Re-register the AIP Linux Agent

Overview

This document describes how to re-register a Linux Agent that is not displaying in the App Infrastructure Protection (AIP) Cloud Security Platform (CSP). If unable to maintain registration, the Linux Agent moves from the Online Servers page to the Offline Servers page. After 24 hours, the Linux Agent is removed from the Offline Servers page.

Tip

If you need to re-register multiple Agents, AIP recommends re-registering one Agent first to ensure the process works as expected. You may then re-register remaining Agents in parallel.

Linux Agent 3.x Series

If you log into the AIP CSP and the Servers page does not display the expected number of servers, then you may need to re-register your Agent(s). If you run the sudo tsagent status command and receive a "DOWN AIP Agent Daemon" message, then you need to re-register your Agent.

Prerequisites

  • Administrator access to your Amazon Web Service (AWS) account
  • Access to the AIP console
  • Your deployment key, which can be found in Settings > Application Keys
  • Your AWS hostname

Instructions

  1. In the Command Line, type the following command and press ENTER:
    sudo systemctl stop threatstack
  2. Type the following command and press ENTER:
    sudo tsagent setup --deploy-key=<your deploy key> 
    --ruleset=“Base Rule Set” --hostname=“<your hostname>

    Replace <your deploy key> with your deployment key. Replace <your hostname> with your AWS hostname.

    Note

    You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.

  3. Type the following command and press ENTER:
    sudo systemctl start threatstack
Linux Agent 2.x Series

If you log into the AIP CSP and the Servers page does not display the expected number of servers, then you may need to re-register your Agent(s). If you run the sudo tsagent status command and receive a "DOWN AIP Agent Daemon" message, then you need to re-register your Agent.

Prerequisites

  • Administrator access to your Amazon Web Service (AWS) account
  • Access to the AIP console
  • Your deployment key, which can be found in Settings > Application Keys
  • Your AWS hostname

Instructions

For Linux Agents 2.3.x and above:

  1. In the Command Line, type the following command and press ENTER:
    sudo systemctl stop threatstack
  2. Type the following command and press ENTER:
    sudo tsagent setup --deploy-key=<your deploy key> 
    --ruleset=“Base Rule Set” --hostname=“<your hostname>

    Replace <your deploy key> with your deployment key. Replace <your hostname> with your AWS hostname.

    Note

    You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.

  3. Type the following command and press ENTER:
    sudo systemctl start threatstack

For Linux Agents 2.2.x and older:

  1. In the Command Line, type the following command and press ENTER:
    sudo systemctl stop threatstack
  2. For Agent 2.2 or earlier, type the following command and press ENTER. If you are using Agent 2.3 or later, skip this step and proceed to step 3:
    sudo rm /opt/threatstack/etc/tsagentd.cfg /opt/threatstack/etc/agent.db
  3. Type the following command and press ENTER:
    sudo tsagent setup --deploy-key=<your deploy key> 
    --ruleset=“Base Rule Set” --hostname=“<your hostname>

    Replace <your deploy key> with your deployment key. Replace <your hostname> with your AWS hostname.

    Note

    You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.

  4. Type the following command and press ENTER:
    sudo systemctl start threatstack
Linux Agent 1.x Series

If you log into the AIP CSP and the Servers page does not display the expected number of servers, you may need to re-register your Agent(s). If you see an "Agent has been revoked. Shutting down" message in /opt/threatstack/cloudsight/logs/cloudsight.log, then you need to re-register your Agent.

Prerequisites

  • Administrator access to your Amazon Web Service (AWS) account
  • Access to the AIP console
  • Your deployment key, which can be found in Settings > Keys

Instructions

  1. In the Command Line, type the following command and press ENTER:
    sudo cloudsight stop
  2. Type the following command and press ENTER:
    sudo rm /opt/threatstack/cloudsight/config/.secret
  3. Do one of the following:
    1. To re-register your Agent with the AIP Base Rule Set, type the following command and press ENTER:
      sudo cloudsight setup --deploy-key=<your deploy key>

      Replace <your deploy key> with your deployment key.

    2. To re-register your Agent with a different AIP ruleset, type the following command and press ENTER:
      sudo cloudsight setup --ruleset=”<ruleset name>
      --deploy-key=<your deploy key>

      Replace <your deploy key> with your deployment key. Replace <ruleset name> with the AIP Ruleset name, such as HIPAA.

      Note

      You can specify multiple rulesets for an Agent by including comma separated ruleset names in the ruleset parameter.

  4. Type the following command and press ENTER:
    sudo cloudsight start
Was this article helpful?
0 out of 0 found this helpful