This guide describes how to bake the Cmd Control agent into a master image for automated deployment. It provides background knowledge important for the various infrastructure-specific installation guides.

(Separate guides describe how to install Cmd on a single server with a shell script, and how to deploy the Cmd Audit agent.)

Outline

  1. Find your project key
  2. Download and install an agent binary
  3. Bake the image
  4. Enter your project key in /etc/cmd/cmd.prj
  5. Configure the agent
  6. Enable the agent to start at boot
  7. Start the agent
  8. Examples of cmd.prj and config.ini  

 

Step one: Find your project key

Each Cmd project has a unique project key.

Locate the key for the Cmd project where you'd like servers to appear:

  1. Make sure you are in the correct project.
      
  2. Click Sessions at the top of the web app.
     
  3. Click Manage servers on the right side (under the graph).
     
  4. Click Add server near the middle of the page.
     
  5. Click Auto-deploy.
  6. Click Copy.
  7. Save the key for later.

Step two: Download and install an agent binary

You can download any supported agent version from the web app (Option 1), or an endpoint (Option 2). (To download a Cmd Control agent, you must use a project key from a Cmd Control project.)

Download the agent binary

Option 1 — Download from the web app:

To download from the web app, go to 'Project & app settings > Agent > Agent updates', and click Download Agent Package.

Note: Disable 'automatic agent updates' to avoid surprises.

 
Option 2 – Download from the endpoint:

Alternatively, you can use an HTTP request to automatically download the agent.


Install the agent binary

Use one of these commands, replacing the binary name as needed:

- For Ubuntu-based or Debian-based systems:

sudo dpkg -i ccf-1.4.2.amd64.deb

- For Redhat/CentOS based systems (other than SUSE):

sudo rpm --install ccf-1.4.2.x86_64.rpm


- For SUSE:

sudo rpm --install ccf-1.4.2.opensuse.x86_64.rpm 

Step three: Bake the image

Bake the image, then proceed to step four.

Examples: 

 
 
Step four: Set the project key

Use the project key you copied in step one. Echo it to /etc/cmd/cmd.prj :

sudo mkdir /etc/cmd
echo -n <project key> | sudo tee /etc/cmd/cmd.prj

 

 
Step five: Configure the agent

Configure the agent by creating a config file at /etc/cmd/config.ini . Use this file to manage the following settings:

Required configuration

For every instance of the image, set a url and an sos_url :

  • For url , set the following: url=https://<SUB>.c-app.cmd.com/ws
  • For sos_url , set the following: https://<SUB>.sos-app.cmd.com/

Replace <SUB> with the subdomain of your Cmd project. For example, the following commands would be correct for a web app instance with the URL https://sub1.app.cmd.com/:


URL:

echo url=https://sub1.c-app.cmd.com/ws | sudo tee --append /etc/cmd/config.ini


SOS_URL:

echo sos_url=https://sub1.sos-app.cmd.com | sudo tee --append /etc/cmd/config.ini     


Optional configuration

For every instance created from the image, you'll have the option to set three additional configuration variables: server name, server group and http proxy.


To define server name:

echo server_name=<define_server_name> | sudo tee --append /etc/cmd/config.ini

Note: server names can't exceed 128 characters, and must consist of these characters: 

- a-z
- A-Z
- 0-9
- space , _ , : , . , -


For AWS, replace <define_server_name> with:

$(curl -s http://169.254.169.254/latest/meta-data/instance-id)


For GCP, replace <define_server_name> with:

$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/id" -H "Metadata-Flavor: Google")

 
 
To define server groups:

echo groups=<define_server_groups> | sudo tee --append /etc/cmd/config.ini

Replace <define_server_groups> with the name of the group where servers included in this auto-deployment belong. Valid characters for server groups are: 0-9 , a-z , A-Z , - , and _ .

To include multiple groups use "," (e.g., export groups=groupA,groupB,groupC).
 

To define http proxy:

echo http_proxy=<http_proxy_url> | sudo tee --append /etc/cmd/config.ini

Replace <http_proxy_url> with the ip:port of your proxy.
(e.g., http_proxy=10.10.10.10:8080)

  

To enable the agent status API:

echo diagnostics_interface=1 | sudo tee --append /etc/cmd/config.ini

   
Step six: Enable the agent to start at boot

For OSes that use systemd:

systemctl enable cmd


For OSes that use Upstart:

initctl enable cmd

   

   
Step seven: Start the agent

For OSes that use systemd:

systemctl start cmd

 
For OSes that use Upstart:

initctl start cmd

  

   
Example project key and config files:

/etc/cmd/cmd.prj:

9e05129dba2db43e9bc535bf39b27839626fd082e93d0b211f2506ea3517915e16ee6c420c7c874b10a2ea9e353e17e959b4a5f57ed1cfd5ccf80af1363603fe

/etc/cmd/config.ini:

server_name=demo-name
groups=test1,test2,test3
http_proxy=192.168.1.100:8080
diagnostics_interface=1

 

 

Next:

Learn How to deploy Cmd in containers.

Check out the Agent deployment guides collection.

   

Get additional support

If you encounter difficulties in automating the deployment, please contact us.

Did this answer your question?