Spirion Client for Linux (formerly Identity Finder Endpoint) can be managed via the Console. This management includes the application of policies, scheduling of tasks, reporting of results and logs, remediation, and collection of diagnostic information. Additionally, the endpoint software can be executed via the command line at a command prompt.
To configure Linux clients to communicate with the console, it is necessary to install configuration information on each endpoint that includes the location of the console as well as the encryption information necessary to securely communicate with the console.
Before a search can be executed on the endpoint, it is necessary for each endpoint to have license information that is provided via a license file (identityfinder.lic).
This article describes the process for manually configuring a single system to communicate with the console. To build an installation package for deployment, refer to the following article:
This section describes the process to quickly install and configure Endpoint for Linux on a single system.
- Download the SpirionSetup.tgz (formerly IdentityFinderSetup.tgz) and your license file identityfinder.lic from the Customer Portal
- Create a temporary package directory, for example /tmp/SpirionPackage:
- Switch the current working directory to the temporary package directory, for example:
- Copy SpirionSetup.tgz (formerly IdentityFinderSetup.tgz) to the temporary package directory. For example, if it was downloaded to /home/user, copy it to the example temporary folder /tmp/SpirionPackage:
cp /home/user/SpirionSetup.tgz /tmp/SpirionPackage
- Execute the following command to extract the bundle:
tar -zxvf SpirionSetup.tgz
- Open a web browser, navigate to http://consoleserver/Services where consoleserver is the name or IP address of the console and click on the appropriate link for Linux to save the identityfindersettings.xml file to the client and copy the identityfindersettings.xml file into your temporary package directory. For example, if it was downloaded to /home/user, copy it to the example temporary folder /tmp/IdentityFinderPackage:
cp /home/user/identityfindersettings.xml /tmp/SpirionPackage
- Copy the identityfinder.lic license file into the temporary package directory. For example, if it is located in /home/user, copy it to the example temporary folder /tmp/SpirionPackage:
cp /home/user/identityfinder.lic /tmp/SpirionPackage
- When SSL is used for the Services application, the Linux client only requires certificate configuration if the server certificate is self-signed or from a private certification authority. All certificates from publicly trusted root certificate authorities such as GoDaddy, Verisign, Thawte, etc. will automatically be recognized. If a self-signed or private certificate is used on the console server for SSL communications, follow these steps:
- Obtain the ca.pem file as described in the "Obtaining the server's SSL certificate" section of the following article: Enabling SSL communication between Linux Endpoints and the Console.
- Copy the ca.pem file into the temporary package directory (e.g., /tmp/SpirionPackage).
- Edit the identityfindersettings.xml file to add the Console\caPath. The build script will copy the ca.pem to /var/lib/identityfinder, so the value for the Console\caPath setting should be:
- Execute the following command to install and launch the software:
The basic installation and configuration of a Linux client is now complete. The client will register itself with the console and policies and scheduled tasks can be assigned to the client. The client may be used via the command line to perform a search and the results will be automatically sent to the console when the application is closed.
Endpoint Service logs: var/lib/identityfinder/Logs
System search logs: var/lib/.identityfinder/(04964656e-7469-7479-2046-696e6465720}/Logs/SystemSearch
License file: /usr/local/bin
System settings: /var/lib/identityfinder/identityfindersettings.xml
Shared files: /mnt/hgfs/SharedFiles