Cortex XDR Agent installation for Redhat Enterprise

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

Cortex XDR Agent installation for Redhat Enterprise

L2 Linker

Greetings

Thanks in advance for help 

I was trying to find the list of steps to install a Cortex XDR Agent on Redhat Enterprise Linux and guess there are quite a few things and mentioned in different places . Can somebody correct my understanding as listed below , taken from Palo documentation?

 

1) Check Pre-req -- Processor 2.3 GHz dual-core processor , 4GB; 8GB recommended RAM , Harddisk 10GB , x86 64-bit , Kernel 2.6.32
2)Check compatibility below ( Linux Distribution , version and Kernel version )
https://docs.paloaltonetworks.com/compatibility-matrix/cortex-xdr/where-can-i-install-the-cortex-xdr...

3) Verify you have standard Unix programs installed. ( What this means ? )
4) ca-certificates ( What this means and how to check ? )
5) openssl 1.0.0 or a later release
6 ) check SELinux status ( # getenforce )
7 ) glibc
8 )Allow communication on the TCP port from the Cortex XDR agent to server (the default is port 443).

9)Download the Cortex XDR agent installation script from Cortex XDR.
You can install the Cortex XDR agent on the endpoint manually using the shell installer or using the Linux package manager for .rpm and .deb installers. Copy the installation package to the Linux server on which you want to install the Cortex XDR agent software.
To deploy using the shell installer:
chmod +x linux.sh
./linux.sh --proxy-list ”abc.net:8866”

The script installs the files for the Cortex XDR agent for Linux in the /opt/traps folder with the Cytool utility available at /opt/traps/bin/cytool.
After the agent successfully connects to the server for the first time and retrieves a valid license, the agent begins protecting the Linux server.

 

Thanks

8 REPLIES 8

L3 Networker

Hi Balaraju,

After verifying the basic system requirements follow the steps here to install the agent. Under step 4. "To deploy the shell installer:" you can see the install script makes the necessary prerequisite checks that you mention in your list.

 

Thanks,

Ben

Thanks for your response . I wanted to see if I can manually check pre-requisites just to avoid the failures due to lack of fulfilling any of them .

This article walks through how to list installed packages on a RHEL system. You should be able to compare the listed packages to what is required by Cortex XDR under "Software Packages".

 

Hello @Balaraju

 

Step 3: In the documentation for Cortex XDR Agent for Linux Requirements, the bullet point “Verify you have standard Unix programs installed” refers to the information listed in the Software packages section. For RHEL, this includes:

 

  • ca-certificates
  • openssl 1.0.0 or a later release
  • Distributions with SELinux in enforcing or permissive mode:
    • Red Hat Enterprise Linux 6, CentOS 6, and Oracle Linux 6—policycoreutils-python
    • Red Hat Enterprise Linux 7, CentOS 7, and Oracle Linux 7—policycoreutils-python and selinux-policy-devel
    • SUSE—policycoreutils-python and selinux-policy-devel
    • Debian and Ubuntu—policycoreutils and selinux-policy-dev
  • glibc—Required for exploit protection of containerized processes using the ROP Mitigation and Brute Force Protection modules. If glibc is not installed, the modules are disabled but all other exploit and malware protection functionality work as expected.

 

The shell installer will check for the required packages prior to agent installation as well. If the pre-requisites are not met, the installation will not succeed as seen in the following attempt: 

mfakhouri_0-1661444750767.png

 

 

Step 4:  ca-certificates is a Linux package that contains digital certificates authorized by the certificate authority used when browsing the web (further reading: https://www.redhat.com/sysadmin/ca-certificates-cli)

 

The package ca-certificates is typically installed by default on RHEL distributions. To confirm, enter the command “rpm -qa | grep ca-certificates” into your terminal to search for the package:

mfakhouri_1-1661444750693.png

 

If there is no output, then the package is not installed. Ca-certificates can be installed with “sudo yum install ca-certificates” in the terminal.

 

To properly install the Cortex XDR agent on RHEL distributions, please review the Cortex XDR Linux Requirements and Install the Cortex XDR Agent for Linux documentation prior to installation.

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-5/cortex-xdr-agent-admin/cortex-xdr-agent-for-...

https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-5/cortex-xdr-agent-admin/cortex-xdr-agent-for-...

 

Hi @Balaraju I would recommend you leveraging tools like Puppet/Chef for installing pre-requisites automatically as part of installing Cortex XDR. Alternately, you can also leverage build tools like Packer to create golden images with Cortex XDR and its dependencies already installed. 

Thanks for reply , this is useful .

Thanks for your detailed reply , this was very useful and validated and closed many of my doubts . I think I can attempt one install now . Thanks again and appreciate the help .

L2 Linker

Thanks for your reply . I will check with my IT team on this .

  • 11785 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!