Guest Introspection supports file introspection feature for guest virtual machines having Linux operating system. File introspection offloads file scanning from a production VM to a dedicated partner security appliance SVM or DLP, a VMware appliance running on the same host. Guest Introspection supports file Introspection in Linux for anti-virus only.

About this task

Linux thin agent is available as part of the VMware Tools operating system specific packages (OSPs). Linux thin agent installation/upgrade is not connected to NSX installation/upgrade. Also, Enterprise/Security Administrator (non-NSX Administrator) can install the agent on guest VMs outside of NSX.

To install Linux thin agent on RHEL/SLES systems, use the RPM package. To install Linux thin agent on Ubuntu systems, use the DEB package.

Prerequisites

Ensure that the guest virtual machine has ESX 5.1 or later and a supported version of Linux installed. The following Linux operating systems are supported for NSX Guest Introspection:

  • RHEL 7 GA (64 bit)

  • SLES 12 GA (64 bit)

  • Ubuntu 14.04 LTS (64 bit )

Note:

Linux thin agent requires GLib 2.0 to be installed on the target system.

Procedure

Based on your Linux operating system, perform the following steps with root privilege:
  • For Ubuntu systems:

    1. Obtain and import the VMware packaging public keys using the following commands:

      curl -O https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
      
      apt-key add VMWARE-PACKAGING-GPG-RSA-KEY.pub

    2. Create a new file named vm.list file under /etc/apt/sources.list.d.

    3. Edit the file with the following content:

      vi /etc/apt/sources.list.d/vm.list
      deb https://packages.vmware.com/packages/ubuntu/ trusty main

    4. Now, install the package as follows:

      apt-get update
      apt-get install vmware-nsx-gi-file

  • For RHEL7 systems:

    1. Obtain and import the VMware packaging public keys using the following commands:

      curl -O https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
      
      rpm --import VMWARE-PACKAGING-GPG-RSA-KEY.pub

    2. Create a new file named vm.repo file under /etc/yum.repos.d.

    3. Edit the file with the following content:

      vi /etc/yum.repos.d/vm.repo
      [vm]
      name = VMware
      baseurl = https://packages.vmware.com/packages/rhel7/x86_64
      enabled = 1
      gpgcheck = 1
      metadata_expire = 86400
      ui_repoid_vars = basearch
      

    4. Now, install the package as follows:

      yum install vmware-nsx-gi-file

  • For SLES systems:

    1. Obtain and import the VMware packaging public keys using the following commands:

      curl -O https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub
      
      rpm --import VMWARE-PACKAGING-GPG-RSA-KEY.pub

    2. Add the following repository:

      zypper ar -f "https://packages.vmware.com/packages/sle12/x86_64/" VMware

    3. Now, install the package as follows:

      zypper install vmware-nsx-gi-file

What to do next

Check if the thin agent is running using the service vsepd status command with the administrative privileges. The status should be running.