You can install Change Guardian Agent for UNIX in the following ways:
Install agents remotely by using Agent Manager
Install agents manually on a local computer
Prerequisite: Install the RPM libnsl-2 if your Change Guardian is monitoring the following:
RHEL 8.x
Oracle Enterprise Linux 8.x
Centos 8.x
Following sections guides you through the Change Guardian Agent for UNIX installation and configuration:
For troubleshooting information about Change Guardian Agent for UNX, see Issues on Change Guardian Agent for UNIX.
This section provides the following information:
To install:
In Agent Manager click Asset Groups > All Assets > Manage Assets > Add.
From the assets list, select the machines where you want to deploy the agent.
Click Manage Installation > Install Agents.
Provide the root credentials of the machine and click Next and start the installation.
If you select multiple machines, ensure that the root user shares the same password.
NOTE:When you are installing Change Guardian Agent for UNIX for Change Guardian, the IP address of the Change Guardian server is automatically populated in the configuration window. If you replace the Change Guardian server in future, the new Change Guardian server must use the same IP address to maintain connection with all the agents deployed.
To install:
Download the agent artifacts and certificates. For more information, see Downloading the Agent Certificates and Artifacts.
Log in to the machine, where you want to install the agent, with superuser privileges.
Click All Assets > Manage Installation > Download, and download the required package.
Agent Manager downloads ChangeGuardianAgentForUnix.zip to your computer.
Extract ChangeGuardianAgentForUnix.zip to the computer where you want to install the Change Guardian Agent for UNIX.
Provide file execute permission to the ./install.sh file and execute the ./install.sh script.
Follow the prompts to complete the installation.
Continue with the installation steps. The installation might take a few minutes for all services to start after installation.
NOTE:Manual Installation of Change Guardian Agent for UNIX downloaded from Change Guardian Agent Manager accepts the agent certificate configuration even if there is a mismatch of the agent hostname and IP address. You must ensure that you use the correct configuration before installing Change Guardian Agent for UNIX.
The silent or unattended installation is useful if you need to install more than one agent. Silent installation allows you to install the agent without interactively running the installation script.
IMPORTANT:To perform silent installation, ensure that you have recorded the installation parameters during the interactive installation and then run the recorded file on other endpoints. Silent installation uses an installation file that records the information required for completing the installation. Each line in the file is a name=value pair that provides the required information, for example, HOME=/usr/netiq.
The installation script extracts information from the installation file and installs the agent according to the values you specify.
If you use the deployment wizard to perform local installation on one computer, you can create a silent installation file based on your requirement. A sample installation file, SampleSilentInstallation.cfg, is located in your agent download package.
To install:
Download the installation files from the Downloads website.
Download the package in the root folder and specify the following command to extract the install files from the tar file:
tar -zxvf <install_filename>
Replace <install_filename> with the actual name of the install file.
After you create the installation file, you can run silent installation on the endpoints from command line using the following command:
./install.sh <Target_Directory> -s <SilentConfigurationFile>.cfg
Where Target_Directory is the directory you want to install the agent and SilentConfigurationFile is the file name used to specify the installation options. You can also use the default configuration file, SampleSilentInstallation.cfg. The installation file name must be specified as an absolute path. By default, SampleSilentInstallation.cfg is located in the agent install directory.
NOTE:The installation process does not support Change Guardian Agent for UNIX as a non-root user.
Following is the list of parameters that you can use during silent installation:
|
Parameter |
Description |
|---|---|
FRESH_INSTALL |
Specifies whether you want to install or upgrade the agent. Valid entries are 1 (install) and 0 (upgrade). The default value is 1. |
CREATE_TARGET_DIR |
Specifies whether you want the install program to create the target installation directory if it does not already exist. Valid entries are y and n. The default value is y. |
CONTINUE_WITHOUT_PATCHES |
Specifies whether the install program stops or continues when the operating system is not a supported version. Valid entries are y and n. The default value is n. |
IQ_STARTUP |
Specify restart method for the agent process. For information about the options, see Validating the Installation. Valid entries are rclink and inittab. The default option is rclink. |
CGU_STARTUP |
Specifies restart method for the detected process. For information about the options, see Validating the Installation. Valid entries are rclink and inittab. The default value is rclink. |
MANAGE_AUDIT_LOGS |
Specifies whether the agent reduces the size and removes old audit logs. Valid entries are y and n. |
AUDIT_LOG_SIZE |
Specifies the maximum size, in bytes, that the agent allows an audit log to reach before starting a new log. |
AUDIT_LOG_RETENTION |
Specifies the number of audit logs that the agent keeps. Once this number of audit logs exists, the agent deletes old logs when making new ones. |
KEEP_OLD_AGENT_DIR |
Specifies whether to keep the previous installation directory when you are upgrading the agent. Valid entries are y and n. |
OLD_INSTALL_DIR_MOVED |
Specifies the directory where you want the installation program to move to the previous installation directory. |
To validate the installation, check if the services detectd, vigilent, auditd, and nqmagt are running:
ps –ef | grep -i <service_name>
Where service_name can be detectd, vigilent, auditd, or nqmagt
The output in Linux is as follows:
root 10447 1 0 14:39 ? 00:00:00 /usr/netiq/common/bin/nqmagt -g /usr/netiq/common/log/nqmagt.log root 10449 10447 0 14:39 ? 00:00:02 VigilEntAgent -config vigilent -load va:VigilEntAdapter -d root 135 2 0 Nov01 ? 00:00:41 [kauditd] root 6133 1 0 Nov01 ? 00:03:12 /sbin/auditd root 10358 1 0 14:39 ? 00:00:00 ./perl - ../local/cache/detect.xml vrun detectd root 10430 10358 0 14:39 ? 00:00:00 detectd[10358] -p local4.err root 10445 10358 0 14:39 ? 00:00:00 detect_group:LinuxAuditObject__singleton
detectd: Monitors tasks and retrieves data.
vigilent: Sends events to the Change Guardian server.
auditd: Writes audit records to the disk. It is an operating system service that is required by the services specific to Change Guardian Agent for UNIX. If auditd is not running, follow the operating system instructions to enable it.
nqmagt: Monitors the status of the other agent processes and restarts them if necessary. This process should run continuously after the agent is installed.