Introduction: This document outlines the procedure of installing the Enterprise Agent on Unix\Linux.
Prerequisites:
- Allow incoming communication on port 3999
Procedure:
- Locate the proper Agent installer SH script (typically in the "\Forensic_Tools\Agents" folder on the AD Enterprise ISO/disc)
- Locate the public certificate to be used by your Agents.
- Copy the SH script and public certificate to the target machine.
- Open a Terminal and run the following command to give the SH script execute permissions:
chmod +x agent-linux64.sh - Run the following command to install the Agent:
sudo ./agent-linux64.sh <Certificate Path> - Start the Agent with the following command:
sudo /etc/init.d/agentcored start
| Parameter | Value | Default Value | Required | Description |
| -installpath | /usr/AccessData/agent | No | Specifies a desired path to install the agent. Path must be enclosed in quotes if it contains spaces. If not specified, the default value is assumed. | |
| -lifetime | 0 | No | Specifies the amount of time that a transient agent will exist before self-destructing. A negative value is used to denote minutes (eg. -30 denotes 30 minutes), and a positive value is used to denote days (eg. 30 denotes 30 days). 0 indicates that the agent will not self-destruct. If not specified, the default value is assumed. | |
| -port | 3999 | No | The port that the agent will be listening on. If not specified, the default value is assumed. | |
| -connections | 10 | No | Specifies the number of concurrent connections allowed to the agent. If not specified, the default value is assumed. | |
| -size | 16777216 | No | Specifies the agent configuration files storage size. If not specified, the default value is assumed. | |
| -datasize | 268435456 | No | Specifies the agent temporary data storage size. If not specified, the default value is assumed. |