Versions Compared

Version Old Version 8 New Version Current
Changes made by

Former user

Catie G.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

Note

Before you begin, Armor recommends that you pre-installation information, including firewall rules.  To To learn more, see Armor Anywhere Agent 3.0 Pre-Installation.

...

Step 1: Locate the Armor Anywhere

...

Agent

  1. In

...

  1. the Armor Management Portal (AMP), in the left-side navigation,

...

  1. click Infrastructure.

...

...

  1. Click Virtual Machines.

...

  2. Hover over the plus ( + ) icon, and then click

...

  1. the Anywhere

...

  1. Agent icon.

    • If you don't have any agents listed, then click

...

    • Add an Armor Agent.

...

  2. Copy your license key. You will need this information in a later step.

  3. Select your operating system (Linux

...

  1. or Windows).

...

Step 2: Install the Armor agent

...

Users now have two options to choose from when Armor recommends installing the Armor Anywhere agent:Option 1: Armor Anywhere  Agent with all Security Services. Documentation on installing the Armor Agent only can be found below.

Step 2: Install the Armor Agent for Servers (AA)

Run the command to install the Armor Anywhere agent Agent with all Security Services

...

.

...

For Linux users:

sudo curl -sSL https://agent.armor.com/latest/armor_agent.sh | sudo bash /dev/stdin -l AAAA1-AAAA1-AAAA1-AAAA1-AAAA1 -r
us-west
(region) -f
Code Block
themeMidnight
Tip

You must replace

  • AAAA1-AAAA1-AAAA1-AAAA1-AAAA1 with your specific license key

Option 2: Armor Anywhere Agent Only

Run the command to install the Armor Anywhere agent only. 

For Linux users:

Midnight

Currently, all users will leverage the region: us-west-armor

Expand
titleClick here for the agent only install command...
Note

Selecting this option installs the Armor Anywhere agent only. To install additional security services, please see step 2a. 

Note
Code Block
theme
Info

The Trend Recommendation Scan is not run upon installation, but is instead scheduled to run 10 minutes after installation and then every 7 days after that.

...

Step 3: Review the status of the Armor Agent for Servers

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Infrastructure

  2. Click Virtual Machines and click on the corresponding VM.

    • On the VM detail page, you can view information about the VM as well as the services installed on the server and their corresponding health.  

    • The State column contains a green or red status to indicate if the server's agent has registered a heartbeat to Armor.

      • A green status indicates the server's agent has registered a heartbeat in the past hour. 

      • A red status indicates the server's agent has not registered a heartbeat in the past hour. 

Note

The State of each Armor Service will show Pending for two-hours after installation. After two hours, the State should accurately reflect the health of the service.

Note

To access troubleshooting documentation for each Armor Security Service, click on the name of the service in the sub-agent health table.

...

Installing the Armor Anywhere Agent Only

If you need to install the Armor Agent and Armor Security Services one by one, Armor recommends following the specific order outlined below to utilize the benefits of Recommendation Scans.

Recommendation Scans provide a good starting point for establishing a list of rules that you should implement for FIM and IPS. During a recommendation scan, the Armor Agent scans the operating system for installed applications, the Windows registry, open ports, and more. Recommendation Scans provide the rules and policies that will be auto applied by FIM and IPS, so auto apply features for those services must be turned on. Similarly, there is nothing for FIM and IPS to auto apply unless a Recommendation Scan is run.

If you do not want to run Recommendation Scans, please review the full list of CLI commands available here.

...

Agent Only Step 1: Run the command to install the Armor Anywhere agent only.

Code Block
sudo curl -sSL https://agent.armor.com/latest/armor_agent.sh | sudo bash /dev/stdin -l AAAA1-AAAA1-AAAA1-AAAA1-AAAA1 -r
us-west
(region)

Armor Best Practices: Recommendation Scans

If you install the Armor Agent only and plan to use the Intrusion Prevention Service and/or File Integrity Monitoring, Armor recommends utilizing the new Recommendation Scans feature to automatically apply a baseline set of rules specifically optimized for your VM (based on installed applications, open ports, and more).

Below are the steps to turn on Recommendation Scans to follow Armor's best practices.

For Linux users:

Install Logging:

Midnight

Currently, all users will leverage the region: us-west-armor

Tip

You must replace

  • AAAA1-AAAA1-AAAA1-AAAA1-AAAA1 with your specific license key

Note
Insert excerpt
ESLP:Armor Best Practices: Recommendation Scans (Linux)ESLP:Armor Best Practices: Recommendation Scans (Linux)
nopaneltrue
Note

Install Armor Security Services

Below are the commands to install Armor's additional Security Services.

Expand
Note
Code Block
theme

...

Agent Only Step 2: Install Armor Security Services

Note

Step 1: Install Trend Sub-Agent:

Code Block
/opt/armor/armor trend install

Step 2: Turn On File Integrity Monitoring in "Auto-Apply" Mode(This automatically applies FIM rules identified by Recommendation Scans. You must run a Recommendation Scan to identify the FIM rules that will be auto-applied.)

Code Block
/opt/armor/armor fim on auto-apply-recommendations=on

Step 3: Turn On Intrusion Prevention Service in "Auto-Apply" Mode(This automatically applies IPS rules identified by Recommendation Scans. You must run a Recommendation Scan to identify the IPS rules that will be auto-applied.)

Option 1: Detect Mode

Code Block
/opt/armor/armor ips detect auto-apply-recommendations=on

Option 2: Prevent Mode

Code Block
/opt/armor/armor ips prevent auto-apply-recommendations=on


Step 4: Install Malware Protection (Anti-Virus)

Code Block
/opt/armor/armor av on

Step 5: Install Vulnerability Scanning*

Code Block
/opt/armor/armor vuln install

*Vulnerability Scaning is a standalone service not included in the Trend Subagent

Step 6: Install Logging*

 Code Block
/opt/armor/armor logging install
Install Vulnerability Scanning:
 Code Block
themeMidnight
*Logging is a standalone service not included in the Trend Subagent
Step 7: Run a Recommendation Scan (This runs the initial Recommendation Scan to apply the baseline rules for FIM and IPS. Recommendations cannot be applied unless FIM and IPS are turned on and running in auto-apply mode.)
recommendation-scan
 Code Block
/opt/armor/armor 
vuln
trend 
installTurn On Malware Protection:
 Code Block
themeMidnight

Step 8: Turn On Ongoing Recommendation Scans (This automatically runs Recommendation Scans every 7 days. All FIM and IPS rule changes are automatically applied if you followed Steps 2 and 3.)
 Code Block
/opt/armor/armor
 av on
For more information on these additional Armor Security services, please see the comprehensive list of services and commands here
...
 Note
The State of each Armor Service will show Pending for two-hours after installation. After two hours, the State should accurately reflect the health of the service. 
 Note
To access troubleshooting documentation for each Armor Security Service, click on the name of the service in the sub-agent health table. 
Related Documentation
...
 trend ongoing-recommendation-scan on
...
Agent Only Step 3: Same as Step 3 in the full installation outline above.
...
Troubleshooting
The Armor Agent uses the BiosUUID to identify the hardware that the agent is running on. This number is tied to your motherboard (in the case of a physical computer) but is also present in a Virtual Machine.
In rare cases, the usual calls to retrieve this identifier fail to return this UUID, which will cause the Armor Agent to fail registration.
Turn on Armor Agent debug logging and try to register again. If the registration fails again, search the log for "Unable to get BiosUUID"
 Code Block
time="2020-07-24T03:06:48-05:00" level=debug msg="Unable to get BiosUUID"
time="2020-07-24T03:06:50-05:00" level=debug msg="Unable to get BiosUUID"
In Linux, try this command to try to retrieve the UUID:
 Code Block
sudo dmidecode |grep UUID
Any of the above commands should return a 35byte string formatted like:
 Code Block
4C4C7544-0057-4C30-8046-C2C04F4C9132
The BIOS UUID is required by the Armor Agent, to ensure uniqueness of the device. The BIOS UUID must be readable by the operating system. If the BIOS UUID is not available to the operating system please check with your provider.
Related Documentation