Deploying the Assessment Tool to Linux Endpoints
Deploy the assessment tool to scan Linux endpoints for vulnerable versions of the Log4j library or Samba service.
The tool supports the following platforms.
|
Platform |
Memory |
Disk Space |
|---|---|---|
|
Red Hat Enterprise Linux 6 (64-bit) |
|
1 GB recommended |
|
Red Hat Enterprise Linux 7 (64-bit) |
|
1 GB recommended |
|
Red Hat Enterprise Linux 8 (64-bit) |
|
1 GB recommended |
|
Amazon Linux (64-bit) |
|
1 GB recommended |
|
Amazon Linux 2 (64-bit) |
|
1 GB recommended |
|
CentOS Linux 6 (64-bit) |
|
1 GB recommended |
|
CentOS Linux 7 (64-bit) |
|
1 GB recommended |
|
CentOS Linux 8 (64-bit) |
|
1 GB recommended |
|
Ubuntu 16 (64-bit) |
|
1 GB recommended |
|
Ubuntu 18 (64-bit) |
|
1 GB recommended |
|
Ubuntu 20 (64-bit) |
|
1 GB recommended |
Endpoints must be connected to the internet so the tool can upload data to the Trend Vision One. Trend Micro recommends adding the following URLs and ports to the safe list.
|
Region |
URL |
Port |
|---|---|---|
|
Australia |
api-ap4.xbc.trendmicro.com |
443 |
|
https://assessment-ap4.mgcp.trendmicro.com |
443 |
|
|
https://release-us1.mgcp.trendmicro.com |
443 |
|
|
Europe |
api-eu1.xbc.trendmicro.com |
443 |
|
https://assessment-eu1.mgcp.trendmicro.com |
443 |
|
|
https://release-us1.mgcp.trendmicro.com |
443 |
|
|
India |
api-ap5.xbc.trendmicro.com |
443 |
|
https://assessment-ap5.mgcp.trendmicro.com |
443 |
|
|
https://release-us1.mgcp.trendmicro.com |
443 |
|
|
Japan |
api-ap2.xbc.trendmicro.com |
443 |
|
https://assessment-ap2.mgcp.trendmicro.com |
443 |
|
|
https://release-us1.mgcp.trendmicro.com |
443 |
|
|
Singapore |
api-ap3.xbc.trendmicro.com |
443 |
|
https://assessment-ap3.mgcp.trendmicro.com |
443 |
|
|
https://release-us1.mgcp.trendmicro.com |
443 |
|
|
United States |
https://api-us1.xbc.trendmicro.com |
443 |
|
https://assessment-us1.mgcp.trendmicro.com |
443 |
|
|
https://release-us1.mgcp.trendmicro.com |
443 |
The assessment report provides details about endpoints and server applications that may be affected by the vulnerability. You will also receive information about actions that you can take to mitigate risk and expand your view of the attack surface.
- In the Identify servers affected by the Samba Vulnerability (CVE-2021-44142) area, click Start Assessment or choose Log4Shell vulnerability from Scan for More Attack Campaigns.
- Click Download Assessment Tool. Follow the on-screen instructions to download the installation package.
-
Extract the installation package by executing the following command:
tar zxf tmxbc_linux64.tgz
-
Install the Endpoint Basecamp program.
-
To install the Endpoint Basecamp program without a proxy, execute the following command:
$ ./tmxbc install
-
To install the Endpoint Basecamp program with a proxy, execute the following command:
$ ./tmxbc install --proxyURL <IPv4 or IPv6 address of proxy server>
For example:
$ ./tmxbc install --proxyURL http://10.1.1.1:80
Important:Endpoint Basecamp only supports HTTP proxies and does not support the use of proxy credentials.
The tool starts running in the background and automatically uploads data to Trend Vision One.
-
You can uninstall the assessment tool after completing the Log4Shell (CVE-2021-44228) Vulnerability Assessment or Samba Vulnerability Assessment. If you enabled Endpoint Sensor during this assessment, disable the sensor in the Endpoint Inventory app before uninstalling the assessment tool. To uninstall the assessment tool,execute the following command:
# /opt/TrendMicro/EndpointBasecamp/bin/tmxbc uninstall
