Administrators can manage computers that have Linux Operating systems. This document will explain to you on the following:
Supported Linux OS
Currently the following Linux Operating system versions are supported:
- Red Hat Enterprise Linux 6 and and later versions
- SUSE Linux Enterprise 11 SP3 and later versions
- Ubuntu 10.04 and later versions
- Debian GNU/Linux 7 and above
- CentOS 6 and later versions
- Pardus 17, and 19
- Oracle Linux Server 6, 7, 8 and 9
- Rocky Linux
To know more about supported applications in Vulnerability Manager Plus, visit here
Note: For patching Red Hat and SUSE, it is recommended that all the managed endpoints have valid system licenses.
Configuring Linux Agent Settings
Vulnerability Manager Plus has different agents for managing Windows, Mac and Linux computers. Linux agents will not be created by default. You can create Linux agents by configuring the settings in the scope of management. This will help you to automatically create Linux agents for the local office and the remote offices. To configure the Linux agent settings follow the steps mentioned below.
- Click the Admin tab to invoke the Admin page.
- Click the Agent Settings link available under SoM Settings.
- Select Linux Agent Settings tab.
- Select the domain or the workgroup to group Linux computers (this is virtual grouping and will not impact on its functions). Agents that are pushed remotely from SoM --> Add Computers will be shown under the respective Domain/Workgroup from which they are added.
| |
While adding credentials it is recommended that the user account falls under active directory else the credentials can be added under workgroup type. This credential will be used for automatic installation of agents across local office computers irrespective of their domain. |
- Click Save Changes to create Linux agents.
Linux agents can be download from the SoM page, by choosing the appropriate agent, such as LAN agent or WAN agent for specific Remote Offices.
Installing Vulnerability Manager Plus Agents
Pre-requisites
Before you manually install Linux agents in your network, ensure following packages are available in the remote computer:
- tar package version 1.29 or above.
- xz or xz-utils based on type of Linux OS.
Steps to install Linux agents
Linux agents can be installed manually in the computers that need to be managed. Agents should be downloaded on the Linux computer manually before initiating the installation process. Follow the steps mentioned below.
- Go to the terminal as a root user. If you do not login as a root user, open the terminal and use sudo command to perform each operation mentioned below and enter password whenever prompted. This provides you the root privilege.
- Navigate to the location, where the agent is downloaded and Unzip the UEMSLinuxAgent.zip by using the command unzip -e UEMSLinuxAgent.zip
- Verify if, UEMS_LinuxAgent.bin and serverinfo.json are located in the same path.
- Execute the Command, chmod +x UEMS_LinuxAgent.bin as a root user. This prepares the executable for installation.
- Run the Installer using ./UEMS_LinuxAgent.bin. Agent will be installed by default in /usr/local/uems_agent directory.
- To force Linux agent installation on a machine that already has an agent installed, use the following command: ./UEMS_LinuxAgent.bin -f
- If you want to change the installation location of the agent, use this command ./UEMS_LinuxAgent.bin -d <new_location>
Installing Vulnerability Manager Plus Agent Remotely
| |
If you want to install agents for computers within the LAN, you can choose the computers and invoke agent installation from the Vulnerability Manager Plus web console Admin tab --> SoM -->Select computers and invoke agent installation. If you want to install agents to computers which belongs to a different remote office, you will have to use SSH. |
When you want to install the Vulnerability Manager Plus agent to remote office computers, you can install them using SSH. Follow the steps mentioned below to install Vulnerability Manager Plus agent using SSH:
- Login to a Linux computer.
- Download the appropriate agent based on the remote office.
- Copy the downloaded Vulnerability Manager Plus agent to the remote computer on which the agent needs to be installed.
- Go to terminal as root user
- Navigate to the location where the agent is being copied/downloaded.
- Type scp UEMSLinuxAgent.zip username@hostname:<Path_To_Storage_Directory_If_Needed> to copy the agent to the target computer, enter password if prompted.
username - refers to the root user name of the target computer.
hostname - refers to the local host name of the target computer.
If no path is specified, then the agent will be copied to /home/username in the target computer
- Install the agent by following the steps mentioned below:
- Go to the terminal and type ssh rootusername@hostname to login to the target computer.
- Login as a root user. If you are not logged in as rootuser, open the terminal and use sudo command to perform each operation mentioned below and enter the password whenever prompted. This provides you the root privilege.
- Navigate to the location, where the agent is downloaded/copied, if the downloaded agent is a remote office agent, then extract <Remote_Office_Name>.zip and navigate to unzip the UEMSLinuxAgent.zip by using the command unzip -e UEMSLinuxAgent.zip.
- Verify if, UEMS_LinuxAgent.bin and serverinfo.json are located in the same path.
- Execute the Command, chmod +x UEMS_LinuxAgent.bin as a root user. This prepares the executable for installation.
- Run the Installer using ./UEMS_LinuxAgent.bin. Ensure that the Property File severinfo.json exists in the same directory as UEMS_LinuxAgent.bin. The agent will be installed by default in /usr/local/uems_agent directory.
- If you want to change the installation location of the agent, use this command ./UEMS_LinuxAgent.bin -d <new_location>
You have successfully installed the Vulnerability Manager Plus agent on a remote computer using SSH.
Uninstalling Vulnerability Manager Plus Agents
If you do not want to manage a computer, you can follow the steps mentioned below to uninstall the Vulnerability Manager Plus agent. Once Vulnerability Manager Plus agent is uninstalled, all the details related to the computer will be removed from the Vulnerability Manager Plus server. In case you need to manage this computer again, you will have to re-install the Vulnerability Manager Plus agent. However, the previous details related to the computer will not be available. To uninstall the agents from the computers, follow the steps mentioned below:
When Uninstallation Restriction is not configured
- Go to the terminal as a root user. If you are not logged in as a root user, open the terminal and use sudo command to perform each operation mentioned below and enter password whenever prompted. This provides you the root privilege.
- Navigate to the location, where the agent is installed, (default Location : /usr/local/uems_agent) execute this command to chmod +x RemoveUEMSAgent.sh to initiate the uninstaller. You need to have root privilege to uninstall the agent. If you do not remember the installation location, you can locate it here: Agent Installed Directory : /etc/uems_agent/uemsagentsettings.json
- Execute this command ./RemoveUEMSAgent.sh to uninstall the agent.
You can see that the Vulnerability Manager Plus agent has been uninstalled successfully from the computer.
When Uninstallation Restriction is configured
- Open the RemoveUEMSAgent.sh under the directory /usr/local/uems_agent as a root user
- If not logged in as a root user, enter the sudo credentials
- Enter the OTP prompted, either on the command line interpreter or UI displayed. To view the OTP configured, navigate to Agent > Scope of Management > Computers (in product console) or Menu > Scope of Management > Computers > Actions (in mobile app).
You can see that the agent has been uninstalled successfully from the computer.
