Skip to main content

Linux Endpoints

To onboard and manage privileged access for Linux endpoints you must do the following

  1. Install Linux Endpoints
  2. Configure for 1FA or 2FA LDAP authentication against your LDAP server (assume that you want to use LDAP).
  3. If you are only managing local users, issue credentials by using the Checkout Process

How to Onboard Linux Endpoints Agents

Downloading the Endpoint Agent

Follow the instructions given below for installing and setting up the agent in an endpoint:

endpoints

  1. Navigate to 'Endpoints' section from 'Privilege Access Management'.

  2. Click on Add an Endpoint Button which will take you to the screen wherein you can select your OS.

  3. Download the agent via clicking on the 'Download Agent' link on that screen. which will take you to the drive for downloading the endpoint agent binary.

  4. On the Passwordless browser tab we will have the newly generated Agent token.

Installing & Configuring the Endpoint Agent in an Endpoint

  1. You can download the linux agent utilizing one of these following ways

    Note: Please find the agent token by navigating to "add endpoint" in the Privileged Access Management section in AuthNull.

    • You can also download the endpoint agent by following the steps given above.

    • (Recommended) Or by directly downloading the agent via source code(This has the latest version- Endpoint Agent v2.0). Read more

  2. The configuration can be found under app.env, copy the app.env file to /home path.

    App.env file can be found within your console.

    Refer to this Sample app.env file:

    KEY=KL01

    MACHINE_KEY=MACKL01```

    AGENT_TOKEN=xxxx

    Note:This would be generated by the AuthNull.

    TENANT_ID=1

    USER_ID=1

    BUCKET_NAME=guac-session

    RECORDING_DIR=/anchor_dvr/

    FILE_NAME=test.guac

    BUCKET_NAME_GCS=gto-did-app-dev

    STORAGE_AWS_FLAG=true

    MACHINE_KEY = Unique Machine Key Identifier (Constant)

  3. Please update the below environment variables inside the app.env file

    AGENT_TOKEN= Agent Token to be used for registering agent (token to be fetched from the Authnull platform when registering)

    TENANT_ID= Domain Id

    USER_ID = User Id of the Daemon (Assuming it as 1)

    AWS/GCP Details can be provided for the storage options

  4. Run the agent by the following command

    ./endpointpamagent

Note: The agent will synchronize the guacd server based on the jobs assigned, and the recordings information will be stored as specified under GCS Bucket as per the config file for jump server.

Interacting with the Endpoint from AuthNull Platform

Follow the instructions given below to interact with an endpoint using the AuthNull admin console:

  1. Navigate to 'Endpoints' section from 'Privilege Access Management'.

  2. Click on the gear icon in the "Options" column to interact with an agent, this will allow to active and deactivate an endpoint, assign users to an endpoint, configure authentication flow of an endpoint and customise credential policy for an onboarded endpoint.

Configuring the agent as per the instructions provide the ability to do the following two use cases.

  1. Local privileged user management along with 2FA authentication
  2. LDAP 2FA authentication