Linux Installation and System Requirements

TEAM: Huntress Managed Endpoint Detection and Response (EDR) 
PRODUCT: Huntress, Linux EDR
ENVIRONMENT: Linux
SUMMARY: This guide walks you through the software and hardware requirements and installation options. 
 

Endpoint Requirements

We have listed the Linux-specific requirements below for quick reference. Here is a quick link to our full list of Supported Operating Systems / System Requirements / Compatibility
 

Software:

Hardware:

• 2 GHz dual-core or faster processor
• 2 GB of RAM
• 2 GB of Hard disk space
• A reliable HTTPS internet connection without SSL interception, able to reach our cloud services
  • https://huntress.io
  • https://*.s3.amazonaws.com
  • https://huntresscdn.com
  • https://bugsnag.com

(note: The agent uses secure communication methods that are sensitive to tampering with network traffic, which is something SSL monitoring services also do)

Installation/Uninstallation Instructions

Before you begin to install, we want to share with you a list of current Do Nots:

1. Do not deploy to any kernels and distributions that are not supported.
2. Do not install on Windows Subsystems for Linux - This may result in partial installations or other issues where it's not fully protected.
3. Do not install inside containers, ex, Docker, K8s, etc.

Installation script

The Linux Agent is installed using huntress_linux_install.sh

• Captures user installation parameters
• Downloads and unpacks the latest install artifacts, or, if provided, installs the given artifacts (gzip’d files).
• Configures the agent with user parameters (i.e., creates the config file)
• Installs the services
• Start the services
• Scribe for visual reference - https://scribehow.com/shared/Install_the_Linux_Agent_from_the_command_line__cYlfrOYfSAm8ixHlMYRo5Q

Installation using Ansible

Please refer to our 'Install via Ansible' knowledge base guide for installation instructions. 

Other Installation References

• Kaspersky Linux install guide - KES4Linux-12.1.0-en-US.pdf
• Guardz - Sentinel One support docs
• Microsoft Defender for Linux - Docs
• TrendMicro - Install docs
• CarbonBlack: carbon-black-edr-sensors.pdf
   

Agent Update

The agent can only be updated by the HuntressUpdater via the Unified Updater. This process is fully automated. 

1. The endpoint's update process will ping the portal to check for an available update.
2. If there is one available, it will be downloaded automatically
3. Then unpacked, and the metadata manifest provides the steps to be taken during the update.

Agent Uninstall

The agent can be uninstalled in 3 ways;

• Portal Uninstall task: Uninstalling the Huntress Agent
• Removal directly from the endpoint: /usr/share/huntress/uninstall.sh
• Removing Huntress With Ansible
  • Removing the Huntress Linux agent with Ansible works in the same way that installation does, just using the remove_huntress.yaml playbook instead. The above instructions around limits and dry runs apply to this playbook as well.
  • To remove Huntress from your entire inventory, run the following command:
    • ansible-playbook -i inventory.yaml remove_huntress.yaml

Uninstall methods will

• Stop the services
• Uninstall the services
  • Calls the portal to un-register
• Scribe for visual reference - https://scribehow.com/shared/Uninstall_the_Linux_Agent_from_the_command_line__oJRYU11aRdKsFevpkCqUOA

EDR Portal

Once the agent is installed, it will report back to the portal. Customers can see the agent on the portal page, similar to Windows or macOS agent views.

Support

In case of any problems with the EDR Linux agent, customers should contact Huntress support