Guest Introspection supports File Introspection in Linux for anti-virus only. To protect Linux VMs using a Guest Introspection security solution, you must install the Guest Introspection thin agent.

The Linux thin agent is available as part of the operating system specific packages (OSPs). The packages are hosted on VMware packages portal. Enterprise or Security Administrator (non-NSX Administrator) can install the agent on guest VMs outside of NSX.

Installing VMware Tools is not required.

Based on your Linux operating system, perform the following steps with root privilege:

Prerequisites

  • Ensure that the guest virtual machine has a supported version of Linux installed:
    • Red Hat Enterprise Linux (RHEL) 7.6, 7.7, 8.2 (64 bit) GA
    • SUSE Linux Enterprise Server (SLES) 12 SP3+, 15 SP1 (64 bit) GA
    • Ubuntu 16.04.5, 16.04.6, 18.04, 20.04 (64 bit) GA
    • CentOS 7.6, 7.7, 8.2 (64 bit) GA

  • Verify glib2 is installed on the Linux VM using following commands:

    • Ubuntu: apt search glib2

    • RHEL: yum/dnf list glib2

    • SLES: zypper search glib2

    • CentOS: yum/dnf list glib2

    If not found, install distro specific packages.

Procedure

  1. For Ubuntu systems
    1. Obtain and import the VMware packaging public keys using the following commands. 
      curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub 
apt-key add VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
    2. Create a new file named vmware.list file under /etc/apt/sources.list.d
    3. Edit the file with the following content:

      For Ubuntu 16.04 

      deb [arch=amd64] https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/ xenial main

      For Ubuntu 18.04 

      deb [arch=amd64] https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/ bionic main

      For Ubuntu 20.04

      deb [arch=amd64] https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/ focal main
    4. Install the package. 
      apt-get update 
apt-get install vmware-nsx-gi-file
  2. For RHEL7 systems
    1. Obtain and import the VMware packaging public keys using the following commands. 
      curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub 
rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
    2. Create a new file named vmware.repo file under /etc/yum.repos.d.
    3. Edit the file with the following content: 
      [vmware]
name = VMware 
baseurl = https://packages.vmware.com/packages/nsx-gi/latest/rhel/x86_64 
enabled = 1 
gpgcheck = 1 
metadata_expire = 86400
ui_repoid_vars = basearch
    4. Install the package. 
      yum install vmware-nsx-gi-file
  3. For SLES systems
    1. Obtain and import the VMware packaging public keys using the following commands. 
      curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub 
rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
    2. Add the following repository: 
      zypper ar -f "https://packages.vmware.com/packages/nsx-gi/latest/sles/x86_64/" VMware
    3. Install the package. 
      zypper install vmware-nsx-gi-file
  4. For CentOS systems
    1. Obtain and import the VMware packaging public keys using the following commands. 
      curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub 
rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
    2. Create a new file named vmware.repo file under /etc/yum.repos.d.
    3. Edit the file with the following content: 
      [vmware]
name = VMware 
baseurl = https://packages.vmware.com/packages/nsx-gi/latest/centos/x86_64 
enabled = 1 
gpgcheck = 1 
metadata_expire = 86400
ui_repoid_vars = basearch
    4. Install the package. 
      yum install vmware-nsx-gi-file

What to do next

Verify whether the thin agent is running using the service vsepd status or systemctl status vsepd command with the administrative privileges. The status must be running.