Audit Your Infrastructure – Install Rudder Agent on CentOS / Ubuntu / Debian

0

This article is the second part of Audit Your Infrastructure with Rudder series. Here, we will cover the installation of Rudder agent on CentOS / Ubuntu / Debian.

Article Series

1. Audit Your Infrastructure – Install Rudder Server on CentOS 7 / Ubuntu 16.04 / Debian
2. Audit Your Infrastructure – Install Rudder Agent on CentOS / Ubuntu / Debian
3. Audit Your Infrastructure – Perform Security audit using Rudder

Rudder agent is a client software and it needs to be installed on all nodes (hosts) to have them audited by Ruder server.

A node can either be physical or virtual.

Requirements

OS

Linux

  • Debian 5 to 8
  • RedHat Enterprise Linux (RHEL) / CentOS 3 and 5 to 7
  • Fedora 18
  • SuSE Enterprise Server 10 SP3, 11 SP1, 11 SP3, 11 SP4, 12, 12 SP1, 12 SP2
  • Ubuntu LTS – 10.04 (Lucid), 12.04 (Precise), 12.10 (Quantal), 14.04 LTS (Trusty), and 16.04 LTS (Xenial)

Other Unix systems

  • IBM AIX 5.3, 6.1 and 7.1

Windows

  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2 (requires the commercial version of CFEngine – Rudder Agent).

Hardware

There is no special requirement for Rudder agent.

Add Rudder repository

Rudder agent is available on Rudder repository, so add it on all nodes you want to be audited by Rudder.

### CentOS  / RHEL ###

# rpm --import https://www.rudder-project.org/rpm-repos/rudder_rpm_key.pub

# echo '[Rudder_4.1]
name=Rudder 4.1 EL repository
baseurl=http://www.rudder-project.org/rpm-4.1/RHEL_$releasever/
gpgcheck=1
gpgkey=http://www.rudder-project.org/rpm-4.1/RHEL_$releasever/repodata/repomd.xml.key' > /etc/yum.repos.d/rudder.repo

### Debian / Ubuntu ###

# wget --quiet -O- "https://www.rudder-project.org/apt-repos/rudder_apt_key.pub" | sudo apt-key add -

# echo "deb http://www.rudder-project.org/apt-4.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list

# apt-get update

Install Rudder Agent

You can use yum in CentOS/RHEL and apt-get in Ubuntu/Debian for installing Rudder Agent.

### CentOS  / RHEL  ###

yum install -y rudder-agent

### Debian / Ubuntu ###

apt-get install -y rudder-agent

Configure Rudder Agent

Update the Rudder agent configuration file with IP Address or hostname of the Rudder server.

echo '<hostname or ipaddress>' > /var/rudder/cfengine-community/policy_server.dat

Example:

echo '192.168.1.10' > /var/rudder/cfengine-community/policy_server.dat

We suggest you use the IP address of the Rudder Root Server. The DNS name of this server can also be accepted if you have a trusted DNS infrastructure with proper reverse resolutions.

Start the rudder agent service.

service rudder start

Validate Rudder Agent

Wait for few minutes after the start of Rudder agent. A new node should be pending in Rudder web interface.

Go to Rudder >> Node management >> Accept new nodes. Select your node and click Accept.

Install Rudder Agent on CentOS - Accept New Nodes
Install Rudder Agent on CentOS – Accept New Nodes

Click Accept.

Install Rudder Agent on CentOS - Accept New Node
Install Rudder Agent on CentOS – Accept New Node

Check the new node on your nodes list, Rudder >> Node management >> List nodes.

Install Rudder Agent on CentOS - Nodes List
Install Rudder Agent on CentOS – Nodes List

You may see 100% non-compliance for a new node. To clear this issue, you need to send an inventory of a new node. Run:

rudder agent inventory

Output:

Rudder agent 4.1.7-stretch0 (CFEngine Core 3.10.2)
Node uuid: 14099804-a83a-4724-8718-8d70bf00efd1
Start execution with config [20171014-130855-89b4ea34]

M| State         Technique                 Component                 Key                Message
E| compliant     Inventory                 inventory                                    The inventory has been successfully sent

## Summary #####################################################################
   => 1 components in Enforce mode
      -> 1 compliant
execution time: 19.33s
################################################################################

Check a node again for compliance.

Install Rudder Agent on CentOS - 100% Compliance Report
Install Rudder Agent on CentOS – 100% Compliance Report

That’s All. You have now finished the installation of Rudder Server and Agent. Also, added an agent to Rudder server. We will be back soon on how to perform an auditing of a node with Rudder server.

You might also like