F-Secure releases RADAR scan node for Linux

F-Secure RADAR is an ever-evolving solution for vulnerability scanning and insight for all environments. A scan node is an application, installed on a server, that is used by F-Secure RADAR to scan an internal network. Multiple scan nodes can be deployed within a single organisation’s network if, for example, the network is segmented into various VLANs to restrict traffic and communications between devices.

Security Bulletin - April 2020Security Bulletin - April 2020
Partner News - April 2020Partner News - April 2020

Up until now, an organisation would be required to utilize an existing MS Windows server or purchase an MS Windows licence for a new server (virtual or physical) to deploy the scan node. This is, however, not the case anymore after the release of the Linux compatible scan node. Linux, as most would know, is open-source, meaning that it is licenced to be used for free and allows anyone with the knowhow or willingness to learn to have a cost-effective way to deploy scan nodes in any environment. This is not the only function for Linux, but it is referred to in this specific use case.

Installing the Scan node on Linux: The information below is aimed at Linux noobs to simplify installation. For more experienced Linux admin, the full guide is available here, which contains installation and licence request steps via the terminal.

1. Prerequisites:

  1. Scan node requirements (Linux) – Physical or Virtual machine:
    • Ubuntu Server (64-bit versions only, 18.x LTS is currently the latest version): https://ubuntu.com/download/server
      • Note: Ubuntu desktop versions 16.04 to 18.x are also compatible, just not recommended
    • SSH (GUI is not needed, the required X11 libraries are installed automatically as .deb package dependencies)
    • Network access to
      • https://updates.radar.f-secure.com/ and http://guts2.sp.f-secure.com/
      • https://updates-api.radar.f-secure.com (Radar Update Service API)
    • Network access to Radar Security Center:
      • https://api.radar.f-secure.com for accounts with a paid subscription
      • https://try.radar.f-secure.com for trial accounts
    • Hardware
      • Minimum 4 GB RAM (recommended: 8GB)
      • Minimum 2 GHz processor / 2 CPU in AWS
      • Minimum 30 GB disk space
  2. An active F-Secure RADAR Subscription
  3. Administrator level access to the F-Secure RADAR portal

2. Installation

  1. Prepare your virtual or physical Linux machine
    • This must be an installation and not a live boot machine
  2. Download the scan node installation package
    • In the RADAR Security Centre, go to the Settings page, Scan nodes and select New Scan Node.
    • Select Request a New Scan Node.
    • Enter a name and description for the scan node, then select Request.
    • Download the .DEB file which includes the licence (WARNING: do not change the file name).
    • Copy the downloaded file onto your Ubuntu machine (save to user Downloads folder for ease of access).
  3. Open the Ubuntu Terminal by pressing CTRL+ALT+T.
  4. If you need to use a proxy server for communication with external networks, set the FSECURE_HTTP_PROXY_HOST and FSECURE_HTTP_PROXY_PORT environment variables.
    These settings are used both for normal scan node operations and for maintenance purposes (installing and updating the scan node). If not, skip this step.

    • Run the following commands to set the variables using the /etc/environment file:
  5. Run the following commands to install the prerequisites:

  6. After the above command has completed, you are ready to install the scan node itself. Run the following command to install the Radar Scan Node Agent:


    Pro Tip: in terminal, type ‘sudo apt install ./Downloads/f-secure’ and press the TAB button to complete the command
  7. The installation directory is /opt/fsecure/radar-scannodeagent. The Linux daemon (service) name is f-secure-radar-scannodeagent.

3. Verify the Scan Node Installation
After you have installed the Linux scan node, follow the steps listed here to make sure that it is installed and running successfully.

    1. In the RADAR Security Centre, go to Settings > Scan nodes and check that your new scan node is synchronized and has received engine updates.
    2. On the scan node, check the logs under the /opt/f-secure/radar-scannodeagent/logs/ directory.
    3. Check that the /opt/f-secure/radar-scannodeagent/Engines/ directory is not empty.
      This directory contains the scanning engines, which are required to run scans. It should contain at least some files. This will require some time to populate as files are downloaded.
    4. Run the following command to verify that the Linux daemon (service) is in active state:
    5. Or run the following command to restart the scan node:

If all has gone according to plan, the F-Secure RADAR Scan node installation is completed and the node is happily reporting to the F-Secure RADAR Cloud portal.
All that remains is to create new scan groups in the RADAR Cloud portal and select this scan node as default.
For more information, including setting up encryption keys for authenticated scanning, troubleshooting, reconfiguration, and so on, please see full guide available here.