Using GuardMode Agent as a Container

GuardMode Agent can be installed as a Podman container, providing flexibility for users with Linux versions that may not be supported by .NET. This installation method offers similar functionality to the standalone installation while leveraging containerization benefits.

Prerequisites

Before proceeding with the containerized installation, ensure you have the following:

• Podman version 4.4.1 or higher installed on your system.

• Root user access to run installation and management commands.

Supported Systems

The containerized GuardMode Agent runs on supported systems and RHEL 7, with more platforms planned for future support.

Installing GuardMode Agent Container

To install GuardMode Agent as a container, follow these steps:

1. Download and unzip the GuardMode Agent archive.

2. Navigate to the GuardMode Agent directory.

3. Run the installation script with the containerization flag:

sudo bash install.sh -c

Alternatively, you can use the long-form flag:

sudo bash install.sh --containerized

The installation process for the containerized version is similar to the standalone installation, with the main difference being the use of a container to run the agent.

Upgrading GuardMode Agent Container

Upgrading the containerized GuardMode Agent follows a similar process to installation:

1. Download the new version of GuardMode Agent.

2. Run the upgrade script with the containerization flag:

sudo bash upgrade.sh -c

The upgrade process preserves existing databases, logs, and settings, regardless of the previous or new installation type.

Uninstalling GuardMode Agent Container

To uninstall the containerized GuardMode Agent, simply run the uninstallation script:

sudo bash uninstall.sh

The uninstallation process is identical for both standalone and containerized installations.

Container Structure and Implementation

The containerized GuardMode Agent operates similarly to the standalone version, with a few key differences:

• The Catalogic.GuardMode.Agent file is a script that forwards arguments to the podman run command, rather than a binary executable.

• The agent runs in a container named guardmode-agent:latest.

• All necessary files are stored in the agent directory and mounted into the container using volumes.

• The root filesystem is mounted to allow the agent to access and scan arbitrary files.

Service Management

The containerized GuardMode Agent is registered as a systemd service, allowing for easy management:

• Start the service: systemctl start Catalogic.GuardMode.Agent

• Stop the service: systemctl stop Catalogic.GuardMode.Agent

• Check service status: systemctl status Catalogic.GuardMode.Agent

Applying Configuration Changes

If you make any manual changes to the appsettings.json file, you need to restart the agent for these changes to take effect. Use the following command:

systemctl restart Catalogic.GuardMode.Agent

Port Forwarding

By default, the installation script attempts to forward necessary ports by examining the appsettings.json file. If this automatic forwarding doesn't work, you can manually specify ports using the GUARDMODE_PORTS environment variable:

1. Create a file named /etc/systemd/system/Catalogic.GuardMode.Agent.service.d/guardmode.conf (if not already created)

2. Add the following content:

[Service]
Environment="GUARDMODE_PORTS=<PORT1>,<PORT2>,..."

Replace <PORT1>, <PORT2>, etc., with the specific ports you need to forward.

Custom FQDN Configuration

If you need to specify a custom FQDN for the agent, you can add it to the environment configuration:

1. Create a file named /etc/systemd/system/Catalogic.GuardMode.Agent.service.d/guardmode.conf

2. Add the following content:

[Service]
Environment="GUARDMODE_FQDN=<AGENT_IP>"

Replace <AGENT_IP> with the specific IP or FQDN you want to use for the agent.