Managing the Workload Protection agent on AIX on Power Virtual Server

After you provision an instance of the IBM Cloud® Security and Compliance Center Workload Protection service in IBM Cloud, you can deploy the Workload Protection agent on your AIX hosts on IBM® Power® Virtual Server to validate your AIX operating system security.

Adding an agent to an AIX host on Power Virtual Server

Complete the following steps to add an agent to an AIX host on Power Virtual Server:

  1. Obtain the access key.

  2. Obtain the public or private ingestion URL. For more information, see Collector endpoints.

  3. Download the KSPM analyzer binary by running the following command:

    curl https://s3.us-east-1.amazonaws.com/download.draios.com/dependencies/kspm-analyzer/1.44.17/kspm-analyzer-aix-ppc64 -o /tmp/kspm-analyzer-aix-ppc64
    

    This command stores the binary in the /tmp directory. You can use a different directory if needed.

  4. Add execution permissions to the binary by running the following command:

    chmod +x /tmp/kspm-analyzer-aix-ppc64
    
  5. Configure the service by running the following command:

    mkssys -p /tmp/kspm-analyzer-aix-ppc64 -s kspm_analyzer -u 0 -e /tmp/kspm-analyzer.log -i /tmp/kspm-analyzer.log -o /tmp/kspm-analyzer.log
    

    Where:

    -p
    The full path to the KSPM analyzer binary that you downloaded in step 3.
    -s
    The service name.
    -i, -o, -e
    The log file location. This example uses /tmp/kspm-analyzer.log. You can specify a different file path for the service logs.
  6. Start the service by running the following command:

    startsrc -s kspm_analyzer -e 'NODE_NAME=HOSTNAME API_ENDPOINT=REGION.security-compliance-secure.cloud.ibm.com ACCESS_KEY=ACCESS_KEY'
    

    Where:

    HOSTNAME
    The hostname that identifies your server in the Workload Protection inventory and results.
    REGION
    The region where your Workload Protection instance is deployed. For example, us-east or eu-de. For more information, see Collector endpoints.
    ACCESS_KEY
    The access key that you obtained in step 1.

    For example:

    startsrc -s kspm_analyzer -e 'NODE_NAME=myhostname API_ENDPOINT=us-east.security-compliance-secure.cloud.ibm.com ACCESS_KEY=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    
  7. Configure the service to start automatically during system startup by running the following command:

    mkitab "fkcmd:2:respawn:startsrc -s kspm_analyzer -e 'NODE_NAME=HOSTNAME API_ENDPOINT=REGION.security-compliance-secure.cloud.ibm.com ACCESS_KEY=ACCESS_KEY'"
    

    Replace HOSTNAME, REGION, and ACCESS_KEY with the same values that you used in step 6.

  8. Verify that the service is running by checking the logs:

    tail -f /tmp/kspm-analyzer.log
    

Checking the agent status

To check the status of the agent, run the following command:

lssrc -s kspm_analyzer

Stopping the agent

To stop the agent, run the following command:

stopsrc -s kspm_analyzer

Restarting the agent

To restart the agent, run the following command:

stopsrc -s kspm_analyzer && startsrc -s kspm_analyzer -e 'NODE_NAME=HOSTNAME API_ENDPOINT=REGION.security-compliance-secure.cloud.ibm.com ACCESS_KEY=ACCESS_KEY'

Replace HOSTNAME, REGION, and ACCESS_KEY with your configuration values.

Removing the agent

To remove the agent from an AIX host on Power Virtual Server, complete the following steps:

  1. Stop the service:

    stopsrc -s kspm_analyzer
    
  2. Remove the service from the system:

    rmssys -s kspm_analyzer
    
  3. Remove the service from the startup configuration:

    rmitab fkcmd
    
  4. Delete the binary file:

    rm /tmp/kspm-analyzer-aix-ppc64
    

Viewing agent logs

The agent logs are located in the /tmp/kspm-analyzer.log file by default.

To view the logs in real time, run the following command:

tail -f /tmp/kspm-analyzer.log

To search for errors in the logs, run the following command:

grep -i error /tmp/kspm-analyzer.log