IBM Support

QRadar EDR (formerly ReaQta): Installing Linux agent version 0.60.0 on CentOS 7 Linux distribution

How To


Summary

This article covers the step by step guide to install the Linux agent version 0.60.0 on CentOS 7 Linux distribution.

Objective

Understanding the requirements and step by step process on how to install the Linux agent version 0.60.0 on CentOS 7 Linux distribution for getting a successful agent registration.

Steps

  1. With an internet connection, ensure that the prerequisite packages are installed by typing the following command:

    sudo yum install gcc make kmod dkms kernel-devel-$(uname -r) kernel-devel

    Note: Some packages might be available only after you enable extra repositories.
     
  2. Additionally, install and enable EPEL repository on the CentOS 7 system, by typing the following command:

    sudo yum install epel-release
     
  3. Verify that the kernel headers match the exact version of the kernel you are running by following the steps described in the article: QRadar EDR (formerly ReaQta): Verifying kernel headers match the version of the kernel used by the Linux system
     
  4. Ignore-taint flag to successfully load the kernel mode, by editing the /etc/reaqtahive.d/keeperx.env file, and adding the following line to the end of it:

    KMOD_IGNORE_TAINT=1

    For more information about kernel switching into "tainted" state, refers to: QRadar EDR (formerly ReaQta): Keeperx.service error Main process exited, code=exited, status=4/NOPERMISSION with Linux Agent 0.60.0 when registering the endpoint
     
  5. Download the installer rpm package from the ReaQta dashboard

    • Click Administration > Update Manager
    • Click Hive Package
    • Click Installer Download
    • Click Download for the rpm installer
     
  6. Run the installer by typing one of the following commands that best fits your needs:

    • If it is a new installation, type the following command:

    sudo RQTPARAMS="https://<URL>:<PORT> --gids <group_IDs>" --proxy http://proxy:port" rpm -Uvh --force <installer>.rpm
     
    Installer Parameters Description Reference
    URL Your ReaQta Hive server domain name or IP address, including the port.
    Group IDs At least one group ID is required if ReaQa is in MSSP deployment.
    A comma-separated list of group IDs.
    Proxy If you are using a proxy to access ReaQta Hive, enter the proxy URL and port.
    It must be a nonauthenticated proxy.
    Installer The file name of the installer that you downloaded.

    • If you are updating to a later version of the agent, or if you need to install the agent without registering the endpoint, type the following command:

    sudo rpm -Uv <installer>.rpm

  7. Check for a successful agent registration by following the steps described in the article: ReaQta: Verifying ReaQta agent successfully installed and it is up and running

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVOEH","label":"IBM Security ReaQta"},"ARM Category":[{"code":"a8m3p000000hBSZAA2","label":"Agent-\u003EInstallation-\u003ELinux"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"3.10.0"}]

Product Synonym

ReaQta

Document Information

Modified date:
16 May 2023

UID

ibm16851797

Page Feedback