Wiki source code of Unix Agent installieren

Last modified by Sabrina V. on 2025/11/20 07:19

version	line-number	content
1.1	1	{{aagon.floatingbox/}}
	2
	3	(% class="wikigeneratedid" %)
22.1	4	The Unix Agent is the completely renewed and technically revised further development of the Linux and Mac agents. The agent can be deployed and installed without Python using a supplied Client Command. The inventory data is transmitted to the ACMP Server in full and updated.
1.1	5
22.1	6	= Installation requirements =
1.1	7
22.1	8	There are several requirements for you and your system for installing the Unix Agent.
1.1	9
22.1	10	=== Requirements for your knowledge of ACMP ===
1.1	11
22.1	12	* You have a basic understanding of how to configure SICS.
	13	* You know how to import Client Commands into ACMP.
	14	* You know how to execute Client Commands.
1.1	15
22.1	16	=== Requirements for your environment ===
1.1	17
22.1	18	* ACMP is installed.
	19	* SICS is installed on a server.
	20	* The ACMP Server is connected to SICS.
	21	* SICS users are allowed to access the public API.
1.1	22
22.1	23	=== Requirements for your MacOS and Linux systems ===
1.1	24
22.1	25	Our [[general system requirements>>https://www.aagon.com/produkte/ueberblick/systemanforderungen-acmp/#c4421]] provide an overview of all tested distributions.
1.1	26
22.1	27	In addition, certain settings are required on your systems:
1.1	28
22.1	29	* An installed SSH server that is accessible from outside (important for agent distribution).
	30	* Root must be able to log in from outside via ssh or, alternatively, a user who can obtain root rights via sudo (sudo must be installed for the alternative).
	31	* Linux and MacOS Clients must be able to reach SICS via Rest (any firewalls must allow port 3950).
	32	* Firewall settings for SICS must be customizable if necessary.
1.1	33
22.1	34	= Installation with the Client Command =
16.1	35
22.1	36	An existing SICS connection to the ACMP server is required to install the Unix Agent. If you have not yet configured a SICS connection, you must do so first. Instructions for configuring the SICS connection can be found in the section [[Configuring the SICS connection>>doc:AESB.19.AESB installieren, konfigurieren und aktualisieren.SICS-Verbindung konfigurieren.WebHome]].
1.1	37
22.1	38	The Unix Agent is installed using a Client Command in ACMP. To do this, the Client Command must first be imported and released.
1.1	39
	40	{{aagon.warnungsbox}}
22.1	41	Installing the Unix Agent stops and removes the Linux Agent.
1.1	42
22.1	43	The ClientID used by the Linux Agent is retained and reused by the Unix Agent.
1.1	44	{{/aagon.warnungsbox}}
	45
22.1	46	=== Import and release Client Command ===
1.1	47
22.1	48	The file for the required Client Command of the Unix Agent is named as in the following example:
1.1	49
	50	{{{ACMP Unix Agent verteilen & Inventory__{1F5A4238-731B-44B6-84F0-3EFB8F2D3222}.sim}}}
	51
22.1	52	For information on how to import and release a Client Command in ACMP, refer to the section [[Create Client Commands>>doc:ACMP.67.ACMP-Solutions.Client Commands.Client Command erstellen.WebHome\|\|anchor="HImport"]] .
1.1	53
22.1	54	=== Execute Client Command ===
1.1	55
22.1	56	After you have released the Client Command, you can execute it.
1.1	57
22.1	58	In the ACMP Console, navigate to Client Commands > Execute. Then double-click to select the Client Command for the Unix Agent.
1.1	59
22.1	60	In the dialog window that opens, click the //Execute// button. The Client Command interface opens, where you can configure the installation of the Unix Agent.
1.1	61
22.1	62	[[Configuring the Unix Agent using the Client Command>>image:Unix Agent - Fallback-SICS.png\|\|alt="“Configuring" data-xwiki-image-style-alignment="center" height="600" width="480"]]
1.1	63
22.1	64	= Configuring the Unix Agent =
1.1	65
22.1	66	For the configuration of the Unix Agent, there are various areas in the Client Command where you can make specific settings.
1.1	67
22.1	68	=== SSH credentials ===
1.1	69
22.1	70	The Unix Agent is transferred to the target computers via SSH; valid user data must be entered accordingly. Unlike the Linux Agent, the Unix Agent transfers the scan data directly to the ACMP Server.
16.1	71
	72	{{aagon.warnungsbox}}
22.1	73	The user whose user data is specified as SSH credentials for the installation must be created on each of the target computers and have “sudo” rights (superuser do) there.
16.1	74	{{/aagon.warnungsbox}}
	75
22.1	76	=== Select Clients ===
16.1	77
22.1	78	In the upper right corner of the dialog window, you can use the IPv4 address to specify the clients on which the Unix Agent is to be deployed. To do this, you can either specify an IPv4 range or compile a list of IPv4 addresses.
16.1	79
22.1	80	=== Specify SICS credentials ===
1.1	81
22.1	82	To install the Unix Agent on the target computers, you must specify your SICS session data. The specified endpoint must be in the format //wss:~/~/ipaddress:port//. Please note that all target computers must have access to this endpoint. You assigned the continuing user data to the operator during the AESB installation.
1.1	83
22.1	84	You can also specify multiple fallback SICS connections in the tabs. If the primary SICS connection fails and cannot be used, an attempt is made to establish a connection to another defined SICS and to carry out the transfer via one of the fallback connections. The list of fallback SICS connections is used continuously, starting with fallback SICS #1, until a connection to one of the defined fallback SICS connections can be established or there are no more fallback connections in the list.
16.1	85
22.1	86	{{aagon.infobox}}
	87	If the connection to one of the defined fallback SICS could be established successfully, the connection is maintained until the next restart.
	88	{{/aagon.infobox}}
16.1	89
22.1	90	=== Options ===
16.1	91
22.1	92	In the //Options //area, you can configure settings for logging and specify the mode in which the agent should be executed.
1.1	93
22.1	94	Enable logging
1.1	95
22.1	96	By selecting the //Enable logging// option, you can load the logs to your machine (or the machine with the ACMP Console) after installation or execution. Enabling logging is already available at this point in the Client Command and can be useful, as errors may occur during installation or execution as Inventory One-Time-Scan.
1.1	97
22.1	98	One-time scan
1.1	99
22.1	100	For a one-time inventory of a client, the agent can be executed in //One-time scan// mode. The Unix agent is now transferred to the target computer and started. After the scanner has been executed successfully, the agent is removed from the system again. To ensure that the new results can be assigned accordingly when the //One-time scan// mode is executed again, the ClientID remains on the client. You can find this under the path: ##/etc/aagon/ACMPUnixAgent/agentId##
1.1	101
22.1	102	Agent installation
1.1	103
22.1	104	To install the Unix Agent as a permanent resource, you can execute the agent in the //Agent Installation// mode. The Unix Agent is now transferred to the target computer and registered as a service. Following installation, the agent starts automatically and obtains its configuration from ACMP within 10 minutes. The agent is now entered as a client in ACMP and contains the basic client details. The execution file can be found under the path: ##/usr/local/sbin/aagon/ACMPUnixAgent/##
1.1	105
22.1	106	The agent also uses another directory to store various resources that are relevant to the agent. This directory can be found under the path:## /etc/aagon/ACMPUnixAgent/##
1.1	107
22.1	108	The Agent Tasks templates are used to execute the scanners. These can be used in exactly the same way as with the ACMP Windows Agent (Container). The following jobs are currently taken into account within the Agent Tasks:
1.1	109
22.1	110	* System scanner
	111	* Software scanner
	112	* Update settings
1.1	113
22.1	114	Uninstall agent
1.1	115
22.1	116	To uninstall the Unix agent as a service, you can execute the agent in the //Uninstall agent// mode. The registered Unix agent service is now removed from the target computer together with the execution file.
1.1	117
22.1	118	=== Activated scanners ===
1.1	119
22.1	120	In the //Activated Scanners// area, you can disable individual scanners. This is useful if you do not need certain information or if problems occur with one or more scanners.
1.1	121
22.1	122	=== Client Command Settings ===
1.1	123
22.1	124	By clicking the checkbox in the CC Settings area, you can specify that no confidential information (e.g., passwords) is stored in the Client Command.
1.1	125
22.1	126	=== Feedback on execution ===
1.1	127
22.1	128	After executing the Client Command, a dialog window will appear informing you whether the Client Command was executed successfully. The number of processed Clients is displayed, along with information on whether connection errors (SSH errors) were detected.
1.1	129
	130	{{figure}}
22.1	131	[[image:CC_Erfolgsmeldung.png\|\|alt="“Success" data-xwiki-image-style-alignment="“center”"]]
1.1	132
	133	{{figureCaption}}
22.1	134	Success message about installation of the Unix Agent
1.1	135	{{/figureCaption}}
	136	{{/figure}}
	137
	138	= Logging =
	139
22.1	140	If connection errors occur during the execution of the Unix Agent, these errors are written to the file ##SSH_Errors.log## and to the log of the Client Command. You can find the file either in the default folder ##C:\Logs## or in the directory you specified for logging the Unix Agent.
1.1	141
	142	{{aagon.infobox}}
22.1	143	These connection errors do not cause the Client Command to be terminated. Therefore, these errors are not displayed if you have selected the logging setting //Only on errors //for the console log.
1.1	144	{{/aagon.infobox}}
	145
22.1	146	If you would like to receive immediate feedback about possible connection errors after executing the Client Command, you should either select the //Always //option for the console log settings or check the file ##SSH_Errors.log##.
1.1	147
	148	= Troubleshooting =
	149
22.1	150	Below you will find solutions to various problems that may occur during the installation of the Unix Agent.
1.1	151
	152	----
	153
22.1	154	Symptom: The Unix Agent could not be deployed on the Clients and no errors are displayed in the log.
1.1	155
22.1	156	Cause: The Unix Agent does not yet exist as a service, so no errors can be written to the log.
1.1	157
22.1	158	Action: Start troubleshooting in your system's journalctl and find entries for the failed installation of the Unix Agent.
1.1	159
	160	----
	161
22.1	162	Symptom: After distributing the Unix Agent using the Client Command, the Unix client does not appear in ACMP.
1.1	163
22.1	164	Cause: An error occurred during the execution of the Client Command, but was not immediately apparent due to the settings.
1.1	165
22.1	166	Action: In the properties of the Client Command in the plugin //Options //in the Combobox //Show console log// enable the option //Only on errors// and confirm the
	167	dialog with //OK//. After executing the Client Command again, a console log should now be displayed in the event of an error, which may provide information about the cause of the problem.
1.1	168
22.1	169	If the Unix systems still do not appear in ACMP, there may be many reasons for this. It is therefore recommended to activate logging for the agent and the SICS. Then go through the chain from start to end.
1.1	170
	171	----
	172
22.1	173	Symptom: After distributing the Unix Agent using the Client Command, the Unix client does not appear in ACMP. The error “Invalid input detected: endpoint” is displayed in the SmartInspect log.
1.1	174
22.1	175	Cause: An error occurred during the connection to SICS because the protocol may not have been prefixed during the connection. You can see this in the SmartInspect log in the row //Application settings//: ##“SicsEndpoint: <AESB-SICS-NAME_IP>:3950”##
1.1	176
22.1	177	Action: Make sure that the SICS endpoint is set to ##wss:~/~/<AESB-SICS-NAME_IP>:3950## and not just ##<AESB-SICS-NAME_IP>:3950##
1.1	178
	179	----
	180
22.1	181	Symptom: The Unix Agent is not located on the target system at the following location: ##/usr/local/sbin/aagon/ACMPUnixAgent.##
1.1	182
22.1	183	Cause: There may be several causes for this problem:
1.1	184
22.1	185	* The login user is not allowed to obtain root rights via sudo.
	186	* The user has root rights, but root is not allowed to log in via SSH.
	187	* The user has root rights and root is not allowed to log in via SSH, but the SSH daemon is not running properly.
1.1	188
22.1	189	Action: Make sure that the SSH user is allowed to log in via SSH and can obtain root rights.
1.1	190
	191	----
	192
22.1	193	Symptom: The Unix agent starts but does not reach the //running// status.
1.1	194
22.1	195	Cause: The agent does not seem to be able to connect to SICS.
1.1	196
22.1	197	Action: Check whether the network connection to SICS is working. If this does not solve the problem, enable logging in the Client Command and perform the action again. Then look for error messages in the output.
1.1	198
	199	----
	200
22.1	201	Symptom: The agent is not started at system start.
1.1	202
22.1	203	Cause: Something went wrong when setting up or starting the service.
1.1	204
22.1	205	Action: Execute the Client Command for installing the Unix Agent again.
1.1	206
	207	----
	208
22.1	209	Symptom: The Unix Agent is running, but the corresponding Unix client does not appear in an ACMP query.
1.1	210
22.1	211	Cause: The SICS cannot forward the scan data of the Unix Agent to the ACMP Server because the connection is not available.
1.1	212
22.1	213	Action: Check in the ACMP Console settings whether the SICS connection of the ACMP Server is still working (in the ACMP Server / SICS connection plugin) and whether the checkbox for SICS users to access the public API is activated. Further information on this problem can be found in the log of the ACMP Server or the Unix Agent.
1.1	214
	215	----
	216
22.1	217	Symptom: The Unix client appears in an ACMP query, but no scan data is available.
1.1	218
22.1	219	Cause: During installation, the system waits between 2 and 10 minutes until the scan settings for this Unix client are retrieved by sending a request to the ACMP Server.
1.1	220
22.1	221	Action: If necessary, wait a little longer until the scan data has been loaded. If no scan data appears after significantly more than 10 minutes, you should enable logging for all components involved and check the entire chain from start to end for errors.
	222
	223	= Administration of Linux and MacOS Clients =
	224
	225	Previously, clients running Linux or macOS could only be detected and inventoried with the Unix Agent. They could not, however, be administered, and no shell scripts or jobs could be executed on these clients. Now, newly detected Linux and macOS clients can be managed if inventoried using the Unix Agent. This also enables the automated, time-controlled execution of Unix scripts as jobs. For more info, see the section [[Unix Scripts>>doc:ACMP.68.ACMP-Solutions.Desktop Automation.Unix Scripts.WebHome]].
	226
	227	(% class="box infomessage" %)
	228	(((
	229	[[image:https://doc.aagon.com/bin/download/XWiki/Aagon Infobox/WebHome/Information.svg\|\|alt="Hinweis" height="32" width="32"]] Note:
	230
	231	All Linux and MacOS clients that are registered with Unix Agent version 1.10 or older cannot be managed. To make your Linux or MacOS clients manageable, register them again via the Unix Agent.
	232	)))