Deploying the Assessment Tool to Linux Endpoints

Assessment tools can scan Linux endpoints for vulnerable versions of the Log4j library or Samba service.

If deployed correctly, the tool automatically collects and uploads data to Trend Micro Vision One for in-depth analysis and reporting. The tool supports the following platforms:

Platform

Memory

Disk Space

Red Hat Enterprise Linux 6 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Red Hat Enterprise Linux 7 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Red Hat Enterprise Linux 8 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Amazon Linux (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Amazon Linux 2 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

CentOS Linux 6 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

CentOS Linux 7 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

CentOS Linux 8 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Ubuntu 16 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Ubuntu 18 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Ubuntu 20 (64-bit)

  • 2 GB minimum

  • 5 GB recommended

1 GB recommended

Endpoints must be connected to the internet so the tool can upload data to the Trend Micro Vision One. Trend Micro recommends adding the following URLs and ports to the safe list.

Region

URL

Port

Australia

api-ap4.xbc.trendmicro.com

443

https://assessment-ap4.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

Europe

api-eu1.xbc.trendmicro.com

443

https://assessment-eu1.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

India

api-ap5.xbc.trendmicro.com

443

https://assessment-ap5.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

Japan

api-ap2.xbc.trendmicro.com

443

https://assessment-ap2.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

Singapore

api-ap3.xbc.trendmicro.com

443

https://assessment-ap3.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

United States

https://api-us1.xbc.trendmicro.com

443

https://assessment-us1.mgcp.trendmicro.com

443

https://release-us1.mgcp.trendmicro.com

443

The assessment report provides details about endpoints and server applications that may be affected by the vulnerability. You will also receive information about actions that you can take to mitigate risk and expand your view of the attack surface.

  1. Click the download link.

    The link opens a page with instructions.

  2. Click Start Assessment to download the installation package.
  3. Extract the installation package by executing the following command:

    tar zxf tmxbc_linux64.tgz

  4. Install the Endpoint Basecamp program.
    • To install the Endpoint Basecamp program without a proxy, execute the following command:

      $ ./tmxbc install

    • To install the Endpoint Basecamp program with a proxy, execute the following command:

      $ ./tmxbc install --proxyURL <IPv4 or IPv6 address of proxy server>

      For example:

      $ ./tmxbc install --proxyURL http://10.1.1.1:80

      Important:

      Endpoint Basecamp only supports HTTP proxies and does not support the use of proxy credentials.

    The tool starts running in the background and automatically uploads data to Trend Micro Vision One.

The Assessment Service app displays a timestamp and sends a notification to the registered email address whenever the tool uploads data.

Note:

You can uninstall the assessment tool after completing the Log4Shell (CVE-2021-44228) Vulnerability Assessment or Samba Vulnerability Assessment. If you enabled Endpoint Sensor during this assessment, disable the sensor in the Endpoint Inventory app before uninstalling the assessment tool. To uninstall the assessment tool,execute the following command:

# /opt/TrendMicro/EndpointBasecamp/bin/tmxbc uninstall