Nebula offers the Endpoint Agent for Linux machines. The Downloads page in the Nebula console has instructions on setting up your repository source to point to the Malwarebytes Linux repository. Then, download and install the Endpoint Agent using standard Linux commands, apt-get/apt install or yum install.
Install Dynamic Kernel Management System (DKMS) and sign the Linux kernel if required. For minimum requirements to install on Linux machines, see Minimum requirements for Nebula.
Manually install on Linux endpoint
To manually add an endpoint to the Nebula platform, download the Malwarebytes Endpoint Agent installation file and run the file from the endpoint. Each is pre-configured for your account.
Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group as a parameter.
- On the left navigation menu, click Downloads.
- Under Linux, choose the distribution you are using, based on your endpoint operating system.
- Debian-based distros
- RPM-based distros
- SUSE-based distros
- After selecting your distro, copy the text in the Download and installation field and paste the text into your Linux command line. Your Account Token is automatically populated in the field for convenience.
- Run the script in your Linux environment.
When the installation process completes, the Endpoint Agent registers and the Linux endpoint shows up in the Endpoints page of Nebula.
NOTICE - All Linux endpoints are counted as Servers.
To confirm your Linux server starts the endpoint agent when it boots up, run the following command:
root@linux:~# systemctl is-enabled mbdaemon
disabled
If the output reads disabled, then run the following command to enable the agent:
root@linux:~# systemctl enable mbdaemon
Created symlink /etc/systemd/system/multi-user.target.wants/mbdaemon.service → /lib/systemd/system/mbdaemon.service
Run the following command again to confirm the agent is enabled:
root@linux:~# systemctl is-enabled mbdaemon
enabled
The online/offline indicator next to Linux endpoints is always gray whether the endpoint is online or not. You can see when the endpoint last checked in with the Nebula console under the Last seen column of the Endpoints page.
Install Endpoint Detection and Response on Linux endpoint
Endpoint Detection and Response for Linux uses Dynamic Kernel Module Support (DKMS). For Ubuntu-based distros, an attempt to install DKMS is automatically made during the Endpoint Agent install. For instructions on testing and performing code signing for secure boot, see Kernel module not running in Malwarebytes Endpoint Detection and Response.
Manually install DKMS for the following Linux distros:
| Linux Distribution | Commands |
| Amazon Linux 2 |
Install DKMS with the following command:
|
|
Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 CentOS 7 CentOS 8 |
Note: DKMS is not in the default repository. An extra repository needs to be enabled with the following command:
Install DKMS with the following command:
|
Proxy Server Settings
You can use the variables listed below during installation or the mblinux command-line options to configure Malwarebytes for Linux to use a proxy server. If you need to use a password for proxy server authentication, use must use the mblinux command-line options to configure it.
| Variable Name | Description |
| NEBULA_PROXY_SERVER | The address to the proxy server |
| NEBULA_PROXY_PORT | The port for the proxy server |
| NEBULA_PROXY_USER | The username for proxy server authentication |
| NEBULA_PROXY_BYPASS_LOCAL | Set if proxy should be bypassed for local addresses |
Return to the Malwarebytes Nebula Administrator Guide.