Guest Introspection supports File Introspection in Linux for anti-virus only. To protect Linux VMs using a Guest Introspection security solution, you must install the Guest Introspection thin agent.

The GI thin agent is available as part of the VMware Tools operating system-specific packages (OSPs). Installing VMware Tools is not required. GI thin agent installation and upgrade is not connected to NSX installation and upgrade. Also, Enterprise or Security Administrator (non-NSX Administrator) can install the agent on guest VMs outside of NSX.

To install the GI thin agent on RHEL, CentOS, and SLES Linux systems, use the RPM package. To install the GI thin agent on Ubuntu Linux systems, use the DEB package.

For Windows instructions, see Install the Guest Introspection Thin Agent on Windows Virtual Machines.

Prerequisites

  • Ensure that the guest virtual machine has a supported version of Linux installed:
    • Red Hat Enterprise Linux (RHEL) 7.0–7.4 GA (64 bit).
    • CentOS 7.4 GA.
    • SUSE Linux Enterprise Server (SLES) 12 GA (64 bit).
    • Ubuntu 16.04.5 LTS GA (64 bit).
    • Ubuntu 14.04 LTS GA (64 bit).
    Note: Starting in NSX 6.4.6, support for Ubuntu 14.04 and RHEL 7.0–7.3 is deprecated. NSX 6.4.6 and later supports Ubuntu 16.04.5 and RHEL 7.4.
  • Verify that GLib 2.0 is installed on the Linux VM.

Procedure

  • Based on your Linux operating system, perform the following steps with a root privilege:
    • For Ubuntu systems:
      1. Obtain and import the VMware packaging public keys using the following commands: 
        curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub

apt-key add VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
      2. Create a new file named vm.list file under /etc/apt/sources.list.d.
      3. Edit the file with the following content: 
        deb https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/dists xenial main
      4. Install the package: 
        apt-get update
apt-get install vmware-nsx-gi-file
    • For RHEL7 systems:
      1. Obtain and import the VMware packaging public keys using the following commands: 
        curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub

rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
      2. Create a new file named vm.repo file under /etc/yum.repos.d.
      3. Edit the file with the following content: 
        [vmware]
name = VMware
baseurl = https://packages.vmware.com/packages/nsx-gi/latest/rhel/x86_64
enabled = 1
gpgcheck = 1
metadata_expire = 86400
ui_repoid_vars = basearch
      4. Install the package: 
        yum install vmware-nsx-gi-file
    • For SLES systems:
      1. Obtain and import the VMware packaging public keys using the following commands: 
        curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub

rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
      2. Add the following repository: 
        zypper ar -f "https://packages.vmware.com/packages/nsx-gi/latest/sles12/x86_64/" VMware
      3. Install the package: 
        zypper install vmware-nsx-gi-file
    • For CentOS systems:
      1. Obtain and import the VMware packaging public keys using the following commands: 
        curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
      2. Create a new file named vmware.repo file under /etc/yum.repos.d.
      3. Edit the file with the following content: 
        [vmware]
name = VMware
baseurl = https://packages.vmware.com/packages/nsx-gi/latest/centos7/x86_64
enabled = 1
gpgcheck = 1
metadata_expire = 86400
ui_repoid_vars = basearch

What to do next

Check if the thin agent is running using the service vsepd status command with the administrative privileges. The status should be running.