This guide describes how to download the Cmd Audit agent and bake it into a master image for automated deployment. It provides background knowledge important for the various infrastructure-specific installation guides.

(This also applies to Cmd Free, which uses a restricted version of the Cmd Audit agent. Separate guides describe how to install an agent on a single server with a shell script, and how to deploy the Cmd Control agent.)

Make sure to install on one of the supported OSes.


  1. Find your project key

  2. Download and install an agent binary

  3. Bake the image

  4. Set your project key

  5. Configure the agent

  6. Enable the agent to start at boot

  7. Start the agent

  8. Examples of cmd.prj and config.ini

Step one: Find your project key

Each Cmd project has a unique project key.

Locate the key for the Cmd project where you'd like servers to appear:

  1. Make sure you are in the correct project.

  2. Click Sessions at the top of the web app.

  3. Click Manage servers on the right side (under the graph).

  4. Click Add server near the middle of the page.

  5. Click Auto-deploy.

  6. Click Copy.

  7. Save the key for later.

Step two: Download and install an agent binary

You can download any supported agent version from the web app (Option 1), or the endpoint (Option 2). (To download a Cmd Audit agent, you must use a project key from a Cmd Audit project.)

Download the agent binary

Option 1 — Download from the web app:

To download from the web app, go to 'Project & app settings > Agent > Agent updates', and click Download Agent Package.

Note: Disable 'automatic agent updates' to avoid surprises.

Option 2 – Download from the endpoint:

Alternatively, you can use an HTTP request to download the agent programmatically.

Install the agent binary

After download, install the agent with one of these commands (replacing the binary name as needed):

- For Ubuntu-based or Debian-based systems:

sudo dpkg -i cmd-1.2.0.amd64.deb

- For Redhat/CentOS based systems:

sudo rpm --install cmd-1.2.0.x86_64.rpm

- For systems installing the .tgz package:

sudo tar -xzf cmd-1.2.0.tar.gz --strip-components 1 -C /  

Step three: Bake the image

Bake the image, then proceed to step four.


Step four: Set the project key

Use the project key you copied in step one. Echo it to /etc/cmd/cmd.prj using the following commands:

sudo mkdir /etc/cmd
echo -n <project key> | sudo tee /etc/cmd/cmd.prj

Step five: Configure the agent

Configure the agent by creating a config file at /etc/cmd/config.ini . Use this file to manage the following settings:

Required settings

For every instance of the image, set a url and sos_url :

  • For url , set the following: url=https://<SUB>

  • For sos_url , set the following: sos_url=https://<SUB>

Replace <SUB> with the subdomain of your Cmd project. For example, if your web app instance uses the URL, the subdomain is "sub1", and you should replace <SUB> with sub1. This means your config.ini might look like this:


Optional settings

You can also set server name, server group and http proxy, and enable the agent status API.

To define server name:

echo server_name=<define_server_name> | sudo tee --append /etc/cmd/config.ini

Note: server names can't exceed 128 characters, and must consist of these characters:

- a-z
- A-Z
- 0-9
- space , _ , : , . , -

For AWS, replace <define_server_name> with:

$(curl -s

For GCP, replace <define_server_name> with:

$(curl -s "" -H "Metadata-Flavor: Google")

To define server groups:

echo groups=<define_server_groups> | sudo tee --append /etc/cmd/config.ini

Replace <define_server_groups> with the name of the group where servers included in this auto-deployment belong. Valid characters for a server group are: 0-9 , a-z , A-Z , - , and _ .

If you'd like to include multiple groups use "," (e.g., export groups=groupA,groupB,groupC).

To define http proxy:

echo http_proxy=<http_proxy_url> | sudo tee --append /etc/cmd/config.ini

Replace <http_proxy_url> with the ip:port of your proxy.
(e.g., http_proxy=

To enable the agent status API:

echo diagnostics_interface=1 | sudo tee --append /etc/cmd/config.ini

Step six: Enable the agent to start at boot

For OSes that use systemd:

systemctl enable cmd

For OSes that use Upstart:

initctl enable cmd

For systems installing the .tgz package, set up an init script appropriate for your architecture.

Step seven: Start the agent

For OSes that use systemd:

systemctl start cmd

For OSes that use Upstart:

initctl start cmd

For systems installing the .tgz package, start the agent in a way appropriate for your architecture.







Learn How to deploy Cmd in containers.

Check out the Agent installation guides collection.

Get additional support

If you encounter difficulties in automating the deployment, please contact us.

Did this answer your question?