Deploying the Assessment Tool to Linux Endpoints

Deploy the assessment tool to scan Linux endpoints for vulnerable versions of the Log4j library or Samba service.

The tool supports the following platforms.

Platform

Memory

Disk Space

Red Hat Enterprise Linux 6 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Red Hat Enterprise Linux 7 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Red Hat Enterprise Linux 8 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Amazon Linux (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Amazon Linux 2 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

CentOS Linux 6 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

CentOS Linux 7 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

CentOS Linux 8 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Ubuntu 16 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Ubuntu 18 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Ubuntu 20 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Endpoints must be connected to the internet so the tool can upload data to the Trend Micro Vision One. Trend Micro recommends adding the following URLs and ports to the safe list.

Region

URL

Port

Australia

api-ap4.xbc.trendmicro.com

443

https://assessment-ap4.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

Europe

api-eu1.xbc.trendmicro.com

443

https://assessment-eu1.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

India

api-ap5.xbc.trendmicro.com

443

https://assessment-ap5.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

Japan

api-ap2.xbc.trendmicro.com

443

https://assessment-ap2.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

Singapore

api-ap3.xbc.trendmicro.com

443

https://assessment-ap3.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

United States

https://api-us1.xbc.trendmicro.com

443

https://assessment-us1.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

The assessment report provides details about endpoints and server applications that may be affected by the vulnerability. You will also receive information about actions that you can take to mitigate risk and expand your view of the attack surface.

  1. In the Identify servers affected by the Samba Vulnerability (CVE-2021-44142) area, click Start Assessment or choose Log4Shell vulnerability from Scan for More Attack Campaigns.
  2. Click Download Assessment Tool. Follow the on-screen instructions to download the installation package.
  3. Extract the installation package by executing the following command:

    tar zxf tmxbc_linux64.tgz

  4. Install the Endpoint Basecamp program.
    • To install the Endpoint Basecamp program without a proxy, execute the following command:

      $ ./tmxbc install

    • To install the Endpoint Basecamp program with a proxy, execute the following command:

      $ ./tmxbc install --proxyURL <IPv4 or IPv6 address of proxy server>

      For example:

      $ ./tmxbc install --proxyURL http://10.1.1.1:80

      Important:

      Endpoint Basecamp only supports HTTP proxies and does not support the use of proxy credentials.

    The tool starts running in the background and automatically uploads data to Trend Micro Vision One.

Note:

You can uninstall the assessment tool after completing the Log4Shell (CVE-2021-44228) Vulnerability Assessment or Samba Vulnerability Assessment. If you enabled Endpoint Sensor during this assessment, disable the sensor in the Endpoint Inventory app before uninstalling the assessment tool. To uninstall the assessment tool,execute the following command:

# /opt/TrendMicro/EndpointBasecamp/bin/tmxbc uninstall