This site requires JavaScript to be enabled
Welcome Guest|
Recent searches
IE BUMPER
KB0017348

Deploying the Cisco AMP for Linux Endpoints Connector on Managed Hosts

Number of views : 44
Article Number : KB0017348
Published on : 2020-04-20
Last modified : 2020-04-20 17:10:26
Knowledge Base : ESM External

You may use the following instructions for deploying Cisco Advanced Malware Protection (AMP) for Linux Endpoints Connectors (clients) on managed RHEL hosts.  Using Cisco AMP satisfies the ISO's requirements for anti-malware and anti-virus protection on UT Austin servers.. 

Management Console Setup (one-time setup)

  1. Send email to the ISO (security@utexas.edu) and request TSC access to the ITSY - ITS Systems group via the Cisco AMP web console. You should receive an email with login instructions for the console.
  2. Login to console (select the SSO option) and confirm the ITSY - ITS Systems group is visible.
  3. Request a new child group "ITSY-MSS" and new ITSY-MSS AMP Linux policy.
  4. Review and update the new ITSY-MSS AMP Linux policy. Confirm it is linked to the new group.
  5. Unlink the default AMP Linux policy.
  6. Review the exclusion lists attached to the policies. Update these or create new lists as needed.
  7. Configure a notification email address and announcement preferences within your AMP web console account.
  8. Setup event filters.

Distribution Point Setup*

  1. On the console, navigate to and then edit the "ITSY-MSS AMP Linux" policy.
  2. On the policy edit page, click "Product Updates" on the left navigation bar and then select the Cisco AMP client version to be installed. Click the "Save" button when done.
  3. On the console, navigate to the Download Connector webpage and select the ITSY - MSS group (or the group you wish to work with.).
  4. Download the Linux connector (aka rpm) and GPG key for the desired RHEL version to your desktop / laptop.
  5. Upload the rpm and GPG key to the SA-PROD repo and update the repo metadata (the ESM Tools team may have to do this for you.)
  6. Repeat nor more than 30 days after a new update is released (you should receive notification via email.)

Install the Cisco AMP client*

  1. Setup the SA-PROD repo on the Linux host.
  2. Download the GPG key "cisco.gpg" from the repo: wget http://repos.austin.utexas.edu/repos/sa-prod/cisco.gpg
  3. Install the GPG key using the following command:  rpm --import <path-to-cisco.gpg-file>
  4. Install the Cisco AMP client using the yum command: yum --enablerepo=sa-prod install ciscoampconnector.
  5. Launch the Cisco AMP CLI - /opt/cisco/amp/bin/ampcli. At the "ampcli>" prompt, issue the following commands (one at a time) and review the output ("about", "history list" and "status") to confirm the update was successful.
  6. Confirm the host on which Cisco AMP has been installed shows up in the desired group on the Cisco AMP management console. Lookup the host's properties on the console and confirm attributes are correct.  This may take a few hours to show up.

Update the Cisco AMP client*

  1. Confirm that the client package and GPG key on the SA-PROD repo has been updated (steps 1 through 5 of the "Distribution Point Setup" section above.
  2. Update the Cisco AMP installation using the yum command: yum --enablerepo=sa-prod update ciscoampconnector.
  3. Launch the Cisco AMP CLI - /opt/cisco/amp/bin/ampcli. At the "ampcli>" prompt, issue the following commands (one at a time) and review the output ("about", "history list" and "status") to confirm the update was successful.
  4. Confirm the host on which Cisco AMP has been installed shows up in the desired group on the Cisco AMP management console. Lookup the host's properties on the console and confirm attributes are correct.  This may take a few hours to show up.

 *PS. Alternatively you may download the Cisco AMP client and GPG key from the management console to your computer, upload to the Linux host and then install or update using either the yum or rpm commands. However, I recommend using the SA-PROD repo for version control across the fleet.

Incompatible Configurations

  • Removal media and temporary file system mounts in non-standard locations (e.g usb / CDROM / DVDROM not mounted user /media and NFS volumes not mounted under /mnt.
  • Selected security software 
  • See User Guide for details.

Resources

Cisco AMP Web Console

User Guide

 

 

 

 

Permalink: utss/KAhome.do?number=KB0017348

Thank You! Your feedback has been submitted.

Feedback