This guide describes how to download the Cmd Audit agent and bake it into a master image for automated deployment. It provides background knowledge important for the various infrastructure-specific installation guides.
(This also applies to Cmd Free, which uses a restricted version of the Cmd Audit agent. Separate guides describe how to install an agent on a single server with a shell script, and how to deploy the Cmd Control agent.)
Make sure to install on one of the supported OSes.
Outline
Step one: Find your project key
Each Cmd project has a unique project key.
Locate the key for the Cmd project where you'd like servers to appear:
Make sure you are in the correct project.
Click Sessions at the top of the web app.
Click Manage servers on the right side (under the graph).
Click Add server near the middle of the page.
Click Auto-deploy.
Click Copy.
Save the key for later.
Step two: Download and install an agent binary
You can download any supported agent version from the web app (Option 1), or the endpoint (Option 2). (To download a Cmd Audit agent, you must use a project key from a Cmd Audit project.)
Download the agent binary
Option 1 — Download from the web app:
To download from the web app, go to 'Project & app settings > Agent > Agent updates', and click Download Agent Package.
Note: Disable 'automatic agent updates' to avoid surprises.
Option 2 – Download from the endpoint:
Alternatively, you can use an HTTP request to download the agent programmatically.
Install the agent binary
After download, install the agent with one of these commands (replacing the binary name as needed):
- For Ubuntu-based or Debian-based systems:
sudo dpkg -i cmd-1.2.0.amd64.deb
- For Redhat/CentOS based systems:
sudo rpm --install cmd-1.2.0.x86_64.rpm
- For systems installing the .tgz
package:
sudo tar -xzf cmd-1.2.0.tar.gz --strip-components 1 -C /
Step three: Bake the image
Bake the image, then proceed to step four.
Examples:
Step four: Set the project key
Use the project key you copied in step one. Echo it to /etc/cmd/cmd.prj using the following commands:
sudo mkdir /etc/cmd
echo -n <project key> | sudo tee /etc/cmd/cmd.prj
Step five: Configure the agent
Configure the agent by creating a config file at /etc/cmd/config.ini
. Use this file to manage the following settings:
Required settings
For every instance of the image, set a url
and sos_url
:
For
url
, set the following:url=https://<SUB>.c-app.cmd.com/ws
For
sos_url
, set the following:sos_url=https://<SUB>.sos-app.cmd.com/
Replace <SUB>
with the subdomain of your Cmd project. For example, if your web app instance uses the URL https://sub1.app.cmd.com/, the subdomain is "sub1", and you should replace <SUB>
with sub1
. This means your config.ini
might look like this:
url=https://sub1.c-app.cmd.com/ws
sos_url=https://sub1.sos-app.cmd.com
Optional settings
You can also set server name, server group and http proxy, and enable the agent status API.
To define server name:
echo server_name=<define_server_name> | sudo tee --append /etc/cmd/config.ini
Note: server names can't exceed 128 characters, and must consist of these characters:
- a-z
- A-Z
- 0-9
- space , _ , : , . , -
For AWS, replace <define_server_name> with:
$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
For GCP, replace <define_server_name> with:
$(curl -s "http://metadata.google.internal/computeMetadata/v1/instance/id" -H "Metadata-Flavor: Google")
To define server groups:
echo groups=<define_server_groups> | sudo tee --append /etc/cmd/config.ini
Replace <define_server_groups> with the name of the group where servers included in this auto-deployment belong. Valid characters for a server group are: 0-9
, a-z
, A-Z
, -
, and _
.
If you'd like to include multiple groups use "," (e.g., export groups=groupA,groupB,groupC).
To define http proxy:
echo http_proxy=<http_proxy_url> | sudo tee --append /etc/cmd/config.ini
Replace <http_proxy_url> with the ip:port of your proxy.
(e.g., http_proxy=10.10.10.10:8080)
To enable the agent status API:
echo diagnostics_interface=1 | sudo tee --append /etc/cmd/config.ini
Step six: Enable the agent to start at boot
For OSes that use systemd:
systemctl enable cmd
For OSes that use Upstart:
initctl enable cmd
For systems installing the .tgz
package, set up an init script appropriate for your architecture.
Step seven: Start the agent
For OSes that use systemd:
systemctl start cmd
For OSes that use Upstart:
initctl start cmd
For systems installing the .tgz
package, start the agent in a way appropriate for your architecture.
Example:
/etc/cmd/cmd.prj:
9e05129dba2db43e9bc535bf39b27839626fd082e93d0b211f2506ea3517915e16ee6c420c7c874b10a2ea9e353e17e959b4a5f57ed1cfd5ccf80af1363603fe
/etc/cmd/config.ini
server_name=U18-Test1
groups=test1,test2,test3
http_proxy=
url=https://sub3.c-app.cmd.com/ws
sos_url=https://sub3.sos-app.cmd.com
Next:
Learn How to deploy Cmd in containers.
Check out the Agent installation guides collection.
Get additional support
If you encounter difficulties in automating the deployment, please contact us.