Threat Stack Agent CoreOS Installation Overview

Follow

As of June 2017, Threat Stack supports CoreOS Stable channel v1353.8.0 and later.

Installation Methods

Latest CoreOS Installer

To install the agent software, run CoreOS installer from the untarred package directory:  

tar -xvzf threatstack-agent_latest.coreos1353.8.0_amd64.tar.gz
cd threatstack-agent_1.6.6-7.coreos1353.8.0_amd64

After you have run the agent installer, you have two methods that you can use to complete the installation process. You can execute the cloudsight setup arguments doing a single command or you can install the agent manually.

Single Command Manual Alternative

CoreOS installs the agent software and dependencies under /opt/threatstack and lists the Threat Stack agent as a standard systemd service.

You can install the Threat Stack Agent using the cloudsight setup arguements by running this single command:

sudo ./threatstack-coreos-installer.sh --deploy-key=KEY

Reminder

The KEY is your deploy key. Threat Stack requires that you provide the deploy key to authenticate.

Additional installer and agent registration options include:


Installer options:
 -s, --silent                  Skip installation prompts.
 -h, --help                    Print this message.

Automatic agent registration options:
 -a, --agent_type              Agent type ([i]nvestigate or [m]onitor).
                                Default: (i)nvestigate
 -k KEY, --deploy-key=KEY      Automatically register this agent using the
                                specified deployment key.
 -r, --ruleset                 Ruleset to initially use.
                                Default: "Base Rule Set"
		

Check Service Connection

To verify that your agent is connected inside the Threat Stack application, navigate to the Servers page.

To check the status of the service connection and various services maintained by the agent, run: 

/opt/threatstack/bin/cloudsight status

For more options, run:

/opt/threatstack/bin/cloudsight --help

Uninstall Agent

To uninstall CoreOS run:

sudo cloudsight stop
sudo rm -r /opt/threatstack /etc/init.d/cloudsight /opt/bin/cloudsight
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.