Overview
A Linux agent sensor is a managed background daemon that works as a network sensor, without log forwarding, that also monitors:
The agent sensor converts that information to metadata and forwards it to the cloud based Data Processor (DP) as Interflow records. The DP can then correlate traffic, processes, users, and commands for security, DDoS, and breach attempt detections.
The latest Linux distributions install Python 3 by default, but the sensor requires Python 2. Before you install the sensor, make sure that Python 2 is installed.
Server requirement (min: 6GB memory, 4 cores CPU)
Agent will limit
itself to run less than 5% of memory and CPU usage
For smaller
installation, you can use the following steps to install. For large scale
installation, puppet installation may be the way to go.
Outbound From Linux Servers for agent communication and sending logs:
Deployment Steps
Agent Sensor - Ubuntu/CentOS/RedHat/Debian Deployment
For Debian 9 or Ubuntu 19.04/18.04/16.04/14.04 environments, execute the following:
curl -k -u
AellaMeta:WroTQfm/W6x10 -o ds_ubuntu_install.sh https://acps.stellarcyber.ai/release/3.10.1/datasensor/ds_ubuntu_install.sh --fail
For CentOS 6.1/6.5/6.7/6.9/7.x/Redhat 6.7 environment, execute the following:
curl -k -u
AellaMeta:WroTQfm/W6x10 -o ds_centos_install.sh https://acps.stellarcyber.ai/release/3.10.1/datasensor/ds_centos_install.sh --fail
For RedHat 7.x local environment, execute the following:
# please make sure you have previously subscribed to redhat subscription service
subscription-manager register --username xxxxx --password xxxxx --auto-attach
subscription-manager repos --enable rhel-7-server-extras-rpms
curl -k -u AellaMeta:WroTQfm/W6x10 -o ds_centos_install.sh https://acps.stellarcyber.ai/release/3.10.1/datasensor/ds_centos_install.sh --fail
sudo bash ds_centos_install.sh --version 3.10.1
Step 1: Download the linux agent based on the
type of Operating System
Step 2: Type ‘aella_cli’ to launch the page of the Data Sensor.
Step 3: Enter the following command in the command prompt window: "set tenant_id tenant id" Example: set tenant_id 58029192. Your Customer Success Manager can send you your Tenant Name and Tenant ID if you did not receive it within your welcome email.
Step 4: Enter the following command: "set cm 52.7.164.23"
Step 5: Enter the following command to see the version “show version”
Step 6: Enter the following command to see the connection was established with the CM “show cm”
Step 7: Let your Customer Success Manager or soc@cyflare.com know that you have deployed the agent. The SOC will need to authorize each linux server before log events are ingested.