How to Install Security Controls Agent from the Console
Your Linux target machines must be properly configured before you can perform a push install of an agent. See System Requirements for more details.
Show Me!
A video tutorial is available on this topic. To access the video, click the following link:
Overview Information
You can use the console to "push install" the Security Controls Agent to connected target machines. In order to perform the push install, each target machine must be online and have an active network connection to the console during the Security Controls Agent installation. This connection is required in order to exchange security information that will be used to establish an encrypted link for all future communication between the console and its agents. The agent machines must also be able to perform name resolution in order to locate the console machine. See Assigning Aliases to the Console to see how to add trusted names and IP addresses contained in the certificate that is exchanged between the agent and the console to establish a secure TLS connection.
You must have the proper credentials in order to authenticate to each of the target machines. See Credential Precedence for details.
Some target machines may have a firewall enabled that blocks the incoming ports required to install Security Controls Agent. On these machines you must manually install Security Controls Agent. See Manually Installing Agents for details.
Installing an agent on a distribution server is a special case that requires the server machine's SYSTEM account to have read access to the distribution server folder. See Configuring System Account Permissions for details.
You can perform a push install of the Security Controls Agent service two different ways from the console.
For Machines That Have Been Previously Scanned
You can install agents onto machines that have been previously scanned and that are contained in the program database.
- Go to either Machine View or Scan View.
- Right-click the desired machines, select Agents > Install/Reinstall with Policy and then select the desired agent policy.
For Machines That Have Not Been Previously Scanned
You can install agents on machines that have not been previously scanned and are therefore not contained in the machine database. You simply create a machine group that contains all the machines that will run a particular agent policy and then use the Install / Reinstall Agent button to install an agent policy on those machines.
There are a couple of caveats:
- The machines must be added to the machine group using a machine name, domain name, or IP address. You cannot use the Install / Reinstall Agent button to install agents on machines that were added as organizational units, nested groups, or IP address ranges.
- The machines must be online and connected to the network. If the console cannot make a connection to a machine the install will fail for that machine.
You will be prompted to select the policy you want installed. See Creating A New Agent Policy for information on configuring policies.
The following occurs when you push install the Security Controls Agent service to a machine:
- The Operations Monitor is displayed and shows the status of the installation request.
- You can verify the installation was successful by doing the following:
- By using Machine View to check the status of the machine. You'll have to wait until the next time the agent machine checks in with the console, but once that occurs, the Agent State column should indicate that the machine contains an agent.
- By using the Service Control Manager on the agent machine to verify that the agent services are running (stDispatch, stAgent).
- Once the Security Controls Agent configuration is successfully installed on a target machine, the agent is automatically started on the machine. See Using Agents on a Target Machine for information on using the agent.
- After an agent is installed on a machine, that machine becomes a managed machine and can be viewed using Machine View.