Linux Agent manual installation

Linux Agent manual installation

As an alternative to using the installer script, you may install the Agent using the standard package managers as detailed below.

Linux Agent manual installation

Adding a new Agent - summary

The process to install and setup the BlastShield™ Agent on a server is summarised here:

  • Create a new Agent instance in the Orchestrator and create a BSI file.
  • Install the Agent on the Linux server.
  • Register the Agent with the BSI file.
  • Start the Agent.

Currently supported builds

We currently have support for the following operating systems.

If you don't see the operating system which you are using in this list, then please contact us here so that we can help you get the correct build.

Ubuntu

  • Ubuntu 20.10
  • Ubuntu 20.04.2 LTS
  • Ubuntu 18.04 LTS

Debian

  • Debian 11 (Bullseye)
  • Debian 10 (Buster)

Centos

  • Centos 8
  • Centos 7

Amazon

  • Amazon Linux 2

Raspberry Pi

  • Raspbian GNU/Linux 10 (buster)

64-bit builds for x86 CPUs are available.


Step 1: Add a new Agent in the Orchestrator

From within the Orchestrator, add a new Agent. Use the following steps:

  • Click on "Agents" in the sidebar and click the red "Add New Agent" button at the top right.
  • The New Agent dialogue opens.  Add a Name and DNS Hostname.
  • Optionally add any Groups you want it to join (or you can leave the Groups box blank and fill it in later).
  • Then click "Save and Download Invitation".  Download the BSI file for use later.

Step 2: Install the Agent

Choose your Linux distribution:

Ubuntu 20.04.2 LTS (Focal)

Packages are available for 64-bit  x86 CPUs in LTS 18.04, 20.04 and 20.10.

Performed by the Linux Administrator.

1. Fetch the BlastWave gpg keys so that the package manager can verify your packages:

sudo curl https://dl.blastwave.io/ubuntu/blastwave.gpg -o /usr/share/keyrings/blastwave.gpg

2. Download the package description file:

sudo curl https://dl.blastwave.io/ubuntu/focal.list -o /etc/apt/sources.list.d/blastwave.list

If you are using Ubuntu 18.04, change ‘focal’ to ‘bionic’ in the above line

3. Fetch the repo:

sudo apt update

4. Install the BlastShield agent:

sudo apt install blastshield-agent

Debian 10 (Buster)

Packages are available for 64-bit x86 CPUs for Debian 10.

Performed by the Linux Administrator.

1. Start network name resolution to local applications on Debian:

systemctl --now enable systemd-networkd  

2. Fetch the BlastWave gpg keys so that the package manager can verify your packages:

sudo curl https://dl.blastwave.io/debian/blastwave.gpg -o /usr/share/keyrings/blastwave.gpg

3. Download the package description file:

sudo curl https://dl.blastwave.io/debian/buster.list -o /etc/apt/sources.list.d/blastwave.list

4. Fetch the repo:

sudo apt update

5. Install the BlastShield agent:

sudo apt install blastshield-agent

Debian 11 (Bullseye)

Packages are available for 64-bit x86 CPUs for Debian 11.

Performed by the Linux Administrator.

1. Start network name resolution to local applications on Debian:

systemctl --now enable systemd-networkd  

2. Fetch the BlastWave gpg keys so that the package manager can verify your packages:

sudo curl https://dl.blastwave.io/debian/blastwave.gpg -o /usr/share/keyrings/blastwave.gpg

3. Download the package description file:

sudo curl https://dl.blastwave.io/debian/bullseye.list -o /etc/apt/sources.list.d/blastwave.list

4. Fetch the repo:

sudo apt update

5. Install the BlastShield™ Agent:

sudo apt install blastshield-agent

Centos 7

Packages are available for 64-bit x86 CPUs for Centos 7.

Performed by the Linux Administrator.

1. Install the Yum repository manager:

sudo yum install yum-utils

2. Download the BlastWave repository:

sudo yum-config-manager --add-repo https://dl.blastwave.io/centos/7/blastwave.repo

3. Install Extra Packages for Enterprise Linux:

sudo yum install epel-release

4. Install the BlastShield agent:

sudo yum install blastshield-agent

Centos 8

Packages are available for 64-bit x86 CPUs for Centos 8.

Performed by the Linux Administrator.

1. Install the package manager:

sudo dnf install ‘dnf-command(config-manager)’

2. Download the repository:

sudo dnf config-manager --add-repo https://dl.blastwave.io/centos/8/blastwave.repo

3. Install the BlastShield agent:

sudo dnf install blastshield-agent

Amazon Linux 2

Packages are available for 64-bit x86 CPUs for Amazon Linux 2.

Performed by the Linux Administrator.

1. Download the BlastWave repository

sudo yum-config-manager --add-repo https://dl.blastwave.io/centos/8/blastwave.repo

2. Install the BlastShield Agent

sudo yum install blastshield-agent

Raspberry Pi OS

Packages are available running as 32-bit for Arm CPUs for Raspberry Pi OS

Performed by the Raspberry Pi OS Administrator.

1. Start network name resolution to local applications:

systemctl --now enable systemd-networkd  

2. Fetch the BlastWave gpg keys so that the package manager can verify your packages:

sudo curl https://dl.blastwave.io/debian/blastwave.gpg -o /usr/share/keyrings/blastwave.gpg

3. Download the package description file:

sudo curl https://dl.blastwave.io/debian/buster.list -o /etc/apt/sources.list.d/blastwave.list

4. Fetch the repo:

sudo apt update

5. Install the BlastShield™ Agent:

sudo apt install blastshield-agent

Step 3: Register the Agent

Performed by the Linux Administrator.

Register the agent using the bs-noded –r ‘contents-of-bsi-file’ syntax as described below.

1. Copy the contents of the BSI file and paste it inside ‘single quotes’ as shown in the example below (use single quotes, not double quotes):

sudo bs-noded -r ‘<insert entire contents of the bsi file here>'

Important – be sure to replace the contents inside the 'single quotes' of the above example command with the contents of your own BSI file which you created in Step 1.
BSI files are single-use so you must generate a new one each time you add an agent to the BlastShield network.

Step 4: Start the Agent

Performed by the Linux Administrator.

1. After the Agent is registered, then you can enable and start the agent:

sudo systemctl enable --now blastshield

2. Now that the Agent has started you can check the status of the Agent:

sudo systemctl status blastshield

3. The service status should now show:

active (running)

4. The logs may be viewed as follows:

sudo journalctl -u blastshield.service

The status of the new Agent on your server should appear as "Online" in the Orchestrator as shown in the image below. 

When the status of the Agent is ‘Online’ this shows that the Agent is operational and the Orchestrator can communicate with the Agent.

The BlastShield™ interface that has been created by the Agent on the server will only be accessible to authorised and authenticated BlastShield users.  To access this interface you must set up groups and access policies for your users.  The default behaviour is to block access until a policy has been created.