Guest Introspection supports File Introspection in Linux for anti-virus only. To protect Linux VMs using a Guest Introspection security solution, you must install the Guest Introspection thin agent.

The GI thin agent is available as part of the VMware Tools operating system-specific packages (OSPs). Installing VMware Tools is not required. GI thin agent installation and upgrade is not connected to NSX installation and upgrade. Also, Enterprise or Security Administrator (non-NSX Administrator) can install the agent on guest VMs outside of NSX.

To install the GI thin agent on RHEL, CentOS, and SLES Linux systems, use the RPM package. To install the GI thin agent on Ubuntu Linux systems, use the DEB package.

For Windows instructions, see Install the Guest Introspection Thin Agent on Windows Virtual Machines.

Prerequisites

  • Ensure that the guest virtual machine has a supported version of Linux installed:
    • Red Hat Enterprise Linux (RHEL) 7.0–7.4 GA (64 bit).
    • CentOS 7.4 GA.
    • SUSE Linux Enterprise Server (SLES) 12 GA (64 bit).
    • Ubuntu 16.04.5 LTS GA (64 bit).
    • Ubuntu 14.04 LTS GA (64 bit).
    Note: Starting in NSX 6.4.6, support for Ubuntu 14.04 and RHEL 7.0–7.3 is deprecated. NSX 6.4.6 and later supports Ubuntu 16.04.5 and RHEL 7.4.
  • Verify that GLib 2.0 is installed on the Linux VM.

Procedure

  • Based on your Linux operating system, perform the following steps with a root privilege:
    • For Ubuntu systems:
      1. Obtain and import the VMware packaging public keys using the following commands:
        curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
        
        apt-key add VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
      2. Create a new file named vm.list file under /etc/apt/sources.list.d.
      3. Edit the file with the following content:
        deb https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/dists xenial main
      4. Install the package:
        apt-get update
        apt-get install vmware-nsx-gi-file
    • For RHEL7 systems:
      1. Obtain and import the VMware packaging public keys using the following commands:
        curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
        
        rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
      2. Create a new file named vm.repo file under /etc/yum.repos.d.
      3. Edit the file with the following content:
        [vmware]
        name = VMware
        baseurl = https://packages.vmware.com/packages/nsx-gi/latest/rhel/x86_64
        enabled = 1
        gpgcheck = 1
        metadata_expire = 86400
        ui_repoid_vars = basearch
        
      4. Install the package:
        yum install vmware-nsx-gi-file
    • For SLES systems:
      1. Obtain and import the VMware packaging public keys using the following commands:
        curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
        
        rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
      2. Add the following repository:
        zypper ar -f "https://packages.vmware.com/packages/nsx-gi/latest/sles12/x86_64/" VMware
      3. Install the package:
        zypper install vmware-nsx-gi-file
    • For CentOS systems:
      1. Obtain and import the VMware packaging public keys using the following commands:
        curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
        rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
      2. Create a new file named vmware.repo file under /etc/yum.repos.d.
      3. Edit the file with the following content:
        [vmware]
        name = VMware
        baseurl = https://packages.vmware.com/packages/nsx-gi/latest/centos7/x86_64
        enabled = 1
        gpgcheck = 1
        metadata_expire = 86400
        ui_repoid_vars = basearch
        

What to do next

Check if the thin agent is running using the service vsepd status command with the administrative privileges. The status should be running.