Guest Introspection supports File Introspection in Linux for anti-virus only. To protect Linux VMs using a Guest Introspection security solution, you must install the Guest Introspection thin agent.
The Linux thin agent is available as part of the operating system specific packages (OSPs). The packages are hosted on VMware packages portal. Enterprise or Security Administrator (non-NSX Administrator) can install the agent on guest VMs outside of NSX.
Installing VMware Tools is not required.
Based on your Linux operating system, perform the following steps with root privilege:
Prerequisites
- Ensure that the guest virtual machine has a supported version of Linux installed:
- Red Hat Enterprise Linux (RHEL) 7.6, 7.7, 8.2 (64 bit) GA
- SUSE Linux Enterprise Server (SLES) 12 SP3+, 15 SP1 (64 bit) GA
- Ubuntu 16.04.5, 16.04.6, 18.04, 20.04 (64 bit) GA
- CentOS 7.6, 7.7, 8.2 (64 bit) GA
- Verify GLib 2.0 is installed on the Linux VM.
Procedure
- For Ubuntu systems
- Obtain and import the VMware packaging public keys using the following commands.
curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub apt-key add VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
- Create a new file named vmware.list file under /etc/apt/sources.list.d
- Edit the file with the following content:
For Ubuntu 16.04
deb [arch=amd64] https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/ xenial main
For Ubuntu 18.04
deb [arch=amd64] https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/ bionic main
For Ubuntu 20.04
deb [arch=amd64] https://packages.vmware.com/packages/nsx-gi/latest/ubuntu/ focal main
- Install the package.
apt-get update apt-get install vmware-nsx-gi-file
- Obtain and import the VMware packaging public keys using the following commands.
- For RHEL7 systems
- Obtain and import the VMware packaging public keys using the following commands.
curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
- Create a new file named vmware.repo file under /etc/yum.repos.d.
- Edit the file with the following content:
[vmware] name = VMware baseurl = https://packages.vmware.com/packages/nsx-gi/latest/rhel/x86_64 enabled = 1 gpgcheck = 1 metadata_expire = 86400 ui_repoid_vars = basearch
- Install the package.
yum install vmware-nsx-gi-file
- Obtain and import the VMware packaging public keys using the following commands.
- For SLES systems
- Obtain and import the VMware packaging public keys using the following commands.
curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
- Add the following repository:
zypper ar -f "https://packages.vmware.com/packages/nsx-gi/latest/sles/x86_64/" VMware
- Install the package.
zypper install vmware-nsx-gi-file
- Obtain and import the VMware packaging public keys using the following commands.
- For CentOS systems
- Obtain and import the VMware packaging public keys using the following commands.
curl -O https://packages.vmware.com/packages/nsx-gi/keys/VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub rpm --import VMWARE-PACKAGING-NSX-GI-GPG-RSA-KEY.pub
- Create a new file named vmware.repo file under /etc/yum.repos.d.
- Edit the file with the following content:
[vmware] name = VMware baseurl = https://packages.vmware.com/packages/nsx-gi/latest/centos/x86_64 enabled = 1 gpgcheck = 1 metadata_expire = 86400 ui_repoid_vars = basearch
- Install the package.
zypper install vmware-nsx-gi-file
- Obtain and import the VMware packaging public keys using the following commands.
What to do next
Verify whether the thin agent is running using the service vsepd status or systemctl status vsepdcommand with the administrative privileges. The status must be running.