Managing the Workload Protection agent on AIX on Power Virtual Server
After you provision an instance of the IBM Cloud® Security and Compliance Center Workload Protection service in IBM Cloud, you can deploy the Workload Protection agent on your AIX hosts on IBM® Power® Virtual Server to validate your AIX operating system security.
Adding an agent to an AIX host on Power Virtual Server
Complete the following steps to add an agent to an AIX host on Power Virtual Server:
-
Obtain the public or private ingestion URL. For more information, see Collector endpoints.
-
Download the KSPM analyzer binary by running the following command:
curl https://s3.us-east-1.amazonaws.com/download.draios.com/dependencies/kspm-analyzer/1.44.17/kspm-analyzer-aix-ppc64 -o /tmp/kspm-analyzer-aix-ppc64This command stores the binary in the
/tmpdirectory. You can use a different directory if needed. -
Add execution permissions to the binary by running the following command:
chmod +x /tmp/kspm-analyzer-aix-ppc64 -
Configure the service by running the following command:
mkssys -p /tmp/kspm-analyzer-aix-ppc64 -s kspm_analyzer -u 0 -e /tmp/kspm-analyzer.log -i /tmp/kspm-analyzer.log -o /tmp/kspm-analyzer.logWhere:
-p- The full path to the KSPM analyzer binary that you downloaded in step 3.
-s- The service name.
-i,-o,-e- The log file location. This example uses
/tmp/kspm-analyzer.log. You can specify a different file path for the service logs.
-
Start the service by running the following command:
startsrc -s kspm_analyzer -e 'NODE_NAME=HOSTNAME API_ENDPOINT=REGION.security-compliance-secure.cloud.ibm.com ACCESS_KEY=ACCESS_KEY'Where:
HOSTNAME- The hostname that identifies your server in the Workload Protection inventory and results.
REGION- The region where your Workload Protection instance is deployed. For example,
us-eastoreu-de. For more information, see Collector endpoints. ACCESS_KEY- The access key that you obtained in step 1.
For example:
startsrc -s kspm_analyzer -e 'NODE_NAME=myhostname API_ENDPOINT=us-east.security-compliance-secure.cloud.ibm.com ACCESS_KEY=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' -
Configure the service to start automatically during system startup by running the following command:
mkitab "fkcmd:2:respawn:startsrc -s kspm_analyzer -e 'NODE_NAME=HOSTNAME API_ENDPOINT=REGION.security-compliance-secure.cloud.ibm.com ACCESS_KEY=ACCESS_KEY'"Replace
HOSTNAME,REGION, andACCESS_KEYwith the same values that you used in step 6. -
Verify that the service is running by checking the logs:
tail -f /tmp/kspm-analyzer.log
Checking the agent status
To check the status of the agent, run the following command:
lssrc -s kspm_analyzer
Stopping the agent
To stop the agent, run the following command:
stopsrc -s kspm_analyzer
Restarting the agent
To restart the agent, run the following command:
stopsrc -s kspm_analyzer && startsrc -s kspm_analyzer -e 'NODE_NAME=HOSTNAME API_ENDPOINT=REGION.security-compliance-secure.cloud.ibm.com ACCESS_KEY=ACCESS_KEY'
Replace HOSTNAME, REGION, and ACCESS_KEY with your configuration values.
Removing the agent
To remove the agent from an AIX host on Power Virtual Server, complete the following steps:
-
Stop the service:
stopsrc -s kspm_analyzer -
Remove the service from the system:
rmssys -s kspm_analyzer -
Remove the service from the startup configuration:
rmitab fkcmd -
Delete the binary file:
rm /tmp/kspm-analyzer-aix-ppc64
Viewing agent logs
The agent logs are located in the /tmp/kspm-analyzer.log file by default.
To view the logs in real time, run the following command:
tail -f /tmp/kspm-analyzer.log
To search for errors in the logs, run the following command:
grep -i error /tmp/kspm-analyzer.log