Skip to main content
Version: 3.25

Agent installation

This section, will cover the following features of senhasegura.go for Linux:

  • Target device installation: How to install the agent on target Linux devices and how to link them to senhasegura

  • Action control at kernel level: How to register protection policies and see in practice their effectiveness

  • Points of attention and troubleshooting: Some critical points about this solution and correction procedures in cases of configuration mistakes


The senhasegura.go for Linux agent is available through our senhasegura Partner Portal. If you want to use senhasegura.go for Linux on another Linux-based operating system that is not available, contact us via senhasegura PAM Solution so that we can give you specific instructions for each system.


We recommend that you perform a backup or snapshot of the device to receive the installation of senhasegura.go for Linux. Some kernels are customized or contain unknown drivers that can affect the behavior of this solution.

Supported operating systems

  • Debian 8
  • Debian 10
  • Cent OS 7
  • Cent OS 8


Make sure your system has installed the following packages:

For this installation will be used the Debian operating system as an example in the Debian 10 version.

In the case of Debian, run the command below to ensure its installation:

$ sudo apt-get install gcc make dkms linux-headers-$(uname -r) libjansson4 libcurl4 libconfig9 

The kernel version must be the same version available from linux-headers. Use the following command to check the available packages: apt list -a linux-headers*

How to install GO Endpoint Manager Linux

Once the requirements are met, run the installer

$ sudo /bin/bash 

The installation will display several messages informing you of the tasks being performed. These messages will be necessary if an error occurs. If completed successfully, the message Installation completed! It will be displayed. Otherwise, contact us with the outputs presented during the installation process in hand so that we can support you.

Once installed, it is necessary to configure it with the connection data WebService created previously.

Edit the file /etc/senhasegura/secpack.conf and fill in the fields below with the requested values.

  • iso_http_address: URL of the WebService. As usual, it will be the URL you use to access the senhasegura web interface, that can be found in Orbit Config Manager ➔ settings application ➔ application url plus the suffix /iso. example: https://senhasegura.mycompany/iso.

The key and token are the secrets used to enable connection between the senhasegura server and the workstations. You can find the key and token on Settings ➔ Services ➔ API ➔ Clients

Now we will request registration of this device from senhasegura by executing the command secpack-register with a privileged user.

$ sudo secpack-register 

Suppose you receive the error message Failed to sign workstation. - as shown below - check that the client WebService configuration steps have been correctly performed and that the target device has access to senhasegura via HTTPS connection (443).

root\@debian:/root# secpack-register 
senhasegura security pack v1.0.0-1
Failed to sign workstation.

If successful, you will receive the message This device was registered successfully., As in the example below:

root\@debian:/root# secpack-register 
senhasegura security pack v1.0.0-1
ERROR: 1002: Registration of pending approval workstation
Adding group gonix \...
This device was registered successfully.

The message ERROR: 1002: Registration of pending approval workstation indicates that the senhasegura manager has not yet approved this device to receive lock and audit information.

Validate the installation

Once installed, the secpack-maestro service must be running. Validate it with the command service secpack-maestro status.

The error message 2037: Incorrectly informed users occurs when no user present on the device correlates with approved users in the senhasegura.go for Linux administrative interface in senhasegura. We will resolve this later.

Only validate that the service uses the Loaded and Active policies.