Skip to main content

Unattended Agent Installation

J
Written by James Martin
Updated over 3 weeks ago

Introduction

The Monarx Agent configuration file /etc/monarx-agent.conf requires a client_id and client_secret credential as a minimum.

It is also recommended to define an explicit host_id with a customer/container/host type identifier, to ensure consistent and repeatable Agent identification.

Agent Credential Creation

This credential has very limited permission and the same credential can be reused across multiple shared servers (e.g. with root only read permission).

In a VPS type scenario, it's advisable to provision a dedicated agent credential per VPS.

Web Console Credential Creation

Via Credentials in the Monarx web app. Select the βž• symbol ➜ New Agent Credential ➜ Save ➜ Download

API Credential Creation

Tip: See Monarx API Overview for information on how to interact with our API.

POST /v1/enterprise/{enterprise_id}/credential
{
"type": "agent",
"display_name": "", # Optional
"customer_id": "" # Optional, often worth aligning with a static `host_id`
}

The above will return a 201 (created) on success and the created credential e.g.:

{
"id": "cdb702ea-ed07-46b1-8ee2-3dc06a93e5c5",
"audit_created": "2024-12-19T11:27:35.938Z",
"audit_modified": "2024-12-19T11:27:35.939Z",
"type": "api",
"identifier": "id_live_ulDoVei46ZufwQ8S8tXXXXXX",
"secret": "sk_live_rHezLfDTuBlyD5QXXXXXX"
}

These values are used to populate the agent /etc/monarx-agent.conf config file with client_id={identifier} and client_secret={secret}.

DELETE /v1/enterprise/{enterprise_id}/credential/{id} can be used when you wish to remove a credential, such as when the VPS subscription has ended.

Agent Configuration File

The Agent configuration file should be written to /etc/monax-agent.conf. Your own template may be used, or alternatively the default fetched from https://api.monarx.com/v2/agent/config/default.

Populate the /etc/monarx-agent.conf configuration file:

  • client_id updated with the Credential identifier

  • client_secret updated with the Credential secret

  • user_base populated with where you'd like Monarx to scan on disk, if this differs from our default /home/ and /var/www/ locations.

  • host_id populated with a customer/container/host type identifier of your choosing, to ensure consistent and repeatable Agent identification.

Package Installation

1. Add the Monarx Repository

To install any Monarx package, add the Monarx repository to your package manager:

CentOS / RHEL / CloudLinux / Alma / Rocky

curl -fsS https://repository.monarx.com/repository/monarx-yum/monarx.repo | sudo tee /etc/yum.repos.d/monarx.repo

sudo rpm --import https://repository.monarx.com/repository/monarx/publickey/monarxpub.gpg

Ubuntu

curl -fsS https://repository.monarx.com/repository/monarx/publickey/monarxpub.gpg | sudo tee /etc/apt/trusted.gpg.d/monarx.asc

echo "deb [arch=amd64] https://repository.monarx.com/repository/ubuntu-$(lsb_release -sc)/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/monarx.list

Debian

sudo apt-key adv --keyserver "keyserver.ubuntu.com" --recv-keys "4E240071023138C8"

echo "deb [arch=amd64] https://repository.monarx.com/repository/debian-$(lsb_release -sc)/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/monarx.list

2. Install the Agent and Protect

Install the monarx-protect-autodetect package with your preferred package manager:

For standard apache, litespeed, cPanel, Plesk style environments, the php extension can be automatically installed with:

Yum (CentOS / RHEL / CloudLinux / Alma / Rocky)

sudo yum install monarx-protect-autodetect

Apt (Ubuntu / Debian)

sudo apt-get install monarx-protect-autodetect

Optional: Install Protect PHP RASP Integration

An optional but strongly recommended PHP RASP integration is available. This integrates with the PHP runtime at the lowest level to monitor and block malicious activity.

See Protect Installation for further information.

Optional: Install Auditd Integration

An optional but recommended auditd integration is available for systems which support auditd.

See Auditd Installation for further information.

Please Contact Us with any queries or support needs.

Did this answer your question?