SIEM, Vulnerability Scanning, Server Monitoring and Compliance Training for IT Professionals
Table of Contents

Linux Agent Installation

In this Topic

Tutorials

How to Install the Corner Bowl Server Manager Agent on RHEL

How to Install the Corner Bowl Server Manager Agent on RHEL

Background

Server Manager includes a Linux Agent to remotely manage Linux hosts. Our agent-based solution solves several security and performance issues with existing built-in technologies and security implementations. To understand the benefits, we must first understand the technologies used to remotely manage Linux hosts without an agent.

Agentless Management

Linux (Red Hat (RHEL) and Ubuntu)

Linux Audit Logs are downloaded using a two step process that utilizes both SSH and SFTP. Since audit logs are in a protected directory, SSH must be used to login as a superuser then copy files from the protected directory to a temporary directory. Once complete, the SSH connection is closed then a new SFTP connection opened, which then downloads the audit log files from the temporary directory.

Security and Performance Issues
  • Remote connections require root or superuser access to copy audit logs.
  • SFTP typically has limited access to operating system files and audit logs.
  • Each time an audit log's latest contents are retreived, the entire log is copied then downloaded, a highly ineffecient method when download new entries every few minutes.
  • Real-time log monitoring is not supported.

Agent-Based Management Benefits

  • The Linux Agent runs with root access enabling the software to access audit logs without generating logon events.
  • All data is transmitted over a single TLS 1.2 capable TCP/IP port using a highly efficient binary protocol stack.
  • Audit logs are efficiently accessed, parsed, and filtered directly on each Linux host prior to transmitting the latest filtered entries to the Management Server.
  • Real-time log monitoring is fully supported.

Supported Templates

The following templates are currently supported on Linux:

System Requirements

The Linux Agent requires the Microsoft .Net 8 Runtime or higher to be installed.

How to Install the Microsoft .Net 8 Runtime

  • From the target Linux host, open a command prompt.

Red Hat Enterprise Linux (RHEL)

  • Type the following command:
sudo yum install dotnet-runtime-8.0 -y

CentOS

  • Type the following commands:
sudo rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpm 
sudo yum install dotnet-runtime-8.0 -y

Ubuntu:

  • Type the following commands:
wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb 
sudo dpkg -i packages-microsoft-prod.deb 
sudo apt install apt-transport-https 
sudo apt update 
sudo apt install dotnet-sdk-8.0

How to Remotely Install the Linux Agent

  • Add the hostname or IP add to Corner Bowl Server Manager. For more informatino see: Adding Hosts.
  • Configure the Linux host's SSH/SFTP connection with superuser credentials. For more informatino see: SSH/SFTP Properties
  • From the Host Properties View, select the Agent Tab, then click the Install Agent button.

How to Manually Install the Linux Agent

  • From the host you have installed Server Manager, open the following file in Notepad as an administrator.
C:\Program Files\Corner Bowl\Server Manager\Agent Installers\Linux\tcpserver.json
  • Set the Host value to the routable hostname or IP address the Corner Bowl Server Manager Service is installed.
  • Save your changes.
  • Copy all of the files located in the following directory to your Linux host:
C:\Program Files\Corner Bowl\Server Manager\Agent Installers\Linux
  • From the Linux host, create the installation directory /usr/bin/corner-bowl/server-manager-agent, for example:
sudo mkdir /usr/bin/corner-bowl/server-manager-agent
  • Copy the dll and json files to the target installation directory, for example:
sudo cp ./*.dll /usr/bin/corner-bowl/server-manager-agent 
sudo cp ./*.json /usr/bin/corner-bowl/server-manager-agent
  • Create the configuration directory /usr/share/corner-bowl/server-manager-agent, for example:
sudo mkdir /usr/share/corner-bowl/server-manager-agent
  • Copy the configuration file, tcpserver.json, to the configuration directory, for example:
sudo cp ./tcpserver.json /usr/share/corner-bowl/server-manager-agent
  • Copy the systemD service file, cbsmagt.service, to the /etc/systemd/system directory, for example:
sudo cp ./cbsmagt.service /etc/systemd/system
  • Reload the systemctl:
sudo systemctl daemon-reload
  • Configure the Daemon to start when the server is booted:
sudo systemctl enable cbsmagt
  • Start the Daemon:
sudo systemctl start cbsmagt

How to Upgrade the Linux Agent

As of build 23.0.0.400, the Linux Agent is automatically updated when the Agent detects the Server is running a later version. No user interaction is required. If you are running a previous version, re-install with the latest version.

How to Re-Configure the Agent

  • Once installed, if you need to change the target hostname or would like to enable TLS 1.2, you must modify the tcpserver.json configuration file located in the configuration directory:
/usr/share/corner-bowl/server-manager-agent/tcpserver.json

Configuration File Reference

{
  "Host": "SERVERNAME", 
  "Port": 21843, 
  "IdleTimeout": 300, 
  "ReceiveTimeout": 120, 
  "SendTimeout": 120, 
  "TempDirectory": "./temp", 
  "TlsConfiguration": {
    "Enabled": false, 
    "Certificate": null, 
    "RequireRemoteCertificate": false, 
    "AllowSelfSignedCertificate": true, 
    "CheckCertificateRevocation": false, 
    "AllowCertificateChainErrors": true 
  }
}

For more information see: Agent Configuration

How to Configure Templates to Run on the Agent

  • Select File | New Template. The Select Template Type view displays.
  • Click the Template type to create. The Template Properties view displays.
  • Select the Agent Template Tab
  • Use the Enabled Check Box to flag the template as an Agent-Based Template.
  • Use the Trigger Check Box to trigger actions when assigned hosts do not connect within the configured time span.
  • Use the On Host Not Connecting Drop-Down to assign the actions to fire when assigned hosts do not connect within the configured time span.

Troubleshooting

If the Agent does not appear to be connecting or processing Templates, view the Agent's verbose output log for detailed information. The log file is located in the following directory on each remotely managed host:

/var/log/corner-bowl/agent.log
  • Open a command-prompt, then type the following command to tail the log file:
tail -f /var/log/corner-bowl/agent.log
  • Monitor the file for at least 2 minutes. 9 times of out of 10, there is a connection error due to the tcpserver.json file not specifying the correct host or other invalid parameter, a firewall blocking the default port, 21843, on the Corner Bowl Server Manager Service host, or the Agent Server is configured to use DNS or FQDN lookup when instead the local hostname is expected. All of these error scenarios are easily identified when tailing the agent.log file.

Related Topics

Adding Hosts

Agent-Based Management

Server Configuration