Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Install a CWPP Agent via Command Line on a VM

Once you complete the POP deployment and all services are installed, then start the agent deployment process on the auto-scaling instance or an EC2 instance created in the proper region. 

Before installation, verify the following:

  • Validate the options provided to the installation script.
  • Check permission for Installation, Space requirements, and Platform support.
  • DXL (Data eXchange Layer) Configuration files are downloaded from the CICD (Continuous Integration and Continuous Delivery) Service that the Installer Binary communicates with the DXL Broker hosted in the POP. 
  • The installer binary is downloaded from the CICD Service and executed.
  • Logs are saved locally and shown on the console and sent to the CICD Service.

Once the agent deployment is successful, validate if the same is reported to the POP in Skyhigh CASB in the Resources tab. 

To install a CWPP Agent via command line: 

  1. Log in to Skyhigh CASB and go to Settings > PoP Management.
  2. On the PoP Management page, search and click the needed PoP to view the PoP Cloud Card.
  3. Under Client Configuration Package, click Download. The ‘ClientConfiguration.tar’ file gets downloaded.
    clipboard_e1b6d5fc17ff4105cab003709e94abedb.png
  4. Extract the downloaded tar file and copy the ‘DevOpsConfig.tar’. This tar file is needed to install CWPP Agent.
  5. Untar the downloaded DevOpsConfig.tar by running the following command:
tar -xf DevOpsConfig.tar

IMPORTANT: The command needs to be run on the same folder location where the certificates are stored. Make sure to point to the correct location before proceeding.  

  1. Download the Agent install script by running the following command:
curl -o install.sh --cacert ca-cicd.crt --key cicd-client.key --cert cicd-client.crt https://cwpp-cicd.cwpp.skyhigh:8080/cwpp/cicd/v1/agent-installer/linux/pkg

NOTE:cicd.cwpp.skyhigh is the address of API service running as part of the POP and is the same for all deployments. It was managed and set up during PoP installation.

  1. The CWPP Agent installation script is downloaded by invoking the curl command and executed. 
  • Change the permission for downloaded agent installer script: 

 chmod +x install.sh 
  •  Execute the agent installer script as sudoer or root user:  

sudo ./install.sh cicdaddr=${cicdAddr} cicdcerts=${cicdCertsDir} cicdport=8080  
  1. Check cwpagentinstall.log for installation details and  'sudo servicecwpagentd --version' for the current installed version.
  2. Validate if the same is reporting health status to the POP in Skyhigh CASB under Clients lists. 

You can also download an example file to automate the agent installation with information from an s3 bucket from here: InstallAgent.sh

  • Was this article helpful?