Introduction
The Monarx Agent configuration file /etc/monarx-agent.conf
requires a client_id
and client_secret
credential as a minimum.
It is also recommended to define an explicit host_id
with a customer/container/host type identifier, to ensure consistent and repeatable Agent identification.
Agent Credential Creation
This credential has very limited permission and the same credential can be reused across multiple shared servers (e.g. with root
only read permission).
In a VPS type scenario, it's advisable to provision a dedicated agent credential per VPS.
Web Console Credential Creation
Web Console Credential Creation
Via Credentials in the Monarx web app. Select the β symbol β New Agent Credential
β Save
β Download
API Credential Creation
API Credential Creation
Tip: See Monarx API Overview for information on how to interact with our API.
POST /v1/enterprise/{enterprise_id}/credential
{
"type": "agent",
"display_name": "", # Optional
"customer_id": "" # Optional, often worth aligning with a static `host_id`
}
The above will return a 201 (created) on success and the created credential e.g.:
{
"id": "cdb702ea-ed07-46b1-8ee2-3dc06a93e5c5",
"audit_created": "2024-12-19T11:27:35.938Z",
"audit_modified": "2024-12-19T11:27:35.939Z",
"type": "api",
"identifier": "id_live_ulDoVei46ZufwQ8S8tXXXXXX",
"secret": "sk_live_rHezLfDTuBlyD5QXXXXXX"
}
These values are used to populate the agent /etc/monarx-agent.conf
config file with client_id={identifier}
and client_secret={secret}
.
DELETE /v1/enterprise/{enterprise_id}/credential/{id}
can be used when you wish to remove a credential, such as when the VPS subscription has ended.
Agent Configuration File
The Agent configuration file should be written to /etc/monax-agent.conf
. Your own template may be used, or alternatively the default fetched from https://api.monarx.com/v2/agent/config/default
.
Populate the /etc/monarx-agent.conf
configuration file:
client_id
updated with the Credential identifierclient_secret
updated with the Credential secretuser_base
populated with where you'd like Monarx to scan on disk, if this differs from our default/home/
and/var/www/
locations.host_id
populated with a customer/container/host type identifier of your choosing, to ensure consistent and repeatable Agent identification.
Package Installation
1. Add the Monarx Repository
To install any Monarx package, add the Monarx repository to your package manager:
CentOS / RHEL / CloudLinux / Alma / Rocky
CentOS / RHEL / CloudLinux / Alma / Rocky
curl -fsS https://repository.monarx.com/repository/monarx-yum/monarx.repo | sudo tee /etc/yum.repos.d/monarx.repo
sudo rpm --import https://repository.monarx.com/repository/monarx/publickey/monarxpub.gpg
Ubuntu
Ubuntu
curl -fsS https://repository.monarx.com/repository/monarx/publickey/monarxpub.gpg | sudo tee /etc/apt/trusted.gpg.d/monarx.asc
echo "deb [arch=amd64] https://repository.monarx.com/repository/ubuntu-$(lsb_release -sc)/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/monarx.list
Debian
Debian
sudo apt-key adv --keyserver "keyserver.ubuntu.com" --recv-keys "4E240071023138C8"
echo "deb [arch=amd64] https://repository.monarx.com/repository/debian-$(lsb_release -sc)/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/monarx.list
2. Install the Agent and Protect
Install the monarx-protect-autodetect
package with your preferred package manager:
For standard apache, litespeed, cPanel, Plesk style environments, the php extension can be automatically installed with:
Yum (CentOS / RHEL / CloudLinux / Alma / Rocky)
Yum (CentOS / RHEL / CloudLinux / Alma / Rocky)
sudo yum install monarx-protect-autodetect
Apt (Ubuntu / Debian)
Apt (Ubuntu / Debian)
sudo apt-get install monarx-protect-autodetect
Optional: Install Protect PHP RASP Integration
An optional but strongly recommended PHP RASP integration is available. This integrates with the PHP runtime at the lowest level to monitor and block malicious activity.
See Protect Installation for further information.
Optional: Install Auditd Integration
An optional but recommended auditd integration is available for systems which support auditd.
See Auditd Installation for further information.
Please Contact Us with any queries or support needs.