The Starlight Linux Agent sensor works as a managed background daemon. The amount of resources used by the services are configurable.

It is recommended that this installation be done on hosts and VMs that have at least 6G bytes of memory and 4 CPU cores. In that configuration the Agent will consume about 5% of memory and CPU by default.

All the procedures that follow require that the user is logged in with an account with sufficient filesystem storage and sudo access. Regardless of the Linux version there are four main steps to perform an installation:

  1. Download the software install script from the Stellar Cyber AI production server.
  2. Run the installation script and verify the installation.
  3. Run the Agent CLI aella_cli and use the set cm command to program the IP address of the Starlight data processor into the Agent.

The install scripts will expect to be able to download and install dependencies. This will require the target system to be installed with repository access correctly configured and accessible.

Debian/Ubuntu Install

Ubuntu LTS versions 14.04, 16.04, and 18.04, and Debian 9 distributions are tested and supported. The following command will obtain the installation script (cut and paste is recommended):

curl -k -u CREDENTIALS -o ds_ubuntu_install.sh https://acps.stellarcyber.ai/release/3.2.0/datasensor/ds_ubuntu_install.sh --fail

The script may the be run with the following command.

sudo bash ds_ubuntu_install.sh --version 3.2.0

Once this script is run then proceed to the “Agent Sensor Configuration” section below.

CentOS and RedHat 6.7

CentOS 6.1, 6.5, 6.7, 7.x and RedHat 6.7 environment use the same procedure for installation. To obtain the installation script use the following command:

curl -k -u CREDENTIALS -o ds_centos_install.sh https://acps.stellarcyber.ai/release/3.2.0/datasensor/ds_centos_install.sh --fail

The script command can then be run with the following command:

sudo bash ds_centos_install.sh --version 3.2.0

Once this script is run then proceed to the “Agent Sensor Configuration” section below.

RedHat 7.x

Redhat 7.x versions are supported with these instructions. To set up repository access and obtain the installation script use the following commands. It will be necessary to provide the required username and password provided by RedHat by modifying the register command below.

subscription-manager register --username xxxxx --password xxxxx --auto-attach

subscription-manager repos --enable rhel-7-server-extras-rpms

curl -k -u CREDENTIALS -o

ds_centos_install.sh https://acps.stellarcyber.ai/release/3.2.0/datasensor/ds_centos_install.sh --fail

After download the script may be executed with the following command:

sudo bash ds_centos_install.sh --version 3.2.0

The script will install the Sensor. When it is complete proceed to the “Agent Sensor Configuration” section below.

RedHat 7.x AWS

When running RedHat 7.x in the AWS environment a slightly different procedure is used. To enable the required repository access use the following commands:

sudo yum install –y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

sudo yum install -y yum-utils

sudo yum-config-manager --enable epel

The current libssh library must be manually downloaded from the following URL. A RedHat login is required.

https://access.redhat.com/downloads/content/libssh/0.7.1-3.el7/x86_64/fd431d51/package

The downloaded RPM file can then be installed with the command

sudo rpm -i <downloaded rpm>

Once that is completed the installation script can be obtained with the following command:

curl -k -u CREDENTIALS -o

ds_centos_install.sh https://acps.stellarcyber.ai/release/3.2.0/datasensor/ds_centos_install.sh --fail

and executed with the following command:

sudo bash ds_centos_install.sh --version 3.2.0

Once this is completed proceed the the “Agent Sensor Configuration” section below.

Agent Sensor Configuration

Once the services are installed and operating the Agent must be programmed with the IP address of the Data Processor. Use the command:

aella_cli

to start the CLI. The command show version can be used to observe the current status of the Linux Agent. To program the connection use the set cm command as shown in the following examples.

set cm Express.StellarCyber.ai

Once this is done the Agent will attempt to connected to the indicated data processor and register its presence. The CLI can be exited with the quit command.

Congratulations!

Please email us at express@stellarcyber.ai to get the credentials for the portal.