Chat now with support
Chat mit Support

One Identity Safeguard for Privileged Passwords 7.5.2 - Connect for Safeguard Assets User Guide

Downloading a Linux agent

The following explains the process for downloading and installing a linux agent on a disconnected asset. The same token and agent can be used by multiple machines which (depending on your organization's environment) may allow for this to be pushed out to multiple machines rather than having to manually install an agent on each individual machine.

To download a Linux agent

IMPORTANT: If requiretty is enabled on your linux machine, you need to add the following line to the sudoers file:

Defaults:<service account name> !requiretty

  1. On the Downloads page, click the Download button associated with the Linux tile.

    A zipped ConnectForSafeguardLinuxAgent folder will be downloaded according to your browser settings.

  2. Unzip the ConnectForSafeguardLinuxAgent.zip folder.

  3. To the unzipped ConnectForSafeguardLinuxAgent.zip folder, add the agent enrollment token file (Downloading an Agent Enrollment token).

    CAUTION: Keep a copy of the enrollment token until the agent has been successfully enrolled. The token file will be automatically removed after each enrollment attempt (including failed attempts).

  4. Change the permissions on the ConnectForSafeguardAssetsAgent file (chmod 750) to make it executable.

  5. Using a service account that is a member of sudoers (you may need to run sudo ConnectForSafeguardAssetsAgent), run the enroll command on ConnectForSafeguardAssetsAgent.

    Once the agent has been successfully enrolled, the Safeguard Disconnected Asset Agent will be installed under the service account along with a SafeguardAssetsAgent certificate that is valid for 60 days. The agent will automatically attempt to renew the certificate after 30 days have passed since the last certificate was issued. However, if an agent is unable to re-enroll and the certificate expires, the re-enroll command can be used to re-enroll the agent (for more information, see Re-enrolling an installed agent).

  6. In Safeguard for Privileged Passwords, you can now add or discover the asset (using the Linux (Starling Connect) platform). For more information, see the One Identity Safeguard for Privileged Passwords Administration Guide.

    Make sure the Agent ID is the same as shown in SPP (Assets > (select asset) > Properties > Connection > (Edit) > StarlingAgentID). If the Agent ID is different, you need to update the StarlingAgentID in SPP to match the Agent ID.

    NOTE: When running a task in Safeguard for Privileged Passwords against a Linux agent, the task is created in a submitted state and will be updated once the agent processes the task. The amount of time this will take to update will vary depending upon the state of the machine the agent is running on.

Downloading an Agent Enrollment token

The agent enrollment token (30 day sliding expiration with a 90 day limit) needs to be added to the folder.

To download an Agent Enrollment token

  1. On the Downloads page, click the Download button associated with the Agent Enrollment tile.

    The token.txt file will be downloaded according to your browser settings.

    CAUTION: Keep a copy of the enrollment token until the agent has been successfully enrolled. The token file will be automatically removed after each enrollment attempt (including failed attempts).

  2. Add the token.txt file to the unzipped folder downloaded as part of downloading an agent. For more information, see the following instructions depending on the type of agent being installed:

Re-enrolling an installed agent

Once the agent has been successfully enrolled, the Safeguard Disconnected Asset Agent will be installed under the service account along with a ConnectForSafeguardAssets certificate that is valid for 60 days. The agent will automatically attempt to renew the certificate after 30 days have passed since the last certificate was issued. However, if an agent is unable to re-enroll and the certificate expires, the re-enroll command can be used to re-enroll the agent.

To re-enroll an agent

  1. Download a new agent enrollment token. For more information, see Downloading an Agent Enrollment token.

  2. Add the new agent enrollment token to the asset. For example, re-enrolling a Windows agent requires the new token be added to the ConnectForSafeguardWindowsAgent folder.

    CAUTION: Keep a copy of the enrollment token until the agent has been successfully re-enrolled. The token file will be automatically removed after each enrollment attempt (including failed attempts).

  3. Open a Command Prompt or PowerShell session.

  4. Run the reenroll command on ConnectForSafeguardAssetsAgent.

Removing an installed agent

The following instructions are for removing a previously installed agent. This will only remove the agent from the asset, no changes will be made to SPP.

To remove an installed agent

  1. On the asset the agent is installed, open a Command Prompt or PowerShell session.

  2. Run the Remove command on ConnectForSafeguardAssetsAgent.

    Once the agent has been removed, you can either remove any corresponding assets within SPP or enroll a new token (for more information, see Downloading an Agent Enrollment token).

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen