Perform the following procedure to install a new Carbon Black EDR server.

Prerequisites

See Installing and Initializing a New Server for important pre-install instructions.

Procedure

  1. Verify that the host machine on which to install Carbon Black EDR server meets the hardware and software requirements as specified in the Carbon Black EDR Server Operating Environment Requirements Guide.
  2. Verify that the server has Internet connectivity as specified in Firewall and Connectivity Requirements.
  3. Contact Carbon Black Technical Support to procure an installation RPM for the Carbon Black EDR server.
  4. Install the RPM:
    • If you are not installing the server in a RHEL 8 FIPS-enabled environment, run the following command using the customer-specific RPM that you received:
      sudo rpm -ivh carbon-black-release-1.0.3-1- <customername> .x86_64.rpm 

      You can optionally verify that the Carbon Black EDR [cb] Yum repository is accurately configured. You can run the following command to see the contents of the new Yum repository entry for Carbon Black EDR:

      cat /etc/yum.repos.d/CarbonBlack.repo

      For example:

      [root@cb-enterprise-testing ~]# cat /etc/yum.repos.d/CarbonBlack.repo
      
      [CarbonBlack]
      name=CarbonBlack
      baseurl=https://yum.distro.carbonblack.io/enterprise/stable/
      $releasever/$basearch/
      gpgcheck=1
      enabled=1
      metadata_expire=60
      sslverify=1
      sslclientcert=/etc/cb/certs/carbonblack-alliance-client.crt
      sslclientkey=/etc/cb/certs/carbonblack-alliance-client.key
    • If you are installing the server in a RHEL 8 FIPS-enabled environment, run the following command using the customer-specific RPM that you received:
      sudo rpm -ivh carbon-black-release-1.0.4-1 <customername> .x86_64.rpm --nodigest --nofiledigest

      After successful installation of carbon-black-release-1.0.4-1- <customername> .x86_64.rpm, run following command to disable payload verification during the installation of cb-enterprise:

      echo "%_pkgverify_level signature" >> /etc/rpm/macros.verify
      Note: After a successful server installation, you must remove the macro configuration. See Step 6.
    The Carbon Black EDR SSL certificates and keys are in /etc/cb/certs/.
  5. Install the Carbon Black EDR server:
    1. Verify that the computer’s date and time settings are accurate. Incorrect date/time settings can cause failures in SSL negotiation.
    2. For EL 6 and EL 7 servers, run the following command:
      $ sudo yum install cb-enterprise
      For example:
      [jdoe@localhost yum.repos.d]$ sudo yum install cb-enterprise
      For EL 8 servers, run the following commands:
      $ sudo yum module disable postgresql redis python38 python39
      $ sudo yum install cb-enterprise
      For example:
      [jdoe@localhost yum.repos.d]$ sudo yum module disable postgresql redis python39
      [jdoe@localhost yum.repos.d]$ sudo yum install cb-enterprise
    3. Install the CentOS GPG key if you are prompted to do so.
    4. If your environment requires that outbound firewall exceptions be made, make sure that the exceptions documented in Firewall and Connectivity Requirements are followed. You must also update /etc/yum.repos.d/CentOS-Base.repo to enable the baseurl of http://mirror.centos.org.
      Note: Yum supports the use of web proxies. However, Carbon Black cannot use Yum with NTLM-authenticated web proxies.
  6. If you have successfully installed the server in a RHEL 8 FIPS-enabled environment, run the following command to remove the macro configuration set from Step 4:
    sed -i "s/%_pkgverify_level signature//g" /etc/rpm/macros.verify

What to do next