Log In

Linux Installation

Pre-Requirements

The CyberCyte' s Linux agent requires a offical or local repository. The system will download "osquery" with latest version.

Optionally the agent will download "nmap" and "Docker" with latest verison. For Docker repositories, please allow connection to these registries:

  • registry.community.greenbone.net

  • hub.docker.com

The CyberCyte Linux agent supports the Linux based operating systems like listed below:

  • Debian 9 and above

  • Ubuntu 18.04 and above

  • RHEL 8 and above

  • CentOS 9 and above

  • SUSE Linux (Coming soon)

The Agent Settings

The Agent installer link is created dynamically when downloaded. Once the agent is downloaded, it is available from "Settings & Reporting" -> "Deployment Management".

From this section, basic agent parameters can be configured by clicking the "Linux Agent Settings " button.

Agent Configurations

Settings Name

Explanation

Communication Interval

Agent communication interval to the Server

Data Sending Interval

Agent data send interval to the Server

Update Check Interval

Agent update check interval from the Server

Service Iteration Interval

Agent sleeps for this time after each cycle

Upload Data Chunk Size

Number of uploaded entries by one query

Once the settings are defined, click the "Save" button, and the system will redirect to the download page. Click the "Download Service Installer" button to download the agent.

It will redirect to a new tab, where a wget command is used to install and apply the agent's installation script. Please execute it on the servers and clients to install the agent.

wget --no-check-certificate -O ./script.sh "https://portal.cloudcyte.com/functions/<generated value>" && chmod +rwx ./script.sh && ./script.sh

Once the download button is clicked, it is created and signed.

Note 1: Because of its nature, some EDRs or AV solutions may consider this installer file malicious. Please whitelist this file on your endpoint security products. Also, the services and processes below are deployed. It is recommended that you whitelist them.

Services

Service Name

Display Name

laservice

laservice

Installation of Agent

After using the wget command, run the command at the endpoints to install the agent.

After installing the agent, it automatically registers to the system.

Checking Installation

After the agent is installed, it registers itself automatically with the Server. Please go to "Asset Management" -> "Endpoint Management" to see the agents. The device may take a couple of minutes to appear on this screen.

Figure 3 Agent Registration

Agents should be able to access CyberCyte Server on Port 443 and https://download.cloudcyte.com websites. If the agent is not shown here, please check access to the portal on the client first. If the entry is successful, please wait for communication interval settings.

Adding Necessary Policies and Endpoints to the Linux Servers Group

Once the agents are created in Endpoint Management, add them to the Linux Servers Group. Please navigate to "Rules & Policies" -> "Policy Management". Then, add the policy as in Figure 5. In some cases, you need to create the policy for this, following Figure 6. Finally, the endpoint should be added to a Linux-based operating system (Figure 6). After a while, you will see the data from these endpoints.

Checking the Installation

Please navigate to "Asset Management" -> "Endpoint Management" on the portal. All machines are synced with the table, and users can observe the machine/agent information from there.

Agents should be able to access CyberCyte Server on Port 443 and https://download.cloudcyte.com websites. If the agent is not shown here, please check access to the portal on the client first. If the entry is successful, please wait for communication interval settings.

Checking the Agent Status

  • Using Shell:

    • Execute this command in the shell:

      • systemctl status cybercyte_linux_agent.service

  • Using CyberCyte Portal:

    • Go to the "Asset Management" -> "Endpoint Management" on the portal. All of the agents will be listed under this page.

Uninstalling/Disabling the Agent

  • Using Shell:

    • Execute these commands in the shell:

      • service=cybercyte_linux_agent.service; systemctl stop $service && systemctl disable $service && rm /etc/systemd/system/$service && systemctl daemon-reload && systemctl reset-failed && rm -rf /opt/CyberCyteAgent

  • Disabling the Agent:

    • Go to the "Asset Management" -> "Endpoint Management" on the portal. Right-click on the machine and disable the agent. This action only disables agent data collection, the agent will update itself but not collect any data.

PreviousWindows InstallationNextmacOS Installation

Last updated

Was this helpful?