Linux installation

Linux installation

In this manual, we will cover the setup of GuardMode Agent on Linux OS. All steps should be performed as root user.

Preparing directory

The user should create a new directory for the GuardMode Agent files. We encourage to use '/opt/CatalogicGuardModeAgent' but it is not mandatory.

mkdir '/opt/CatalogicGuardModeAgent'

Unpacking program files

After downloading program archive, the user needs to unpack it to the created directory. The name of the archive file shown in the below example may vary in the future.

unzip Catalogic-GuardMode-Agent-{version}-linux-x64.zip -d '/opt/CatalogicGuardModeAgent/'

cd '/opt/CatalogicGuardModeAgent/'

Running configuration script

The user needs to run the configuration script - it should exit with code 0 and indicate the configuration of Catalogic GuardMode Agent is finished successfully.

Setting up Basic Auth

In order to use GuardMode Agent's REST API and connect it to the DPX, basic authentication needs to be set. For "--username" and "--password" parameters, the user should provide credentials that will be used to log into the GuardMode Agent's REST API.

The value of --username MUST be set to 'sysadmin' (this is mandatory for Linux machines):

Setting up DPX notifications (optional)

To allow a connection between DPX Master Server and GuardMode Agent's API, port 5000/TCP must be opened.

In the "--hostname" parameter the user needs to provide the address of their DPX Master Server; for "--username" and "--password" parameters they should provide credentials used to log into the DPX interface, which will allow the GuardMode Agent to connect and register a node allowing the user to configure Agent settings via the DPX WebUI.

In order to access and configure GuardMode through DPX Master Server, the user needs to register it as a Node. For "--username" and "--password" parameters, the user needs to provide credentials set up in the Basic Auth step - the credentials to the GuardMode Agent's REST API.

Setting up Syslog notifications (optional)

While setting up Syslog notifications, only passing the "--hostname" (Syslog server's hostname or IP address) parameter is mandatory, other parameters are optional. For the "--application-name" parameter, the user can type in the name of the sender application that will send a message to the Syslog server

The user can configure GuardMode Agent to send notifications using TLS. To do that, the they are required to have a TLS certificate.

If the user decides to use TLS protocol, they must provide a valid port value in the "--port" parameter. For TLS valid port will be "6514" (http://tcp-udp-ports.com/port-6514.htm). In "--tls-certificate-path" the user needs to provide a path to their certificate file. If the certificate is untrusted (e.g. self-signed), the user can set "--validate-tls-certificate" to "False". In that case, TLS certificate's validation will not be performed.

Detailed information can be found by executing the following command:

Registering GuardMode Agent as a system service

To register the program as a system service, the user needs to run the following command. After its execution the script will print the "Creating service - OK" message and the service will start running.