Install Linux Endpoint

Ensure prerequisites are in place before you begin the installation and that Linux endpoint machines are up-to-date.
Note: in Linux all file names are case-sensitive.

Currently, the available endpoints supported by Application Control for Linux 2024.1 are:

  • CentOS 7.x and 8.x

  • Red Hat 7.x and 8.x

  • Oracle 7.x and 8.x

  • Fedora 3x

If not already completed, transfer the tar archives to your Linux endpoints , using scp or a scp like transfer tool ( example winscp ).

The .tar archives can be found on your backend under this path:

C:\Program Files\Ivanti\ACServer\AC Server\HostedFiles

Where C:\Program Files\Ivanti\ACServer is default install path of AC for Linux

The instructions below assume you will use the AC Manifest functionality to install and setup the engines. Therefore, only the ivanti-ac-agent.tar file needs to be copied to the devices.

For Oracle 7.x and 8.x and Fedora 3x, manifest will not work so also copy the ivanti-ac-engine.tar, from the Oracle-x and respectively Fedora 32 folders.

Install Ivanti Application Control for Linux

CentOS 7 & 8 and Red Hat 7 & 8

Before you begin, please verify the location of the tar archive and decompress:

tar -xvf ivanti-ac-agent.tar

Verify the kernel version of the Linux session: uname -r

Next, follow these steps:

  1. Install the agent as a regular user , using the sudo command : sudo yum install -y ivanti-ac-agent-1.1-1.x86_64.rpm

  2. Navigate to the agent installation folder, cd /opt/ivanti/ac/bin/ and verify the content with an ll or ls command.

  3. Copy the CA.pem from backend, C:\Program Files\Ivanti\ACServer\Certificates, into /opt/ivanti/ac/bin/

    1. Add entry into /etc/hosts , on a sigle line put your backends IP, a space, short name of the backend.

    2. Save the file.

  4. In /opt/ivanti/ac/bin, type pwd to verify your location.

  5. Register agent to backend using this command (put your backend short name after the --host option ), example bellow:

    sudo ./stagentctl register --host BDARROW16 --port 3123 --passphrase TestReg --selected-policy acpolicy --issuer-certificate CA.pem

    • The Linux terminal should return " Agent is fully registered ".

  6. Once you see this text , cat /opt/ivanti/ac/logs/stmqttservice_0.log and inspect log for this text :
    ConnectionState: true

    • You are now connected to the broker.

Wait approximately 10 minutes then check that you have this path on your Linux box :

/opt/ivanti/ac/engines/ivanti-ac-engine-[your-OS]

This means that the engine has been automatically installed via backend manifest deploy action.

Oracle 7.x and 8.x and Fedora 3x

Manifest deploy is not supported yet, so install the agent by hand, first:

sudo yum install -y ivanti-ac-agent-1.1-1.x86_64.rpm

The engine needs to be installed next. Use the following command:

sudo yum install -y ivanti-ac-engine-0.1-1.x86_64.rpm

After these commands are finished, the last output line will appear that tells you the install was successful.

Activate the engine

Use these two commands:

sudo systemctl enable ivanti-ac-engine.service
sudo systemctl start ivanti-ac-engine.service

At this point, Ivanti Application Control for Linux has been fully installed on both the Backend and Linux Endpoint.

To do a quick check, from the backend > main Console > Devices tab, and verify that the new Linux endpoint appears in the list:

  • Click on the name of the Linux endpoint.

  • On the Device Summary press on the Refresh Device Details button.

  • Refresh the page. Hardware and software details of the endpoint should display.

Related topics:

Installation Overview

Prerequisites

Install Windows Server

Uninstall

Troubleshooting - please see Ivanti Community, Troubleshooting Application Control for Linux

Application Control for Linux Utilization (opens Application Control Help)