Deploy Distributed Cloud AIP Linux Agent 2.x+ Series

Overview

This document describes pre-installation, installation, and configuration steps for the F5 Distributed Cloud App Infrastructure Protection (AIP) host-based Agent 2.x+ series.

Tip

Distributed Cloud AIP maintains a list of supported Operating Systems (OSs). Ensure your environment is compatible with the supported OSs.

Pre-Installation for the Distributed Cloud AIP Agent

Before you install the Distributed Cloud AIP host-based Agent, you must prepare your Linux distribution to work with the Agent.

The Distributed Cloud AIP host-based Agent uses the Linux Audit Framework to collect file, network, and process data. The Agent uses the following kernel services:

  • kauditd
  • inotify
  • fanotify

Note

Conflict can occur between the Distributed Cloud AIP host-based Agent and other tools leveraging these kernels. Before deploying the Agent, ensure no other tools use these kernels.

Prerequisites

Ensure your environment is in compliance with Distributed Cloud AIP System Requirements.
Install the Distributed Cloud AIP Host-Based Agent

The method of Agent installation depends on your Linux distribution.

Prerequisites

  • Access to the Distributed Cloud AIP Console
  • If you use a Debian OS, then install the Transport tool to view Distributed Cloud AIP hosted packages

Tip

Use side-by-side windows – one browser window for Distributed Cloud AIP and one window for the Command Line – to complete these instructions.

Begin Agent Installation

Distributed Cloud AIP automatically walks customers through an Agent install on the Servers page.

  1. Log into Distributed Cloud AIP.
  2. Click Servers. The Servers page displays.
  3. Click the Add Server button. The Agent Series Options menu displays.

    servers_page.png

  4. Select Agent 2.x.


    Select_agent_2x.png

    The + Add New Server dialog displays.


    AddNewSrvDialog.png

  5. Proceed to the set of instructions, below, specific to your OS.
Amazon Linux 1

Tip

Confirm your Amazon Linux 1 OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Amazon Linux button and select Amazon Linux 1.
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Install and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second and third lines of the install and configuration instructions:
      sudo tsagent setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" && \
      sudo tsagent start

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs and starts on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
Amazon Linux 2

Tip

Confirm your Amazon Linux 2 OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Amazon Linux button and select Amazon Linux 2
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Install and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second and third lines of the install and configuration instructions:
      sudo tsagent setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" && \
      sudo systemctl start threatstack

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs and starts on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
CentOS

Tip

Confirm your CentOS OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Centos/RHEL button and select Centos/RHEL 7.
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to /etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Install and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second and third lines of the install and configuration instructions:
      sudo tsagent setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" && \
      sudo systemctl start threatstack

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs and starts on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
CoreOS

The Distributed Cloud AIP host-based Agent 2.x series does not support the CoreOS OS. The Distributed Cloud AIP containerized Agent 2.x series supports the CoreOS OS.

Debian

Tip

Confirm your Debian OS matches a supported version on Distributed Cloud AIP's list of supported OSs.

  1. Open the Command Line.
  2. Log into the server node as the owner of the host (root user).
  3. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Other button and select Debian.
  4. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  5. In the Distributed Cloud AIP browser window, under the Add our PGP key field, click the Copy to clipboard button.
  6. In the Command Line, paste the PGP key and press ENTER.
  7. In the Distributed Cloud AIP browser window, under the Add the following repository information field, click the Copy to clipboard button.
  8. In the Command Line, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Update, install and configure the agent field, click the Copy to clipboard button.
  10. In the Command Line, paste the install and configure instructions.
  11. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second and third lines of the install and configuration instructions:
      sudo tsagent setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" && \
      sudo systemctl start threatstack

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  12. Press ENTER. The Distributed Cloud AIP host-based Agent installs and starts on the OS.
  13. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
RedHat

Tip

Confirm your RedHat OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

  1. Open the Command Line.
  2. Go to the server node.
  3. Go to /etc/yum.repos.d/.
  4. Create a .repo file titled “threatstack.repo”.
  5. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Centos/RHEL button and select Centos/RHEL 7.
  6. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  7. In the Distributed Cloud AIP browser window, under the Add the following repository information to /etc/yum.repos.d/threatstack.repo field, click the Copy to clipboard button.
  8. In the Command Line, in the .repo file you created in step 4, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Import our PGP key field, click the Copy to clipboard button.
  10. In the Command Line, paste the PGP key and press ENTER.
  11. In the Distributed Cloud AIP browser window, under the Install and configure the agent field, click the Copy to clipboard button.
  12. In the Command Line, paste the install and configure instructions.
  13. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second and third lines of the install and configuration instructions:
      sudo tsagent setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" && \
      sudo systemctl start threatstack

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  14. Press ENTER. The Distributed Cloud AIP host-based Agent installs and starts on the OS.
  15. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
Ubuntu

Tip

Confirm your Ubuntu OS matches a Distributed Cloud AIP supported version on the list of supported OSs.

  1. Open the Command Line.
  2. Log into the server node as the owner of the host (root user).
  3. In the Distributed Cloud AIP browser window, in the + Add Server dialog, click the Ubuntu button.
  4. In the Assign one or more rulesets to your new server (optional) field, click the field to select additional rulesets to apply to the server. More information on base rulesets and their compliance abilities here.

    Warning

    This is the only time during the deployment process you can add rulesets to Distributed Cloud AIP.

  5. In the Distributed Cloud AIP browser window, under the Add our PGP key field, click the Copy to clipboard button.
  6. In the Command Line, paste the PGP key and press ENTER.
  7. In the Distributed Cloud AIP browser window, under the Add the following repository information field, click the Copy to clipboard button.
  8. In the Command Line, paste the repository information and press ENTER.
  9. In the Distributed Cloud AIP browser window, under the Update, install and configure the agent field, click the Copy to clipboard button.
  10. In the Command Line, paste the install and configure instructions.
  11. Do one of the following:
    • If this install is on an Amazon Machine Image (AMI) or other machine image, then delete the second and third lines of the install and configuration instructions.
      sudo tsagent setup --deploy-key=<your deploy key> --ruleset="Base Rule Set" && \
      sudo systemctl start threatstack

      or else every server will use the same Agent ID.

    • If this install is on a single server, then do nothing.
  12. Press ENTER. The Distributed Cloud AIP host-based Agent installs and starts on the OS.
  13. To add the deploy key to servers built of an AMI or other machine image, follow the instructions in Steps for Deploying the Distributed Cloud AIP Agent via Amazon AMI’s.
Upgrade to Distributed Cloud AIP Agent 2.x Series

If your Distributed Cloud AIP host-based Agent is currently supported, then you can upgrade the Agent rather than performing a fresh install. For more information, see the Upgrade the Agent instructions.

Was this article helpful?
0 out of 0 found this helpful