Linux Go agent installation
This section, will cover the following features of senhasegura.go for Linux:
Target device installation: How to install the agent on target Linux devices and how to link them to senhasegura
Action control at kernel level: How to register protection policies and see in practice their effectiveness
Points of attention and troubleshooting: Some critical points about this solution and correction procedures in cases of configuration mistakes
The senhasegura.go for Linux agent is available through our senhasegura Partner Portal. If you want to use senhasegura.go for Linux on another Linux-based operating system that is not available, contact us via senhasegura PAM Solution so that we can give you specific instructions for each system.
We recommend that you perform a backup or snapshot of the device to receive the installation of senhasegura.go for Linux. Some kernels are customized or contain unknown drivers that can affect the behavior of this solution.
Linux Go Agent Dependencies
For this installation will be used the Debian operating system as an example.
Make sure your system has installed the following packages: GCC
, make
, DKMS
, linux-headers
1, libjansson4
, libcurl4
and libconfig9
.
In the case of Debian, run the command below to ensure its installation:
$ sudo apt-get install gcc make dkms linux-headers-$(uname -r) libjansson4 libcurl4 libconfig9
The kernel version must be the same version available from linux-headers. Use the following command to check the available packages:
apt list -a linux-headers*
Linux Go Instaler
Once the dependencies are met, run the installer secpack-installer.run
.
$ sudo /bin/bash secpack-installer.run
The installation will display several messages informing you of the tasks being performed. These messages will be necessary if an error occurs. If completed successfully,
the message Installation completed!
It will be displayed. Otherwise, contact us with the outputs presented during the installation process in hand so that we can support you.
Once installed, it is necessary to configure it with the connection data WebService created previously.
Edit the file /etc/senhasegura/secpack.conf
and fill in the fields below with the requested values.
iso_http_address: URL of the WebService. As usual, it will be the URL you use to access the senhasegura web interface, that can be found in orbit ➔ settings application ➔ application url plus the suffix
/iso
. example:https://senhasegura.mycompany/iso
.iso_oauth_key: Customer identifier WebService created earlier.
iso_oauth_token: Client token WebService created earlier.
The key and token are the secrets used to enable connection between the senhasegura server and the workstations. You can find the key and token on Settings ➔ Services ➔ API ➔ Clients
Now we will request registration of this device from senhasegura by executing the command secpack-register
with a privileged user.
$ sudo secpack-register
Suppose you receive the error message Failed to sign workstation. - as shown below - check that the client WebService configuration steps have been correctly performed and that the target device has access to senhasegura via HTTPS connection (443).
root\@debian:/root# secpack-register
senhasegura security pack v1.0.0-1
Failed to sign workstation.
If successful, you will receive the message This device was registered successfully., As in the example below:
root\@debian:/root# secpack-register
senhasegura security pack v1.0.0-1
ERROR: 1002: Registration of pending approval workstation
Adding group gonix \...
This device was registered successfully.
The message ERROR: 1002: Registration of pending approval workstation indicates that the senhasegura manager has not yet approved this device to receive lock and audit information.
Validation
Once installed, the secpack-maestro
service must be running. Validate it with the command service secpack-maestro status
.
The error message 2037: Incorrectly informed users occurs when no user present on the device correlates with approved users in the senhasegura.go for Linux administrative interface in senhasegura. We will resolve this later.
Only validate that the service uses the Loaded and Active policies.
- Find the best reference for your operating system↩