Skip to main content

Add Linux endpoints in Nebula

Updated: 

Nebula offers the Endpoint Agent for Linux machines. The Downloads page in the Nebula console has instructions on setting up your repository source to point to the Linux repository. Then, download and install the Endpoint Agent using standard Linux commands, apt-get/apt install or yum install

For minimum requirements to install on Linux machines, see Minimum requirements for Nebula.

Linux Endpoint Installer Notes

  • Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group. To automatically assign endpoints to a group during installation:
    1. On the left navigation menu, click Download Center.
    2. Under Advanced tools, click the Specify group assignment link.
  • The Deployment tab has two options available for your Linux endpoints:
    • Install: Use these commands to download and install the endpoint agent on the endpoint.
    • Upgrades: For applicable Linux distros. Use these commands to upgrade the endpoint agent on the endpoint.

Install the endpoint agent on a Linux device

To manually add an endpoint to Nebula, select your Linux distro and copy the commands displayed in Nebula.

Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group as a parameter.

  1. On the left navigation menu, click Download Center.
  2. Select Linux from the platform drop-down menu.
  3. Choose the distribution you are using in the installer version drop-down menu.
  4. After selecting your distro, copy the text in the Install field and paste the text into your Linux command line. Your Account Token is automatically populated in the field for convenience.
  5. Run the script in your Linux environment.

When the installation process completes, the Endpoint Agent registers and the Linux endpoint shows up in the Endpoints page of Nebula and the agent begins logging events and errors on the endpoint. For information on gathering logs, see Collect Endpoint Agent diagnostic logs.

NOTICE - All Linux endpoints are counted as Servers.

Endpoint Detection and Response for Linux

Endpoint Detection and Response (EDR) requires the Dynamic Kernel Management System (DKMS) to be installed and the Linux kernel to be digitally signed if required. 

  • The kernel headers package is a dependency for the DKMS package, and the kernel headers version must match the kernel version running on the endpoint. To identify the exact kernel version in use, run the $uname -r command.
  • Installing the DKMS package with the standard package management tools may not install the proper version of the kernel headers package. Carefully check the DKMS package dependencies before installing. On older distributions such as CentOS, it may be necessary to manually add older or archived repositories beforehand, or to download and install the proper kernel headers .rpm package manually.
  • On Ubuntu-based distros, an attempt to install DKMS is automatically made during the Endpoint Agent install. 

Manually install DKMS for the following Linux distros:

Linux Distribution Commands
Amazon Linux 2

Install DKMS with the following commands:

  • sudo yum install dkms

Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 8

CentOS 7

CentOS 8

Note: DKMS is not in the default repository. An extra repository needs to be enabled with the following command:

  • sudo yum -y update epel-release

Install DKMS with the following command:

  • sudo yum install dkms

Debian

Check if Linux kernel headers are missing and install

  • sudo apt update
  • sudo apt list linux-headers-$(uname -r)
  • sudo apt install linux-headers-$(uname -r)

Once the proper kernel header version and DKMS are installed, enable EDR for Linux in the policy.

For any issues enabling EDR on Linux systems, see Kernel module not running in Endpoint Detection and Response

Run endpoint agent on startup

To confirm your Linux server starts the endpoint agent when it boots up, run the following command:

  • root@linux:~# systemctl is-enabled mbdaemon

If the output reads disabled, then run the following command to enable the agent:

  • root@linux:~# systemctl enable mbdaemon

Created symlink /etc/systemd/system/multi-user.target.wants/mbdaemon.service → /lib/systemd/system/mbdaemon.service

Rerun the following command and verify the output now reads enabled

  • root@linux:~# systemctl is-enabled mbdaemon

Proxy Server Settings

You can use the variables listed below during installation or the mblinux command-line options to configure the Endpoint Agent for Linux to use a proxy server. If you need to use a password for proxy server authentication, you must use the mblinux command-line options to configure it.

Variable Name Description
NEBULA_PROXY_SERVER The address to the proxy server
NEBULA_PROXY_PORT The port for the proxy server
NEBULA_PROXY_USER The username for proxy server authentication
NEBULA_PROXY_BYPASS_LOCAL Set if proxy should be bypassed for local addresses

 

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more