AIX: Deploying Deep Visibility and EnforcementAgents
AIX sensors are available as ALPHA version in this release. We recommend using these ALPHA-versionAIX sensors only in a lab environment for validation and testing.
Note
• Using Installer Script to Deploy Deep Visibility or Enforcement Agents on AIX, on page 1• Verifying Deep Visibility or Enforcement Agent Installation: AIX, on page 3• Uninstalling A Deep Visibility or Enforcement Agent: AIX, on page 3
Using Installer Script to Deploy Deep Visibility or EnforcementAgents on AIX
Using the installer script is the only method available for deploying deep visibility or enforcement agents onAIX platforms.
Before you begin
Note that if the installed agent is to be connected to a Tetration SaaS cluster, the ACTIVATION_KEY andHTTPS_PROXY parameters will be required. The installer script will automatically populate theACTIVATION_KEY, while you need to insert the HTTPS_PROXY information directly into the script. Formore information, see User Configuration for Tetration SaaS.
Procedure
Step 1 Choose Agent Config from the Settings menu to display the Agent Config page.Step 2 Click Software Agent Download to switch to that tab.Step 3 Select Linux in the Select Platform section.Step 4 Select either Deep Visibility or Enforcement in the Select Agent Type section.
AIX: Deploying Deep Visibility and Enforcement Agents1
b_Software_Agents_chapter9.pdf#nameddest=unique_8
Figure 1: Software Agent Installer Script Download Page
Step 5 Click the Download Installer button and save the file to a local disk.Step 6 Copy the installer shell script to all necessary AIX hosts for deployment, and execute the script with root
privileges on each.
The installer script will not proceed if the agent was already installed.Note
The installer script command syntax is as follows:
$ tetration_installer_aix.sh [--skip-pre-check] [--noInstall] [--logFile=filename]
[--proxy=proxy_string>] [--skip-ipv6-check] [--help] [--version]
[--sensor-version=version_info] [--ls] [--file=filename] [--save=filename] [--new]
[--libs=filename]
Skips pre-installation checks.--skip-pre-check
The sensor package is not downloaded and installed on the system.--noInstall
Writes the log to the file specified by filename.--logFile filename
Sets the value of HTTPS_PROXY. Use this if a proxy server is needed tocommunicate with the cluster. The string should be formatted ashttp://proxy:port
--proxy proxy_string
Skips IPv6 verification.--skip-ipv6-check
AIX: Deploying Deep Visibility and Enforcement Agents2
AIX: Deploying Deep Visibility and Enforcement AgentsUsing Installer Script to Deploy Deep Visibility or Enforcement Agents on AIX
Prints this help information.--help
Prints the current scriptʼs version.--version
Downloads a particular sensor version; default is the latest version. An exampleof the version_info entry is --sensor-version=3.1.1.53.devel
--sensorVersionversion_info
Lists all available sensor versions for your system (does not list pre-3.1packages). This is a listing only; does not download any package.
--ls
Lets you specify a local zip file to use to install the sensor instead ofdownloading from the cluster.
--file filename
Downloads the installer zip file from the Tetration cluster, saving it locallywith filename as its name.
--save filename
Uninstalls/removes all copies of the Tetration agent if it was already installedon this local machine.
--new
Installs libraries in provided zip file to be used by agent (for example,libstdc++).
--libs= filename
Verifying Deep Visibility or Enforcement Agent Installation: AIXFollow these steps on each AIX host to verify the agent was installed.
Procedure
Run the command lslpp -c -l tet-sensor.rte to confirm that there is one entry as follows (the specific outputmay differ depending on the version):sudo lslpp -c -l tet-sensor.rte/usr/lib/objrepos:tet-sensor.rte:3.4.1.19::COMMITTED:I:TET tet sensor package:
$ sudo lssrc -s tet-sensorSubsystem Group PID Statustet-sensor 1234567 active
$ sudo lssrc -s tet-enforcerSubsystem Group PID Statustet-enforcer 7654321 active
Uninstalling A Deep Visibility or Enforcement Agent: AIXFollow this step to uninstall an agent from an AIX host.
AIX: Deploying Deep Visibility and Enforcement Agents3
AIX: Deploying Deep Visibility and Enforcement AgentsVerifying Deep Visibility or Enforcement Agent Installation: AIX
Procedure
Execute the command installp -u tet-sensor
• By default, not all the related files are deleted after agent is uninstalled. Log files, for example,are preserved. You can manually delete all these files.
• The Deep Visibility Agent is controlled by System Resource Controller as tet-sensor. Assuch it is possible to start, stop, restart and remove it. The service is made persistent withinittab as tet-sen-engine.
• The Enforcement Agent is controlled by System Resource Controller as tet-enforcer. Assuch it is possible to start, stop, restart and remove it. The service is made persistent withinittab as tet-enf-engine.
• During the agent operations, it is possible that some kernel modules will be loaded automaticallyby the kernel. For example, if enforcement is enabled in AIX, ipfilter modules might be loaded.Agents do not have a list of modules loaded by the kernel. Therefore, during agent uninstallation,these kernel modules cannot be unloaded.
Note
AIX: Deploying Deep Visibility and Enforcement Agents4
AIX: Deploying Deep Visibility and Enforcement AgentsUninstalling A Deep Visibility or Enforcement Agent: AIX
AIX: Deploying Deep Visibility and Enforcement AgentsUsing Installer Script to Deploy Deep Visibility or Enforcement Agents on AIXVerifying Deep Visibility or Enforcement Agent Installation: AIXUninstalling A Deep Visibility or Enforcement Agent: AIX