Deploying the Agent Installer to Linux Endpoints

Linux deployment includes some prerequisite verification before accessing the command line and installing the tool.

Note:

After deploying the tool to Linux endpoints, you must choose which endpoints to enable XDR capabilities on from the Endpoint Inventory screen.

For more information, see Endpoint Inventory 2.0.

  1. Obtain the package from the Trend Vision One console.

    • Download the package locally and deploy the tmxbc_linux64.tgz archive to target endpoints.

    • Copy the download link and execute the following wget command on the target endpoint, which downloads and renames the file:

      $ wget <download_link> -O tmxbc_linux64.tgz

    Important:

    Each package is specific to your company. After installing the package, the endpoint starts reporting to your company's Trend Vision One console.

  2. Verify that the system is running OpenSSL version 1.0.2 or later by executing the following command:

    openssl version

  3. Verify the contents of the package.
    1. Extract the contents of the package by executing the following command:

      tar -xvf tmxbc_linux64.tgz

      Where "tmxbc_linux64.tgz" is the name of the package.

    2. Verify that all the following files exist in the package:

      • checksum

      • checksum.p7

      • manifest

      • .property

      • README

      • tmxbc

  4. Verify that the signature and issuer of the certificate are valid.
    1. Execute the following command:

      openssl cms -verify -binary -in checksum.p7 -inform DER -verify -content checksum -purpose any -certsout need_to_check.certs -out /dev/null

      The expected output is Verification successful.

      Note:

      Use the need_to_check.certs certificate generated by the command in the subsequent verification steps.

    2. Verify that the certificate subject is "Trend Micro, Inc" and the issuer is "DigiCert Inc" by executing the following command:

      openssl crl2pkcs7 -nocrl -certfile need_to_check.certs | openssl pkcs7 -print_certs -noout

      The output should be:

      subject=C = US, O = "DigiCert, Inc.", CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1

      issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4

      subject=businessCategory = Private Organization, jurisdictionC = TW, serialNumber = 23310837, C = TW, ST = Taipei City, L = Da\E2\80\99an District, O = "Trend Micro, Inc.", CN = "Trend Micro, Inc."

      issuer=C = US, O = "DigiCert, Inc.", CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1

    3. Verify that the checksum is valid by executing the following command:

      sha256sum -c checksum

      If the system does not return an error, you can begin installing the package.

  5. Install the agent.

    • To install the Endpoint Basecamp program without a proxy, execute the following command:

      $ ./tmxbc install

    • To install the Endpoint Basecamp program with a proxy, execute the following command:

      $ ./tmxbc install --proxyURL <IPv4 or IPv6 address of proxy server>

      For example:

      $ ./tmxbc install --proxyURL http://10.1.1.1:80

      Important:

      Endpoint Basecamp only supports HTTP proxies and does not support the use of proxy credentials.

    For a complete list of available CLI commands, see Linux CLI Commands.

Parent topic: Deploying the Agent Installer