Deploy Distributed Cloud AIP Linux Agent 1.x Series

Overview

This document describes pre-installation, installation, and configuration steps for the F5 Distributed Cloud App Infrastructure Protection (AIP) host-based Agent 1.x series.

Tip

Distributed Cloud AIP maintains a list of supported Operating Systems (OSs). Ensure your environment is compatible with the supported OSs.

Pre-Installation for the Distributed Cloud AIP Agent

Before you install the Distributed Cloud AIP host-based Agent, you must prepare your Linux distribution to work with the Agent.

The Distributed Cloud AIP host-based Agent uses the Linux Audit Framework to collect file, network, and process data. The Agent uses the following kernel services:

  • auditd
  • inotify
  • fanotify

Note

Conflict can occur between the Distributed Cloud AIP Agent and other tools leveraging these kernels. Before deploying the Agent, ensure no other tools use these kernels.

Prerequisites

Ensure your environment is in compliance with Distributed Cloud AIP System Requirements.
Install the Distributed Cloud AIP Agent

The method of Agent installation depends on your Linux distribution.

Prerequisites

  • Access to the Distributed Cloud AIP Console
  • If you use a Debian OS, install the Transport tool to view Distributed Cloud AIP hosted packages

Tip

Use side-by-side windows – one browser window for Distributed Cloud AIP and one window for the Command Line – to complete these instructions.

Begin Agent Installation

Distributed Cloud AIP automatically walks customers through an Agent install on the Servers page.

  1. Log into Distributed Cloud AIP.
  2. Click Servers. The Servers page displays.


    addserver.png

  3. Click the Add Server button. The Agent Series Options menu displays.


    Select_agent_1x.png

  4. Select Agent 1.x. The + Add New Server dialog displays.


    AddNewSrvDialog.png

  5. Proceed to the set of instruction below, specific to your OS.
Amazon Linux

Tip

Confirm your Amazon Linux OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, select the Amazon Linux button.
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Install and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second line of the install and configuration instructions:
      sudo cloudsight setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" --agent_type=i

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
CentOS

The Agent install process for CentOS depends on the version of CentOS.

Tip

Confirm your CentOS OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

CentOS 6
  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Centos/RHEL button and select Centos/RHEL 6.
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to /etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. Under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Install and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second line of the install and configuration instructions:
      sudo cloudsight setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" --agent_type=i

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
CentOS 7
  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Centos/RHEL button and select Centos/RHEL 7.
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to /etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Install and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second line of the install and configuration instructions:


      sudo cloudsight setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" --agent_type=i

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
CoreOS

The supported Distributed Cloud AIP host-based Agent 1.x series does not support the CoreOS OS. The supported Distributed Cloud AIP containerized Agent 1.x series supports the CoreOS OS.

Debian

Tip

Confirm your Debian OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

  1. Open the Command Line.
  2. Log into the server node as the owner of the host (root user).
  3. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Other button and select Debian.
  4. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  5. In the Distributed Cloud AIP browser window, under the Add our PGP key field, click the Copy to clipboard button.
  6. In the Command Line, paste the PGP key and press ENTER.
  7. In the Distributed Cloud AIP browser window, under the Add the following repository information field, click the Copy to clipboard button.
  8. In the Command Line, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Update, install and configure the agent field, click the Copy to clipboard button.
  10. In the Command Line, paste the install and configure instructions.
  11. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second line of the install and configuration instructions:
      sudo cloudsight setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" --agent_type=i

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  12. Press ENTER. The Threat host-based Stack Agent installs on the OS.
  13. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
RedHat

The Agent install process for RedHat depends on the version of RedHat.

Tip

Confirm your RedHat OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

RedHat 6
  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Centos/RHEL button and select Centos/RHEL 6.
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to /etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Install and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second line of the install and configuration instructions:
      sudo cloudsight setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" --agent_type=i

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
RedHat 7
  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Centos/RHEL button and select Centos/RHEL 7.
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to /etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Update, install, and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second line of the install and configuration instructions:
      sudo cloudsight setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" --agent_type=i

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
Ubuntu

Tip

Confirm your Ubuntu OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

  1. Open the Command Line.
  2. Log into the server node as the owner of the host (root user).
  3. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Ubuntu button.
  4. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  5. In the Distributed Cloud AIP browser window, under the Add our PGP key field, click the Copy to clipboard button.
  6. In the Command Line, paste the PGP key and press ENTER.
  7. In the Distributed Cloud AIP browser window, under the Add the following repository information field, click the Copy to clipboard button.

    Note

    The $distro is either trusty or xenial.

  8. In the Command Line, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Update, install and configure the agent field, click the Copy to clipboard button.
  10. In the Command Line, paste the install and configure instructions.
  11. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second line of the install and configuration instructions
      sudo cloudsight setup --deploy-key= --ruleset="Base Rule Set" --agent_type=i

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  12. Press ENTER. The Distributed Cloud AIP browser-based Agent installs on the OS.
  13. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
Upgrade the Distributed Cloud AIP Agent

If your Distributed Cloud AIP Agent is currently supported, then you can upgrade the Agent rather than performing a fresh install. For more information, see Upgrade the Agent.

Was this article helpful?
0 out of 0 found this helpful