Introduction: This document outlines the procedure of installing the Enterprise Agent on Unix\Linux.

 

Prerequisites:

  • Allow incoming communication on port 3999

Procedure:

  1. Locate the proper Agent installer SH script (typically in the "\Forensic_Tools\Agents" folder on the AD Enterprise ISO/disc)
  2. Locate the public certificate to be used by your Agents.
  3. Copy the SH script and public certificate to the target machine.
  4. Open a Terminal and run the following command to give the SH script execute permissions:
    chmod +x agent-linux64.sh
  5. Run the following command to install the Agent:
    sudo ./agent-linux64.sh <Certificate Path>
  6. Start the Agent with the following command:
    sudo /etc/init.d/agentcored start

 

ParameterValueDefault ValueRequiredDescription
-installpath/usr/AccessData/agentNoSpecifies a desired path to install the agent.  Path must be enclosed in quotes if it contains spaces.    If not specified, the default value is assumed.
-lifetime0NoSpecifies the amount of time that a transient agent will exist before self-destructing.  A negative value is used to denote minutes (eg. -30 denotes 30 minutes), and a positive value is used to denote days (eg. 30 denotes 30 days).  0 indicates that the agent will not self-destruct.  If not specified, the default value is assumed.
-port3999NoThe port that the agent will be listening on.  If not specified, the default value is assumed.
-connections10NoSpecifies the number of concurrent connections allowed to the agent.  If not specified, the default value is assumed.
-size16777216NoSpecifies the agent configuration files storage size.  If not specified, the default value is assumed.
-datasize268435456NoSpecifies the agent temporary data storage size.  If not specified, the default value is assumed.
-folder_storage1/00NoA 1 Indicates that the agent will not use protected storage.  A 0 indicates that the agent will use protected storage.  If not specified, the default value is assumed.