Table of Contents
- Getting Started
- Agent-Based Management
- Common Tasks
- Data Providers
- Directory Services
- Auditing
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Assign Templates
- Log Management Templates
- SCAP Compliance Monitor
- Active Directory User Monitor Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- Account Lockout Monitor Template
- Audit Policy Monitor Template
- Logon As Monitor Template
- Logon Monitor Template
- Performance Counter Monitor Template
- PowerShell Template
- Process Monitor Template
- RDP Session Monitor Template
- Registry Value Monitor Template
- Service Monitor Template
- SMART Disk Monitor Template
- System Security Monitor Template
- Windows Update Template
- WMI Query Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Database Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Windows Accounts Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- SNMP
- SSH Shell
- Syslog
- System Reset
- Shared Views
- Active Directory User and Group Filters
- Assign Actions
- Assign Azure Audit Logs
- Assign Consolidated Logs
- Assign Directories
- Assign Disks
- Assign Event Logs
- Assign Files
- Assign Services
- Assign Shares
- Auto-Config Host Assignment Properties
- Define CSV and W3C Log Entry Columns
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Executable Status
- Executable Timeline
- Explicitly Assigned Logs
- File Explorer
- General Executable Properties
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Target Files and Sub-Directories
- Command Line Interface
- Server Configuration
- Agent Configuration
- Troubleshooting
- Terminology
Linux Agent Installation
In this Topic
Tutorials
Background
Server Manager includes a Linux Agent to remotely manage Linux hosts. Our agent-based solution solves several security and performance issues with existing built-in technologies and security implementations. To understand the benefits, we must first understand the technologies used to remotely manage Linux hosts without an agent.
Agentless Management
Linux (Red Hat (RHEL) and Ubuntu)
Linux Audit Logs are downloaded using a two step process that utilizes both SSH and SFTP. Since audit logs are in a protected directory, SSH must be used to login as a superuser then copy files from the protected directory to a temporary directory. Once complete, the SSH connection is closed then a new SFTP connection opened, which then downloads the audit log files from the temporary directory.
Security and Performance Issues
- Remote connections require root or superuser access to copy audit logs.
- SFTP typically has limited access to operating system files and audit logs.
- Each time an audit log's latest contents are retreived, the entire log is copied then downloaded, a highly ineffecient method when download new entries every few minutes.
- Real-time log monitoring is not supported.
Agent-Based Management Benefits
- The Linux Agent runs with root access enabling the software to access audit logs without generating logon events.
- All data is transmitted over a single TLS 1.2/3 capable TCP/IP port using a highly efficient binary protocol stack.
- Audit logs are efficiently accessed, parsed, and filtered directly on each Linux host prior to transmitting the latest filtered entries to the Management Server.
- Real-time log monitoring is fully supported.
Supported Templates
The following templates are currently supported on Linux:
- CPU Monitor
- Directory Size Monitor
- Disk Space Monitor
- File Consolidation
- File Monitor
- File Integrity Monitor (FIM)
- Memory Monitor
- SQL Server Shirk and Backup
- TCP Port Scan Monitor
- Text Log Consolidation
- Text Log Monitor
System Requirements
The Linux Server requires the .Microsoft .NET 8 Runtime to be installed. For more information see: Install .NET on Linux.
How to Remotely Install the Linux Agent
- Add the hostname or IP add to Corner Bowl Server Manager. For more informatino see: Adding Hosts.
- Configure the Linux host's SSH/SFTP connection with superuser credentials. For more informatino see: SSH/SFTP Properties
- From the Host Properties View, select the Agent Tab, then click the Install Agent button.
How to Manually Install the Linux Agent
- From your Internet browser, log into Corner Bowl Software.
- Once logged in, from the Menu Barselect Downloads.
- From the Downloads Page, if you are running RHEL 9+ locate the Agent RHEL 9 RPM, otherwise select the Agent ZIP then click the Download button
- If you downloaded the RPM, from command-line, type:
sudo rpm -i cbsmagent-25.0.0.x-1.el9.x86_64.rpm
- Where 25.0.0.x is replaced with the actual version being installed.
- Otherwise, if you downloaded the zip, decompress the zip file then run the install.sh script. For example:
linuxagent2025.zip sudo install.sh
- Where 25.0.0.x is replaced with the actual version being installed.
- Verify the service has started, for example:
cat /var/log/corner-bowl/agent.log
How to Configure TLS 1.2/3 or Change the TCP/IP Port
For more information see Agent Configuration.
How to Update the Windows Agent
Once installed, the agent uses the Corner Bowl TCP/IP connection to the server to download both major and minor updates, then automatically installs the downloaded version.
Troubleshooting
If the Agent does not appear to be connecting or processing Templates, view the Agent's verbose output log for detailed information. The log file is located in the following directory on each remotely managed host:
/var/log/corner-bowl/agent.log
- Open a command-prompt, then type the following command to tail the log file:
tail -f /var/log/corner-bowl/agent.log
- Monitor the file for at least 2 minutes. 9 times of out of 10, there is a connection error due to the tcpserver.json file not specifying the correct host or other invalid parameter, a firewall blocking the default port, 21843, on the Corner Bowl Server Manager Service host, or the Agent Server is configured to use DNS or FQDN lookup when instead the local hostname is expected. All of these error scenarios are easily identified when tailing the agent.log file.