SIEM, Vulnerability Scanning, Server Monitoring and Compliance Training for IT Professionals
Table of Contents

Linux Server Installation

In this Topic

Background

Server Manager can be installed on RHEL, CentOS, Ubuntu or any other Linux flavor that supports .Net 7 or higher.

Important
To configure the Management Server, you must remotely connect via the Windows Server Manager Management Console. If the target machine is stand-alone air gapped, create the configuration from a sandbox environment, backup the configuration, copy the zip file to the target machine, unzip the files, move the files to the /usr/bin/corner-bowl/server-manager directory, then lastly, restart the Daemon. Once started, the hostname that resides in configuration backup is automatically renamed to the target machines name.

System Requirements

The Linux Agent requires the Microsoft .Net 7 Runtime or higher to be installed.

How to Install the Microsoft .Net 7 Runtime

  • From the target Linux host, open a command prompt.

Red Hat Enterprise Linux (RHEL)

  • Type the following command:
sudo yum install dotnet-runtime-7.0 -y

Ubuntu:

  • Type the following commands:
wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb 
sudo dpkg -i packages-microsoft-prod.deb 
sudo apt install apt-transport-https 
sudo apt update 
sudo apt install dotnet-sdk-7.0

How to Manually Install the Linux Server

  • From an Internet Browser, goto https://www.CornerBowlSoftware.com/Download.
  • If you are not logged into the website, login.
  • Once logged into the website, download the Linux Service Zip then unzip the contents to a temporary directory.
  • Modify the tcpserver.json file if necessary. For more information see: Server Configuration.
  • Create the following directories, for example:
sudo mkdir /usr/bin/corner-bowl 
sudo mkdir /usr/bin/corner-bowl/server-manager 
sudo mkdir /usr/bin/corner-bowl/server-manager/runtimes 
sudo mkdir /usr/bin/corner-bowl/server-manager/runtimes/linux-x64 
sudo mkdir /usr/bin/corner-bowl/server-manager/runtimes/linux-x64/native 
sudo mkdir /usr/bin/corner-bowl/server-manager/htmltemplates 
sudo mkdir /usr/bin/corner-bowl/server-manager/htmlimages 
sudo mkdir /usr/share/corner-bowl 
sudo mkdir /usr/share/corner-bowl/server-manager
  • Copy the files to the appropreiate destination directories, for example:
sudo cp ./*.dll /usr/bin/corner-bowl/server-manager 
sudo cp ./runtimes/linux-x64/native/*.dll /usr/bin/corner-bowl/server-manager/runtimes/linux-x64/native 
sudo cp ./htmltemplates/* /usr/bin/corner-bowl/server-manager/htmltemplates 
sudo cp ./htmlimages/* /usr/bin/corner-bowl/server-manager/htmlimages 
sudo cp ./*.json /usr/bin/corner-bowl/server-manager 
sudo cp ./cbsmsrv.service /etc/systemd/system/cbsmsrv.service 
sudo cp ./tcpserver.json /usr/share/corner-bowl/server-manager/tcpserver.json
  • Load the Daemon into systemctl, configure the Daemon to start when the server boots, then start the Daemon, for example:
sudo systemctl daemon-reload 
sudo systemctl enable cbsmsrv 
sudo systemctl start cbsmsrv
  • Verify the service has started, for example:
cat /var/log/corner-bowl/server.log

How to Upgrade the Linux Server

Auto-update is currently under development. To update:

  • Stop the Daemon, for example:
sudo systemctl stop cbsmsrv
  • Repeat the installation steps above.

How to Configure TLS 1.2

  • Use openssl to create and install your certificate, for example on RHEL:
yum install openssl 
mkdir /etc/pki/CA 
mkdir /etc/pki/CA/private 
cd /etc/pki/CA/private 
openssl req -new -x509 -newkey rsa:2048 -keyout cakey.pem -out ../cacert.pem 
chmod 600 cakey.pem 
openssl rsa -in cakey.pem -noout -text 
openssl genrsa -out serverkey.pem -aes128 2048 -days 3650 
openssl rsa -in serverkey.pem -out serverkey.pem 
openssl req -new -key serverkey.pem -out req.pem -nodes 
cd /etc/pki/CA 
echo 01 > serial 
touch index.txt 
cd /etc/pki/CA/private 
openssl ca -in req.pem -notext -out servercert.pem 
openssl pkcs12 -export -out servercert.pfx -inkey serverkey.pem -in servercert.pem
  • Once installed, add the certificate to your .Net Certificate Store using the Server Manager Command-Line Interface, for example:
cd /usr/bin/corner-bowl/server-manager 
/usr/bin/dotnet cbsmcli.dll -ic -f /etc/pki/CA/private/servercert.pfx
  • Using a text editor, open the /usr/share/corner-bowl/server-manager/tcpserver.json file.
  • Find TlsConfiguration | Enabled then set the value to true.
  • Find TlsConfiguration | Certificate then set the value to one of the following values found in the Windows Certificate Manager:
AttributeSample ValueSearch Order
Distinguished NameLocalhostName1
  • Save your changes.
  • From a command-prompt, restart the Daemon, for example:
sudo systemctl stop cbsmsrv 
sudo systemctl start cbsmsrv

Configuration File Reference

{
  "Host": "0.0.0.0", 
  "Port": 21843, 
  "IdleTimeout": 300, 
  "ReceiveTimeout": 120, 
  "SendTimeout": 120, 
  "TlsConfiguration": {
    "Enabled": true, 
    "Certificate": "yourhostname", 
    "RequireRemoteCertificate": false, 
    "AllowSelfSignedCertificate": true, 
    "CheckCertificateRevocation": false, 
    "AllowCertificateChainErrors": true 
  }
}

For more information see: Server Configuration

Troubleshooting

If the Server does not appear to be running or accepting connections from a Windows Server Manager Management Console, view the Daemon's verbose output log for detailed information. The log file is located in the following directory:

/var/log/corner-bowl/server.log
  • Open a command-prompt, then type the following command to tail the log file:
tail -f /var/log/corner-bowl/server.log

Related Topics

Installation

Server Configuration