Deploying the Agent Installer to Linux Endpoints

Linux deployment includes some prerequisite verification before accessing the command line and installing the tool.

Note:

After deploying the tool to Linux endpoints, you must choose which endpoints to enable XDR capabilities on from the Endpoint Inventory screen.

For more information, see Endpoint Inventory.

  1. Obtain the Linux package from the Trend Micro Vision One console.
    • Download the package locally and deploy the tmxbc_linux64.tgz archive to target endpoints.

    • Copy the download link and execute the following wget command on the target endpoint, which downloads and renames the file:

      $ wget <download_link> -O tmxbc_linux64.tgz

    Important:

    Each installation package is specific to your company. After installing the package, the endpoint starts reporting to your company's Trend Micro Vision One console.

  2. Verify that the system is running OpenSSL version 1.0.2 or later by executing the following command:

    openssl version

  3. Verify the contents of the download package.
    1. Extract the installation package by executing the following command:

      tar -xvf tmxbc_linux64.tgz

      Where "tmxbc_linux64.tgz" is the name of the installation package.

    2. Verify that all the following files exist in the package:
      • checksum

      • checksum.p7

      • manifest

      • .property

      • README

      • tmxbc

  4. Verify that the signature and issuer of the certificate are valid.
    1. Execute the following command:

      openssl cms -verify -binary -in checksum.p7 -inform DER -verify -content checksum -purpose any -certsout need_to_check.certs -out /dev/null

      If the command provides the output, "Verification successful", continue to the following step.

      Note:

      Use the need_to_check.certs certificate generated by the command in the subsequent verification steps.

    2. Verify that the certificate subject is "Trend Micro, Inc" and the issuer is "DigiCert Inc" by executing the following command:

      openssl x509 -noout -subject -issuer -in need_to_check.certs

      The output should be:

      subject= /jurisdictionC=TW/businessCategory=Private Organization/serialNumber=23310837/C=TW/ST=Taipei City/L=Da\xE2\x80\x99an District/O=Trend Micro, Inc./CN=Trend Micro, Inc.

      issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert EV Code Signing CA (SHA2)

    3. Verify that the checksum is valid by executing the following command:

      sha256sum -c checksum

      If the system does not return an error, you can begin installing the package.

  5. Install the Agent.
    • To install the Endpoint Basecamp program without a proxy, execute the following command:

      $ ./tmxbc install

    • To install the Endpoint Basecamp program with a proxy, execute the following command:

      $ ./tmxbc install --proxyURL <IPv4 or IPv6 address of proxy server>

      For example:

      $ ./tmxbc install --proxyURL http://10.1.1.1:80

      Important:

      Endpoint Basecamp only supports HTTP proxies and does not support the use of proxy credentials.

    For a complete list of available CLI commands, see Linux CLI Commands.