Introduction
The Monarx Agent configuration file /etc/monarx-agent.conf requires a client_id and client_secret credential as a minimum.
It is also recommended to define an explicit host_id with a customer/container/host type identifier, to ensure consistent and repeatable Agent identification.
Agent Credential Creation
This credential has very limited permission and the same credential can be reused across multiple shared servers (e.g. with root only read permission).
In a VPS type scenario, it's advisable to provision a dedicated agent credential per VPS.
Web Console Credential Creation
Web Console Credential Creation
Via Credentials in the Monarx web app. Select the β symbol β New Agent Credential β Save β Download
API Credential Creation
API Credential Creation
Tip: See Monarx API Overview for information on how to interact with our API.
POST /v1/enterprise/{enterprise_id}/credential
{
"type": "agent",
"display_name": "", # Optional
"customer_id": "" # Optional, often worth aligning with a static `host_id`
}The above will return a 201 (created) on success and the created credential e.g.:
{
"id": "cdb702ea-ed07-46b1-8ee2-3dc06a93e5c5",
"audit_created": "2024-12-19T11:27:35.938Z",
"audit_modified": "2024-12-19T11:27:35.939Z",
"type": "api",
"identifier": "id_live_ulDoVei46ZufwQ8S8tXXXXXX",
"secret": "sk_live_rHezLfDTuBlyD5QXXXXXX"
}These values are used to populate the agent /etc/monarx-agent.conf config file with client_id={identifier} and client_secret={secret}.
DELETE /v1/enterprise/{enterprise_id}/credential/{id} can be used when you wish to remove a credential, such as when the VPS subscription has ended.
Agent Configuration File
The Agent configuration file should be written to /etc/monax-agent.conf. Your own template may be used, or alternatively the default fetched from https://api.monarx.com/v2/agent/config/default.
Populate the /etc/monarx-agent.conf configuration file:
client_idupdated with the Credential identifierclient_secretupdated with the Credential secretuser_basepopulated with where you'd like Monarx to scan on disk, if this differs from our default/home/and/var/www/locations.host_idpopulated with a customer/container/host type identifier of your choosing, to ensure consistent and repeatable Agent identification.
Package Installation
1. Add the Monarx Repository
To install any Monarx package, add the Monarx repository to your package manager:
CentOS / RHEL / CloudLinux / Alma / Rocky
CentOS / RHEL / CloudLinux / Alma / Rocky
curl -fsS https://repository.monarx.com/repository/monarx-yum/monarx.repo | sudo tee /etc/yum.repos.d/monarx.repo
sudo rpm --import https://repository.monarx.com/repository/monarx/publickey/monarxpub.gpg
Ubuntu
Ubuntu
curl -fsS https://repository.monarx.com/repository/monarx/publickey/monarxpub.gpg | sudo tee /etc/apt/trusted.gpg.d/monarx.asc
echo "deb [arch=amd64] https://repository.monarx.com/repository/ubuntu-$(lsb_release -sc)/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/monarx.list
Debian
Debian
sudo apt-key adv --keyserver "keyserver.ubuntu.com" --recv-keys "4E240071023138C8"
echo "deb [arch=amd64] https://repository.monarx.com/repository/debian-$(lsb_release -sc)/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/monarx.list
2. Install the Agent and Protect
Install the monarx-protect-autodetect package with your preferred package manager:
For standard apache, litespeed, cPanel, Plesk style environments, the php extension can be automatically installed with:
Yum (CentOS / RHEL / CloudLinux / Alma / Rocky)
Yum (CentOS / RHEL / CloudLinux / Alma / Rocky)
sudo yum install monarx-protect-autodetect
Apt (Ubuntu / Debian)
Apt (Ubuntu / Debian)
sudo apt-get install monarx-protect-autodetect
Optional: Install Protect PHP RASP Integration
An optional but strongly recommended PHP RASP integration is available. This integrates with the PHP runtime at the lowest level to monitor and block malicious activity.
See Protect Installation for further information.
Optional: Install Auditd Integration
An optional but recommended auditd integration is available for systems which support auditd.
See Auditd Installation for further information.
Please Contact Us with any queries or support needs.