Enabling sensor auto-start on a Linux system

The following procedure has been tested with Red Hat® Enterprise Linux®; there might be some variation for other Linux varieties. Review these steps with your system administrator before you make any changes.

To enable OpenText ScanCentral SAST sensor auto-start on a Linux system:

1. Log in to the machine as “root.”

2. Run the visudo command to edit the sudoers file and disable requiretty.

   Defaults !requiretty

   You can also disable requiretty per user.

3. Create a systemd service unit file:

   1. Open a new file for the service:

      vi /etc/systemd/system/scancentral-sensor.service
      

   2. Add the following content, and modify the paths, token, and username as needed:

      [Unit]
      Description=Fortify ScanCentral SAST Sensor
      
      [Service]
      User=<username>
      Environment="SAST_LOCATION=<sast_install_dir>" "SCANCENTRAL_VM_OPTS=-Dworker_auth_token=<worker authentication token>"
      ExecStart=<client_install_dir>/bin/scancentral -url <controller_url> worker
      StandardOutput=append:<client_install_dir>/bin/workerout.txt
      StandardError=append:<client_install_dir>/bin/workerout.txt
      WorkingDirectory=<working_dir>
      Restart=on-failure
      
      [Install]
      WantedBy=multi-user.target
      

      • The <working_dir> should be a directory that the <username> has write permissions to.
      • The SCANCENTRAL_VM_OPTS environment variable can be used to set additional sensor properties. For more information, see Configuring sensor properties.

4. Reload the systemd and enable the service:

   systemctl daemon-reload
   systemctl enable scancentral-sensor
   systemctl start scancentral-sensor
   

5. Check the setup:

   1. Reboot and log in to the machine as "root".

   2. To verify the processes under root, type:

      ps -x | grep java

      Verify that the output shows that the sensor is not started under root.

   3. To verify the processes under the user, type:

      sudo -u <username> ps x | grep java

      Verify that the output displays the sensor process.

   4. To verify the existence and contents of the script output file, type:

      tail -f <client_install_dir>/bin/workerout.txt

      The file /bin/workerout.txt must match what was configured for the StandardOutput and StandardError in the scancentral-sensor.service

      For example:

      tail -f /home/<username>/Fortify/Fortify_ScanCentral_Client_25.4.0_x64/bin/workerout.txt‎