Linux Early Private BETA Prep List

TEAM: Huntress Managed Endpoint Detection and Response (EDR) 
PRODUCT: Huntress, Linux EDR
ENVIRONMENT: Linux
SUMMARY: Early Private Beta Feedback, Requirements, Installation, and Capabilities

What Feedback is Huntress Looking For?

A couple of notes regarding this private beta:

• The feedback we are looking for in this early private beta is focused on agent installation and management. We'd like to learn what experience customers had installing/uninstalling the agent, checking agent status, and the survey data it collects in the EDR portal.
• Since this is the pre-GA version, we recommend that customers do NOT perform pen testing on the agent to check its detection and protection capabilities
• We’d like to know the customer's experience when checking the endpoint status and properties in the portal. Is the information correct? Is there anything else they would like to see? Did they have any problems navigating to the Linux agent page in the portal?
• We are very interested in learning more about customer environments—what services do they run on their Linux hosts, what Linux distributions they use, what anti-virus software they run on Linux, how they manage Linux machines, and whether those Linux endpoints are part of the Active Directory Domain (what services?).
• We plan to offer agent installation using Ansible shortly, followed by Intune. What other methods do they use currently? Are there any RMM tools they use to manage and monitor their Linux endpoints?

Host Requirements

Software:

Linux kernel 5.14.50 and above.64bit.a

Ubuntu 24.04, 22.04, 20.04Debian 11, 12

Hardware:

• 2 GB of RAM
• 2 GB of Hard disk space
• A reliable HTTPS internet connection without SSL interception, able to reach our cloud services
  • https://huntress.io
  • https://*.s3.amazonaws.com
  • https://huntresscdn.com
  • https://bugsnag.com

(note: The agent uses secure communication methods that is sensitive to tampering network traffic, which is something SSL monitoring services also do)

Installation/Uninstallation  Instructions

Installation and uninstallation of Linux agent during the early private beta is limited to command line actions using Huntress provided scripts.

Installation: Linux EDR agent during this pre-private beta, please use the following instructions:

Installation script

The Linux Agent is installed using huntress_linux_install.sh

• Captures user installation parameters
• Downloads and Unpacks the download the latest install artifacts, or if provided it’ll install given artifacts (gzip’d file).
• Configures the agent with user parameters (i.e. creates the config file)
• Installs the services
• Starts the services
• Scribe for visual reference - https://scribehow.com/shared/Install_the_Linux_Agent_from_the_command_line__cYlfrOYfSAm8ixHlMYRo5Q

Agent Update

The agent can only be updated via HuntressUpdater via the Unified Updater.

1. The update process will ping the portal for an available update.
2. If there is one available, it is downloaded
3. Then unpacked and the metadata manifest provides the steps to be taken during the update.

Agent Uninstall

The agent can be uninstalled in 2 ways;

• on host: /usr/share/huntress/uninstall.sh
• Portal Uninstall task.

Both methods will

• Stop the services
• Uninstall the services
  • Calls the portal to un-register
• Scribe for visual reference - https://scribehow.com/shared/Uninstall_the_Linux_Agent_from_the_command_line__oJRYU11aRdKsFevpkCqUOA

EDR Portal

Once the agent is installed, the agent will report back to the portal.Customers can see the agent in the portal page similar to Windows or macOS agents views.

Capabilities

Detection capabilities in private beta are focused on detecting footholds.Naturally, more detection capabilities will be added at later times.On the remediation side, Host Isolation will not be available for this early private beta.

Similarly, agents will have no Tamper Protection.

Support

In case of any problems with the EDR Linux agent, customers should contact Huntress support