... lots of info $ lspci -vnn | grep Network 03:00.0 Network controller [0280]: Broadcom Inc. and subsidiaries BCM4360 802.11ac Wireless Network Adapter [14e4:43a0] (rev 03) Subsystem: Apple Inc. BCM4360 802.11ac Wireless Network Adapter [106b:0117]
On the Broadcom Wifi page listed above, the driver is given by "14e4:43a0 unknown bcmwl-kernel-source
". Installing the bcmwl-kernel-source
package and rebooting allowed wireless to work.
$ sudo apt-get install bcmwl-kernel-source $ sudo reboot
Antivirus
CLAM AV is an open source antivirus engine. This page gives the following instructions for Ubuntu as well as other distributions. I installed clamav and clamav-daemon. I have added the necessary "sudo" statements to the recipe.
ClamAV can be found for Ubuntu in the apt repository. Run this command to install ClamAV: $ sudo apt-get install clamav If you need clamd, you may also want to run: $ sudo apt-get install clamav-daemon If you require support for scanning compressed RAR files you first need to enable the non-free archive, and then you can install the RAR-plugin using: $ sudo apt-get install libclamunrar6