Audit Your Infrastructure – Install Rudder Agent on CentOS / Ubuntu / Debian
This article is the second part of Audit Your Infrastructure with Rudder series. Here, we will cover the installation of Rudder agent on CentOS / Ubuntu / Debian.
Article Series
1. Audit Your Infrastructure – Install Rudder Server on CentOS 7 / Ubuntu 16.04 / Debian
2. Audit Your Infrastructure – Install Rudder Agent on CentOS / Ubuntu / Debian
3. Audit Your Infrastructure – Perform Security audit using Rudder
Rudder agent is a client software and it needs to be installed on all nodes (hosts) to have them audited by Ruder server.
A node can either be physical or virtual.
Requirements
OS
Linux
- Debian 5 to 8
- RedHat Enterprise Linux (RHEL) / CentOS 3 and 5 to 7
- Fedora 18
- SuSE Enterprise Server 10 SP3, 11 SP1, 11 SP3, 11 SP4, 12, 12 SP1, 12 SP2
- Ubuntu LTS – 10.04 (Lucid), 12.04 (Precise), 12.10 (Quantal), 14.04 LTS (Trusty), and 16.04 LTS (Xenial)
Other Unix systems
- IBM AIX 5.3, 6.1 and 7.1
Windows
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2 (requires the commercial version of CFEngine – Rudder Agent).
Hardware
There is no special requirement for Rudder agent.
Add Rudder repository
Rudder agent is available on Rudder repository, so add it on all nodes you want to be audited by Rudder.
### CentOS / RHEL ### # rpm --import https://www.rudder-project.org/rpm-repos/rudder_rpm_key.pub # echo '[Rudder_4.1] name=Rudder 4.1 EL repository baseurl=https://www.rudder-project.org/rpm-4.1/RHEL_$releasever/ gpgcheck=1 gpgkey=https://www.rudder-project.org/rpm-4.1/RHEL_$releasever/repodata/repomd.xml.key' > /etc/yum.repos.d/rudder.repo ### Debian / Ubuntu ### # wget --quiet -O- "https://www.rudder-project.org/apt-repos/rudder_apt_key.pub" | sudo apt-key add - # echo "deb https://www.rudder-project.org/apt-4.1/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list # apt-get update
Install Rudder Agent
You can use yum in CentOS/RHEL and apt-get in Ubuntu/Debian for installing Rudder Agent.
### CentOS / RHEL ### yum install -y rudder-agent ### Debian / Ubuntu ### apt-get install -y rudder-agent
Configure Rudder Agent
Update the Rudder agent configuration file with IP Address or hostname of the Rudder server.
echo '<hostname or ipaddress>' > /var/rudder/cfengine-community/policy_server.dat
Example:
echo '192.168.1.10' > /var/rudder/cfengine-community/policy_server.dat
We suggest you use the IP address of the Rudder Root Server. The DNS name of this server can also be accepted if you have a trusted DNS infrastructure with proper reverse resolutions.
Start the rudder agent service.
service rudder start
Validate Rudder Agent
Wait for few minutes after the start of Rudder agent. A new node should be pending in Rudder web interface.
Go to Rudder >> Node management >> Accept new nodes. Select your node and click Accept.
Click Accept.
Check the new node on your nodes list, Rudder >> Node management >> List nodes.
You may see 100% non-compliance for a new node. To clear this issue, you need to send an inventory of a new node. Run:
rudder agent inventory
Output:
Rudder agent 4.1.7-stretch0 (CFEngine Core 3.10.2) Node uuid: 14099804-a83a-4724-8718-8d70bf00efd1 Start execution with config [20171014-130855-89b4ea34] M| State Technique Component Key Message E| compliant Inventory inventory The inventory has been successfully sent ## Summary ##################################################################### => 1 components in Enforce mode -> 1 compliant execution time: 19.33s ################################################################################
Check a node again for compliance.
That’s All. You have now finished the installation of Rudder Server and Agent. Also, added an agent to Rudder server. We will be back soon on how to perform an auditing of a node with Rudder server.