Prerequisites
Prior to deploying the Carbon Black Cloud sensor, please ensure you have accounted for the following:
Configure the necessary network connectivity
The Carbon Black sensor communicates with the Carbon Black cloud using bidirectionally authenticated Transport Layer Security (TLS) via port 443. All communications are outbound, sensor-to-server.
You can find your Carbon Black cloud’s IP addresses on this page.
Please be sure that this address is authorized at network egress points and that traffic is not subject to manipulation or TLS interception.
Configure sensor groups and policy assignments
Each sensor is assigned a policy that determines what policy rules apply to the sensor. By default, each new sensor is assigned the Standard policy unless you define an alternate policy during a command line installation or you have previously created sensor groups and the installed sensor matches a sensor group’s criteria.
Installing Carbon Black Cloud using a deployment tool
Use this installation method if you want to automate silent installations on many devices, including installations via a gold/master image.
To automatically install the Carbon Black Cloud sensor for Linux:
- Log into your Carbon Black Cloud console.
- Retrieve a company code from Endpoints > Sensor Options > Company Codes.
- Download a sensor kit for the target operating system from Endpoints > Sensor Options > Download sensor kits.
- Configure your deployment tool to create the file /var/opt/carbonblack/tmp/cbcipher containing the company registration code.
sudo mkdir -p /var/opt/carbonblack/tmp
echo '<COMPANY_CODE>' > cbcipher && sudo mv cbcipher /var/opt/ carbonblack/tmp/cbcipher - Use a provisioning tool to push out and install the RPM or DEB package on your endpoints.
Installing Carbon Black Cloud manually
Use this installation method if you want to install the sensor manually on a single endpoint.
To install the Carbon Black Cloud sensor for Linux with an RPM/DEB package:
- Log into your Carbon Black Cloud console.
- Retrieve a company code from Endpoints > Sensor Options > Company Codes.
- Download a sensor kit for the target operating system from Endpoints > Sensor Options > Download sensor kits.
- Extract the contents of the installer package into a temporary directory.
- Install the RPM/DEB package:
RPM:
sudo rpm -i cb-psc-install/cb-psc-sensor-<BUILD-NUMBER>.x86_64.rpm
DEB:
sudo dpkg -i cb-psc-install/cb-psc-sensor-<BUILD-NUMBER>.x86_64.deb
- Install the blades:
sudo cb-psc-install/blades/bladesUnpack.sh
- Update the /var/opt/carbonblack/psc/cfg.ini file with the company registration code:
sudo /opt/carbonblack/psc/bin/cbagentd -d '<COMPANY_CODE>'
- Start the agent:
For CentOS/RHEL 6:
service cbagentd start
For all other distributions:
systemctl start cbagentd
To install the Carbon Black Cloud sensor for Linux with a tarball:
- Log into your Carbon Black Cloud console.
- Retrieve a company code from Endpoints > Sensor Options > Company Codes.
- Download a sensor kit for the target operating system from Endpoints > Sensor Options > Download sensor kits.
- Create a temporary install directory on the endpoint:
mkdir cb-psc-install
- Extract the installer package contents into the temporary install directory onto the endpoint:
tar -C cb-psc-install -zxf cb-psc-sensor-<DISTRO>-<BUILD- NUMBER>.tgz
- Install and register the sensor by running the following command with the noted company code:
sudo cb-psc-install/install.sh '<COMPANY_CODE>'
Note: If the company registration code contains special characters (!, #, *, $, etc.) and is not quoted, the installation will immediately terminate. Double quotation marks are not an acceptable substitute to single quotes.
Configuring proxy support
You can configure the Carbon Black sensor to communicate through a proxy server. Proxy support can be configured via the sensor’s configuration file or an environment variable for non-CentOS 6 systems.
Learn more about configuring the Carbon Black sensor to use a proxy.
Comments
0 comments
Please sign in to leave a comment.