The following explains the process for downloading and installing a linux agent on a disconnected asset. The same token and agent can be used by multiple machines which (depending on your organization's environment) may allow for this to be pushed out to multiple machines rather than having to manually install an agent on each individual machine.
To download a Linux agent
IMPORTANT: If requiretty is enabled on your linux machine, you need to add the following line to the sudoers file:
Defaults:<service account name> !requiretty
-
On the Downloads page, click the Download button associated with the Linux tile.
A zipped ConnectForSafeguardLinuxAgent folder will be downloaded according to your browser settings.
-
Unzip the ConnectForSafeguardLinuxAgent.zip folder.
-
To the unzipped ConnectForSafeguardLinuxAgent.zip folder, add the agent enrollment token file (Downloading an Agent Enrollment token).
CAUTION: Keep a copy of the enrollment token until the agent has been successfully enrolled. The token file will be automatically removed after each enrollment attempt (including failed attempts).
-
Change the permissions on the ConnectForSafeguardAssetsAgent file (chmod 750) to make it executable.
-
Using a service account that is a member of sudoers (you may need to run sudo ConnectForSafeguardAssetsAgent), run the enroll command on ConnectForSafeguardAssetsAgent.
Once the agent has been successfully enrolled, the Safeguard Disconnected Asset Agent will be installed under the service account along with a SafeguardAssetsAgent certificate that is valid for 60 days. The agent will automatically attempt to renew the certificate after 30 days have passed since the last certificate was issued. However, if an agent is unable to re-enroll and the certificate expires, the re-enroll command can be used to re-enroll the agent (for more information, see Re-enrolling an installed agent).
-
In Safeguard for Privileged Passwords, you can now add or discover the asset (using the Linux (Starling Connect) platform). For more information, see the One Identity Safeguard for Privileged Passwords Administration Guide.
Make sure the Agent ID is the same as shown in SPP (Assets > (select asset) > Properties > Connection >
(Edit) > StarlingAgentID). If the Agent ID is different, you need to update the StarlingAgentID in SPP to match the Agent ID.
NOTE: When running a task in Safeguard for Privileged Passwords against a Linux agent, the task is created in a submitted state and will be updated once the agent processes the task. The amount of time this will take to update will vary depending upon the state of the machine the agent is running on.
