Install Linux Agents on Endpoints

Perform the following procedure to install Linux agents on endpoints.

Prerequisites

The following procedure assumes you have already:

uploaded agent and rule packages as described in Uploading Agent Installers and Rules to the Server.
created one or more security policies for your agents as described in "Creating and Configuring Policies" in the Carbon Black App Control User Guide.
downloaded the appropriate installer as described in Downloading Agent Installers.
- For AD-based policy assignment, use an installer for any policy with automatic policy assignment enabled.
- The same downloaded agent installer can be used on multiple endpoints, and can also be distributed to endpoints via SSH or other distribution mechanisms.
If you intend to use SecureBoot, make sure the endpoint is prepared before installing the Linux Agent. See: Enable Secure Boot for Linux Agents
Note: SecureBoot is only available with Linux Agent 8.8.0+.

In addition, make sure that the user account being used to install the agent has administrative rights, or that the user can use sudo.

Before you install the Carbon Black App Control agent on the Red Hat Enterprise Linux 9.0 Endpoint:

Install the initscripts RPM manually or connect the host to Red Hat network.
Upgrade the Carbon Black App Control server to version 8.9.0 or later.
If you are using a Carbon Black App Control server deployed on Windows Server 2012, please update the DH modulus to 2048 bytes as described in https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3174644.

Procedure

Extract and uncompress the agent tarball archive for the policy for this computer. If the policy name contains characters that are not accepted in command arguments, such as spaces or parentheses, escape these characters with a backslash.
```
tar -xvzf <policyname>-redhat.tgz 
```
Change to the directory that matches the download tarball name.
```
cd <policyname>-redhat 
```
Where the Carbon Black App Control Server version is earlier than 8.9.2, download the Carbon Black App Control SHA256 based public key as bit9cs_sha2.asc and place it in the same folder as b9install.sh.
For version 8.7.8, validate the b9install script with public key and detached signature with the following commands:
```
gpg --dearmor bit9cs.asc
```
```
gpg --no-default-keyring --homedir . --keyring bit9cs.asc.gpg --verify b9install.asc b9install.sh
```
If the result contains ( gpg: Good signature from "bit9build (bit9cs) ), then the script is valid and you can proceed with the next steps.
For version 8.7.10 and later, validate the b9install script with public key and detached signature with the following commands:
```
gpg --dearmor bit9cs_sha2.asc
```
```
gpg --no-default-keyring --homedir . --keyring bit9cs_sha2.asc.gpg --verify b9install.asc b9install.sh
```
If the result contains ( gpg: Good signature from "bit9build (bit9cs) ), then the script is valid and you can proceed with the next steps.
Use sudo to run the agent installation shell script using the selected shell, adding the -n option if you do not want the blocked file notifier installed. For more information about the -n option, see Installing Linux Agents on Endpoints.
For example, to use the Bourne shell to install an agent:
```
sudo sh ./b9install.sh

-or for installation without the notifier-

sudo sh ./b9install.sh -n 
```
Important: If the output message states, "validation failed," it means that the rpm signature is not valid.
If you run anti-virus software, exclude the Carbon Black App Control agent installation directory from anti-virus scanning. For enhanced security, Carbon Black App Control protects its own application directory. To avoid performance problems, use whatever mechanism is provided by your anti-virus software vendor to specify that the following directories or files are not scanned:
- /opt/bit9/bin – the agent application and uninstall script
- /srv/bit9/data – the agent database and diagnostics logs
- /lib/modules/kernelversion/kernel/lib/b9kernal.ko – the agent kernel
- /etc/rc*/*b9daemon and /etc/init.d/b9daemon – the agent startup script
- /etc/X11/xinit/xinitrc.d/90b9notifier.sh – the Carbon Black App Control blocked file notifier
Firewalls can recognize Carbon Black App Control software as a new application and block access to the network. Instruct users running the agent to permanently allow it access.
To verify the agent installation, run ps aux | grep b9 in a command window. You should see b9daemon running.

What to do next

See "Endpoint Notifiers and Approval Requests" in the Carbon Black App Control User Guide for a description of what the user sees on an endpoint that is protected by the agent.