Install Application Control for Linux

Here are the steps to install Application Control for Linux.

Ensure prerequisites are in place before you begin the installation and that Linux endpoint machines are up-to-date.
Note: in Linux all file names are case-sensitive.

Also, please ensure that no previous installations of Mosquitto are present on your server, also any residual folder (C:\Program Files\mosquitto) needs to be deleted prior to AC for Linux installation.

Workflow

  1. Deploy Master Installer from your Application Control for Linux installation kit.

  2. C++ redistributable will be checked and if not found will be installed for you.

  3. Mosquitto will be installed for you. (Please ensure that no previous installations of Mosquitto are present on your server, also any residual folder ( C:\Program Files\mosquitto ) needs to be deleted prior to AC for Linux installation.)

  4. .NET 5 Windows Server Hosting will be installed for you.

At this step you need to enter SQL connection string. There are two options:

If you opt for Windows Authentication, your DBA needs to create an valid login for your backend machine that looks like this: Domain\backend_name$

  1. On the DB server, open a SQL manager with your sysadmin login ; expand Security; expand Logins; Right click on Logins and choose New Login.

  2. Choose Windows Auth as the connection method and complete Login Name with your Domain\backend_name$

    Note: Don't use search, AD will not resolve the name.

  3. On Server Roles, assign public and dbcreator roles.

  4. Once the setup on the DB server is finished, in AC for Linux Validate step, insert Data Source=Instancename;;Trusted_Connection=True;

If you opt for SQL auth (with sa and password):

  1. For SA, here is an example : Data Source=Instancename;;User Id=sa;;Password=myPassword;

  2. Press on Validate button.

Once this has been validated, the next button will became available.

Application Control for Linux is now installing all the necessary bits, such as certificates and IIS site is configured for your convenience.

Once the installation is complete you will be prompted to close the installer and to open the install log if you wish to do so. If not, once you press "close" installer will exit.

Access and Database Auto-Configuration

Depending on what you have chosen to do, there are options for configuration.

Remote Database Server

If you have opted for DB WIN AUTH with remote database server --or-- DB SA AUTH

  1. Open up a browser and type in https://localhost:5001/home. This should open up the UI WEB Console for AC for Linux.

  2. Once the interface has popped up, the database of the app, called AcDatabase, has also been generated and can be accessed and interrogated on your SQL

Local Database Instance

If you opted for DB WIN AUTH but with a local database instance (the database instance installed on the same WIN Server as your Backend).

  1. Open IIS Manager; Expand Application Pools; Select NetcorePool; choose Advanced Settings from the right panel; modify Identity to Local Service (as you are running a local DB instance).

  2. Open up a browser and type in https://localhost:5001/home. This should open up the UI WEB Console for AC for Linux.

  3. Once the interface has popped up, the DB of the app, called AcDatabase, has also been generated and can be accessed and interrogated on your SQL server.

Next Steps

From the start menu, open the AF server executable as an administrator. A console appears, stating that SSL communication is ready and connection policy has been created.

"Starting test console.

Press any key to exit.

1/17/2022 12:17:33 PM: ==> Started OAuth Service.

Started apis at https://+:3123/st/console/privateapi

Detected a fresh install, reinstalling policy

Queueing policy for removal

 

No policy to delete

Read certificate from : C:\\Program Files\\mosquitto\\server.crt

Policy written to: C:\Program Files\Ivanti\ACServer\AF Server\..\AC Server\HostedFiles\policy.zip

Adding policy:

Policy: name='AcPolicy', id='381bfc9b-fa13-4c2d-8c8d-cb48d5eb1023', version='1'

1/17/2022 12:17:34 PM: ==> Started Registration Service.

1/17/2022 12:17:34 PM: ==> Started Agent State Service.

1/17/2022 12:17:34 PM: ==> Started Results Service.

1/17/2022 12:17:34 PM: ==> Started Custom Results Service. "

The AF server needs to remain open for communication between the Windows Backend and the Registered Linux Endpoints to function properly.

Finishing

At this point, if the above steps have been followed:

  • The IIS site is created and configured.

  • WEB UI Console has been started in your browser by accessing https://localhost:5001

  • The application database, called AcDatabase, has been created and configured and can be interrogated via an MSSQL management tool.

  • AF server console has been started as administrator and the communication channels are all configured.

Warning: if the Advanced settings / server logs are not being pulled, you need to stop the ISS, stop the AF server, start the ISS, refresh the page in the WEB UI, then start AF server as admin once more

Finally, transfer the tar archives to your Linux endpoints, using scp or a scp-like transfer tool (example winscp). You will now find them on your Windows Backend Server in a path similar to the following:

C:\Program Files\Ivanti\AC Server\HostedFiles\centos-8