Install Linux Endpoint
Ensure prerequisites are in place before you begin the installation and that Linux endpoint machines are up-to-date.
Note: in Linux all file names are case-sensitive.
Currently, the available endpoints supported by Application Control for Linux 2022.3 are:
CentOS 7.x and 8.x
Red Hat 7.x and 8.x
Oracle 7.x and 8.x
If not already completed, transfer the tar archives to your Linux endpoints , using scp or a scp like transfer tool ( example winscp ).
The .tar archives can be found on your backend under this path:
C:\Program Files\Ivanti\ACServer\AC Server\HostedFiles
Where C:\Program Files\Ivanti\ACServer is default install path of AC for Linux
The instructions below assume you will use the AC Manifest functionality to install and setup the engines. Therefore, only the ivanti-ac-agent.tar file needs to be copied to the devices.
For Oracle 7.x and 8.x and Fedora 3x, manifest will not work so also copy the ivanti-ac-engine.tar, from the Oracle-x and respectively Fedora 32 folders.
Install Ivanti Application Control for Linux
CentOS 7 & 8 and Red Hat 7 & 8
Before you begin, please verify the location of the tar archive and decompress:
tar -xvf ivanti-ac-agent.tar
Verify the kernel version of the Linux session: uname -r
Next, follow these steps:
Install the agent as a regular user , using the sudo command : sudo yum install -y ivanti-ac-agent-1.1-1.x86_64.rpm
Navigate to the agent installation folder, cd /opt/ivanti/ac/bin/ and verify the content with an ll or ls command.
Copy the CA.pem from backend, C:\Program Files\Ivanti\ACServer\Certificates, into /opt/ivanti/ac/bin/
Add entry into /etc/hosts , on a sigle line put your backends IP, a space, short name of the backend.
Save the file.
In /opt/ivanti/ac/bin, type pwd to verify your location.
Register agent to backend using this command (put your backend short name after the --host option ), example bellow:
sudo ./stagentctl register --host BDARROW16 --port 3123 --passphrase TestReg --selected-policy acpolicy --issuer-certificate CA.pem
The Linux terminal should return " Agent is fully registered ".
Once you see this text , cat /opt/ivanti/ac/logs/stmqttservice_0.log and inspect log for this text :
You are now connected to the broker.
Wait approximately 10 minutes then check that you have this path on your Linux box :
This means that the engine has been automatically installed via backend manifest deploy action.
Oracle 7.x and 8.x and Fedora 3x
Manifest deploy is not supported yet, so install the agent by hand, first:
sudo yum install -y ivanti-ac-agent-1.1-1.x86_64.rpm
The engine needs to be installed next. Use the following command:
sudo yum install -y ivanti-ac-engine-0.1-1.x86_64.rpm
After these commands are finished, the last output line will appear that tells you the install was successful.
Activate the engine
Use these two commands:
sudo systemctl enable ivanti-ac-engine.service
sudo systemctl start ivanti-ac-engine.service
At this point, Ivanti Application Control for Linux has been fully installed on both the Backend and Linux Endpoint.
To do a quick check, from the backend > main Console > Devices tab, and verify that the new Linux endpoint appears in the list:
Click on the name of the Linux endpoint.
On the Device Summary press on the Refresh Device Details button.
Refresh the page. Hardware and software details of the endpoint should display.
Troubleshooting - please see Ivanti Community, Troubleshooting Application Control for Linux
Application Control for Linux Utilization (opens Application Control Help)