Guest Introspection supports File Introspection in Linux for anti-virus only. To protect Linux VMs using a Guest Introspection security solution, you must install the Guest Introspection thin agent.

The Linux thin agent is available as part of the operating system specific packages (OSPs). The packages are hosted on VMware packages portal. Enterprise or Security Administrator (non-NSX Administrator) can install the agent on guest VMs outside of NSX.

Installing VMware Tools is not required.

Based on your Linux operating system, perform the following steps with root privilege:

Prerequisites

  • Ensure that the guest virtual machine has a supported version of Linux installed:
    • Red Hat Enterprise Linux (RHEL) 7.4 (64 bit) GA
    • SUSE Linux Enterprise Server (SLES) 12 (64 bit) GA
    • Ubuntu 16.04.5 LTS (64 bit) GA
    • CentOS 7.4 GA
  • Verify GLib 2.0 is installed on the Linux VM.

Procedure

  1. For Ubuntu systems
    1. Obtain and import the VMware packaging public keys using the following commands.
      curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub 
      apt-key add VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
    2. Create a new file named vmware.list file under /etc/apt/sources.list.d
    3. Edit the file with the following content:
      deb [arch=amd64] https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/ xenial main
    4. Install the package.
      apt-get update 
      apt-get install vmware-nsx-gi-file
  2. For RHEL7 systems
    1. Obtain and import the VMware packaging public keys using the following commands.
      curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub 
      rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
    2. Create a new file named vmware.repo file under /etc/yum.repos.d.
    3. Edit the file with the following content:
      [vmware]
      name = VMware 
      baseurl = https://packages.vmware.com/packages/nsx-gi/latest/rhel7/x86_64 
      enabled = 1 
      gpgcheck = 1 
      metadata_expire = 86400
      ui_repoid_vars = basearch
  3. Install the package.
    yum install vmware-nsx-gi-file
  4. For SLES systems
    1. Obtain and import the VMware packaging public keys using the following commands.
      curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub 
      rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
    2. Add the following repository:
      zypper ar -f "https://packages.vmware.com/packages/nsx-gi/latest/sle12/x86_64/" VMware
    3. Install the package.
      zypper install vmware-nsx-gi-file
  5. For CentOS systems
    1. Obtain and import the VMware packaging public keys using the following commands.
      curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub 
      rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
    2. Create a new file named vmware.repo file under /etc/yum.repos.d.
    3. Edit the file with the following content:
      [vmware]
      name = VMware 
      baseurl = https://packages.vmware.com/packages/nsx-gi/latest/centos7/x86_64 
      enabled = 1 
      gpgcheck = 1 
      metadata_expire = 86400
      ui_repoid_vars = basearch

What to do next

Verify whether the thin agent is running using the service vsepd status command with the administrative privileges. The status must be running.