Proofpoint | ObserveIT On-Premises Insider Threat Management

Installing a Unix/Linux Agent

This topic describes how to deploy ObserveIT Agents on Unix/Linux-based system servers which require monitoring.

The Unix or Linux Agent installer is a self-extracting file which includes the package and an installation script.

For a description of the installation script parameters, see Unix Installation Script Parameters.

Unix/Linux Agent installation files are located at /opt/observeit/agent.

The installation of all currently supported Unix/Linux Agents is identical, except for the name of the package; the same installation script can be used for every supported Unix/Linux platform. For a list of currently supported platforms and versions, see Supported Platforms.

The following procedure provides an example of an Ubuntu Linux Agent deployment.

If a security password is required for Agent installation (install -p), you must provide a security password in order to proceed with the installation. For further details, see Enabling Installation Security (in the Configuration Guide).

Installing a Linux Agent

  1. Obtain the ObserveIT Agent installation file and copy it to the server(s).

  2. Log in to the target server with root permissions; or, alternatively, use the pfexec command.

  3. Run the ls –l command and verify that the file has execute permissions (-rwxr-xr-x). Otherwise, use chmod +x for the Agent’s file name.

  4. Run the command:

  5. ./observeit-agent-Ubuntu-12.04-precise-5.8.0.156.run -- -i -s 10.3.0.72

  6. Installation output example:

    Verifying archive integrity... Done.

    Uncompressing ....

    The oit package was not previously installed; performing clean install

    Installing observeit agent

    Successfully registered this machine and saved configuration

    auditing service started/running

    ssh stop/waiting

    ssh start/running, process 26529

  7. After installing the Agent, you should check the Agent's registration and health status, as described in Checking an Agent's Registration and Health Status.

    In order to verify that user activity recording is working properly after the Agent installation, follow the steps described in Verifying Successful User Activity Recording after Installation.

Important Notes

  • If there are no execute permissions on the /tmp directory, installation will fail when the self-extracting script attempts to deploy the packages. To prevent installation failure in this case, run the installation command using the ––target option, as follows:

    ./observeit-agent-Ubuntu-12.04-precise-5.8.0.156.run --target /work/install -- -i -s 10.3.0.72

  • If there is insufficient space in the /tmp folder, then you need to redirect the installation to another directory. In this case, include the –t option in the installation command, as follows:

    ./observeit-agent-Ubuntu-12.04-precise-5.8.0.156.run -- -i -s 10.1.1.1 -t /work/tmp

    where /work/tmp is the location of the new directory.

    If the /work/tmp directory does not exist, you must create it manually

Excluding Processes for ObserveIT Agent for Linux

Some antivirus programs detect executable files as unknown and block them by default. To avoid this, it is recommended that you exclude these processes:

  • /opt/observeit/agent/

  • It is also recommended to exclude the logger process from active scans

    /opt/observeit/agent/bin/logger

version 7.12.4

Copyright © 2022 ObserveIT a division of Proofpoint