Skip to content

Create a Linux gold image

When installing Sophos Protection for Linux (SPL) in a virtual environment, you can create new virtual machines from a gold image. The gold image acts as a template for your virtual machines. Make sure that each new virtual machine has a different identity from the device being used as the gold image.

Prepare your virtual machine

Before you install SPL, you must set up the virtual machine you want to use as your gold image. Update the device you want to use for your image so that the operating system and your apps are how you want them.

You must also make sure you're using a supported Linux operating system. See the system requirements in the Sophos Protection for Linux release notes.

Install Sophos Protection for Linux

To install SPL on your gold image, do as follows:

  1. Sign in to Sophos Central.
  2. Go to Devices > Installers.
  3. Click Download Linux Server Installer.
  4. Change the file permissions to include “execute” with the following command:

    chmod +x

  5. Run the installer with the following command:



    You can customize your installation with command-line options. See Installer command-line options for Linux.

Deregister the virtual machine

When setting up a gold image from a virtual machine with Sophos Protection for Linux installed, you must deregister it from Sophos Central so that every instance of a virtual machine that runs from that single gold image gets its own unique identity.

  1. Go to opt/sophos-spl/base/bin/.
  2. Deregister from Sophos Central using the following command:

    ./registerCentral --deregister

  3. Shut down the virtual machine and save the image.


    You must save the image in the shutdown status. You must not restart it because that registers the image again. If this happens, you must follow the steps to deregister the virtual machine again to avoid duplicate devices. See Duplicate device frequently asked questions.

You're now ready to clone virtual machines from the gold image. When you clone virtual machines from the gold image, they register automatically after they start and connect to the network. You can then manage them in Sophos Central.