Nebula offers the Endpoint Agent for Linux machines. The Downloads page in the Nebula console has instructions on setting up your repository source to point to the Malwarebytes Linux repository. Then, download and install the Endpoint Agent using standard Linux commands, apt-get/apt install or yum install.
Install Dynamic Kernel Management System (DKMS) and sign the Linux kernel if required. For minimum requirements to install on Linux machines, see Minimum requirements for Nebula.
Linux Endpoint Installer Notes
- Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group. To automatically assign endpoints to a group during installation:
- On the left navigation menu, click Download Center.
- Under Advanced tools, click the Specify group assignment link.
- The Guided deployment has two methods to begin deployment with your endpoint users
- Direct Download: Download the Endpoint Agent installer to your local endpoint.
- Link Sharing: Copy and share a customizable message with download links to the Endpoint Agent installer. Links expire after 7 days.
Manually install on Linux endpoint
To manually add an endpoint to the Nebula platform, download the Malwarebytes Endpoint Agent installation file and run the file from the endpoint. Each is pre-configured for your account.
Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group as a parameter.
- On the left navigation menu, click Download Center.
- Click Direct download.
- Select Linux from the drop-down menu.
- In the Download Endpoint Installers section, choose the distribution you are using, based on your endpoint operating system.
- Debian-based distros
- RPM-based distros
- SUSE-based distros
- After selecting your distro, copy the text in the Download and installation field and paste the text into your Linux command line. Your Account Token is automatically populated in the field for convenience.
- Run the script in your Linux environment.
When the installation process completes, the Endpoint Agent registers and the Linux endpoint shows up in the Endpoints page of Nebula and the agent begins logging events and errors on the endpoint. For information on gathering logs, see Collect Malwarebytes Endpoint Agent diagnostic logs.
NOTICE - All Linux endpoints are counted as Servers.
To confirm your Linux server starts the endpoint agent when it boots up, run the following command:
root@linux:~# systemctl is-enabled mbdaemon
disabled
If the output reads disabled, then run the following command to enable the agent:
root@linux:~# systemctl enable mbdaemon
Created symlink /etc/systemd/system/multi-user.target.wants/mbdaemon.service → /lib/systemd/system/mbdaemon.service
Run the following command again to confirm the agent is enabled:
root@linux:~# systemctl is-enabled mbdaemon
enabled
Install Endpoint Detection and Response on Linux endpoint
Endpoint Detection and Response for Linux uses Dynamic Kernel Module Support (DKMS). The kernel headers package is a dependency for the DKMS package, and the kernel headers version must match the kernel version running on the endpoint. To identify the exact kernel version in use, use the $uname -r command.
Installing the DKMS package with the standard package management tools may not install the proper version of the kernel headers package. Carefully check the DKMS package dependencies before installing. On older distributions such as CentOS, it may be necessary to manually add older or archived repositories beforehand, or to manually download and install the proper kernel headers .rpm package.
Manually install DKMS for the following Linux distros:
Linux Distribution | Commands |
Amazon Linux 2 |
Install DKMS with the following command:
|
Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 CentOS 7 CentOS 8 |
Note: DKMS is not in the default repository. An extra repository needs to be enabled with the following command:
Install DKMS with the following command:
|
Note: On Ubuntu-based distros, an attempt to install DKMS is automatically made during the Endpoint Agent install.
Once the proper kernel header version and DKMS are installed, proceed with enabling EDR for Linux in the policy.
For any issues with the installation of the Endpoint Agent on Linux systems, see Kernel module not running in Malwarebytes Endpoint Detection and Response.
Proxy Server Settings
You can use the variables listed below during installation or the mblinux command-line options to configure Malwarebytes for Linux to use a proxy server. If you need to use a password for proxy server authentication, use must use the mblinux command-line options to configure it.
Variable Name | Description |
NEBULA_PROXY_SERVER | The address to the proxy server |
NEBULA_PROXY_PORT | The port for the proxy server |
NEBULA_PROXY_USER | The username for proxy server authentication |
NEBULA_PROXY_BYPASS_LOCAL | Set if proxy should be bypassed for local addresses |
Return to the Malwarebytes Nebula Administrator Guide.