Installation of Pandora FMS Agents
For the online installation of the Pandora FMS Software Agent, see the section “Online installation of Pandora FMS Software Agent”.
Keep in mind that in order to encrypt communications through the Tentacle protocol between the software agents and their respective PFMS servers, it will be necessary to previously have SSL certificates and keys. Visit the section “Secure configuration of Tentacle” in the Tentacle protocol technical reference.
Agent Requirements
The Agent can run on any computer with the minimum required operating system, any of the following are valid:
Component | Operating System |
---|---|
Pandora Agent 4.0 or later | RedHat Enterprise (RHEL) 6.x and 8. Fedora 34. CentOS 6.x, 7 and 8. AlmaLinux. SLES 11 SP1 or later. OpenSUSE 11.x or later. Debian 5.x or later. Ubuntu Server or Desktop version 11 or later. Linux Mint. Elementary OS. Manjaro. HPUX B.11.11 or later, with Perl 5.8. AIX 4.3.3 or later, with Perl 5.8. AIX 7.1 and 7.2. BSD Systems (NetBSD, OpenBSD, FreeBSD), with Perl 5.8. MacOS X 10.6 or later. Solaris 8 or later, with Perl 5.8. Windows NT4 (see special notes for this version). Windows XP. Windows 2000. Windows 2003. Windows 2008. Windows 7. Windows 8. Windows 10. Windows 11. Windows 2012. Windows server 2016. Windows server 2019. |
Pandora Android Agent 2.0 or later | Android 6 or later |
Pandora Embedded Agent 4.0 or later | Embedded devices, compilation required |
There is a special agent for Windows NT, which is basically the Unix agent compiled for Windows, although the performance is much lower than a native Windows agent and the native API access functionalities are not available. present.
In addition, in UNIX environments, the following must be installed:
- Perl 5.8 or later
- It will also be necessary to install the following dependencies:
perl-YAML-Tiny-1.73-2 perl-sys-syslog unzip
- Configure logrotate:
cat> /etc/logrotate.d/pandora_agent <<EO_LRA /var/log/pandora/pandora_agent.log { your apache root weekly missingok size 300000 rotate 3 max age 90 compress notifempty copytruncate } EO_LRA
chmod 0644 /etc/logrotate.d/pandora_agent
Installing the Agent on CentOS 8 / Rocky Linux / AlmaLinux
Installation of dependencies:
yum install dnf-plugins-core -y yum config-manager --set-enabled powertools -y yum install -y perl-YAML-Tiny perl-Sys-Syslog unzip
If you are going to use the option server_ssl install the following dependencies, enter in the terminal:
yum install perl-IO-Socket-SSL -y
Agent Installation:
yum install -y https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm
Installing the agent on CentOS 7
Installation of dependencies:
yum install dnf-plugins-core -y yum install -y perl-YAML-Tiny perl-Sys-Syslog unzip
If you are going to use the option server_ssl install the following dependencies, enter in the terminal:
yum install perl-IO-Socket-SSL -y
Agent installation:
yum install -y https://firefly.pandorafms.com/pandorafms/latest/RHEL_CentOS/pandorafms_agent_linux-7.0NG.noarch.rpm
Installing the agent on Ubuntu Server 22.04
Install the agent:
apt update apt install -y perl coreutils wget curl unzip procps python3 python3-pip wget http://firefly.pandorafms.com/pandorafms/latest/Tarball/pandorafms_agent_linux-7.0NG.tar.gz tar xvzf pandorafms_agent_linux-7.0NG.tar.gz unix cd ./pandora_agent_installer --install cp -a tentacle_client /usr/local/bin/
Delete the unix
directory.
If you are going to use the option server_ssl install the following dependencies, enter in the terminal:
apt install libio-socket-ssl-perl -y
Agent Configuration:
sed -i "s/^remote_config.*$/remote_config 1/g" $PANDORA_AGENT_CONF /etc/init.d/pandora_agent_daemon start systemctl enable pandora_agent_daemon
Installing the Agent from tarball
This version of the agent is ready to be installed on any Unix/Linux/macOS system.
The agent does not require compilation or preparation, once you have downloaded the agent in .tar.gz
format:
1. Elevate privileges to root. You are solely responsible for said key.
his -
2. Copy to /tmp
, change to that directory, and run:
tar xvzf pandorafms_agent_linux-7.0NG.tar.gz unix cd ./pandora_agent_installer --install
3. Manually start the Agent:
/etc/init.d/pandora_agent_daemon start
Custom Agent Installation
The Agent can be installed in a directory defined by the user in an integral way, this means that all the agent files will be put in that directory: logs, configuration files, binaries, help pages man, etc.
To use that method, just run like the following example:
./pandora_agent_installer --install /opt/pandora
The only file that Pandora FMS will create outside that directory defined by the user, is the agent launcher in /etc/init.d/pandora_agent_daemon
(or equivalent in other Unix systems), and the link in the directory of the system boot level, for example /etc/rc.d/rc2.d/S90pandora_agent_daemon
.
In addition, you can configure the installation so that instead of running the Agent as root, it can be run as another user. For example, for the Agent to run with the user Pandora, it would be:
./pandora_agent_installer --install /home/pandora pandora
When a custom user is specified, the Agent must be installed in a custom location where the user has write permissions (/home/pandora
in the previous example).
The user pandora is disabled by default, you must enable it by putting a valid shell in /etc/passwd
if you want to use it to run the agent with that user.
For users running MAC OS X version 10.11 or higher (El Capitan or newer): Apple has added a new layer of security to OS X. They are gone some root privileges. When installing the Pandora FMS Agent it will appear as a restricted process. Only restricted processes that are signed by Apple will be able to modify these files. However, you can disable this security by booting into recovery mode and disabling it in a terminal by running: csrutil disable
.
Installing the agent on NetBSD and FreeBSD
The location of the files and the structure of the init script are different compared to Linux.
The peculiarities of the installation on FreeBSD would be the following:
1. Acquire root permissions
his -
2. Copy the downloaded file to /tmp
and once inside /tmp
run:
tar xvzf pandorafms_agent_linux-7.0NG.tar.gz unix cd ./pandora_agent_installer --install
After installation, add the following line to /etc/rc.conf.
pandora_agent_enable="YES"
To enable the Pandora FMS agent, these settings are needed, otherwise the process will not start.
If you want to start the agent manually, run this:
/usr/local/etc/rc.d/pandora_agent start
Agent:
/usr/local/bin/pandora_agent
boot script:
/usr/local/etc/rc.d/pandora_agent
Configuration file:
/usr/local/etc/pandora/pandora_agent.conf
Plugins:
/usr/local/share/pandora_agent/plugins/*
Helps man:
/usr/local/man/man1/*
Others: The data_in
and log
directories are the same as in GNU/Linux.
Installing the Agent on Windows
The agent is delivered as a self-installer in executable format ( .exe
). To install the Pandora FMS agent in MS Windows® you only need to download and execute it.
The installer will guide you through the necessary steps in the language you select. The following example shows the installation for Windows 10®. If you are running MS Windows® as a standard user you will need Administrator permissions, enter them when running the installer.
Select the language:
Follow the installer steps:
Accept the license terms and click Next:
Select the path where the Pandora FMS agent will be installed, by default it is installed in:
%ProgramFiles%\pandora_agent
), you can change it by clicking Browse…. Then click Next:
Wait for the files to be copied.
Configure the data for the agent as the IP address (or name) of the Pandora FMS server that will receive the Agent data. To be able to change other parameters, such as changing the name of the agent (by default it takes the value of the hostname of the machine) or the path of the temporary files, you will have to manually edit the agent configuration.
The remote configuration of the software agent is enabled by default. Check the options to be used such as basic security monitoring and/or security hardening and/or hardware and software inventory control. Set the minimum amount of free space for temporary files.
Start the Pandora FMS agent service, otherwise you will have to do it manually, or it will start when Windows restarts again.
The installation is finished, you can change the agent parameters in the pandora_agent.conf
file or through the direct link in the Pandora FMS menu.
Unattended installation of Windows Agent
As of Agent version 5.1, the installer supports unattended mode. To carry out the installation, you simply have to execute the following:
"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S
In case you want to install the Agent in a different path than the default one:
"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S /D=C:\PFMS_agent
You can also pass certain parameters to be written in the configuration file of the agent to create. Thanks to these options, the deployment of Pandora FMS agents is much more customizable. The command line options that are supported are the following:
--ip
- Corresponds to the token named server_ip.
--group
- Corresponds to the token named group.
--alias
- Corresponds to the token named agent_alias.
--remote_config
For example, if you want to create an agent that belongs to the Applications group, named Mifunne and that points to the server with the IP address 192.168.0.59, with the remote_configuration enabled, the command would be:
"Pandora FMS Windows Agent v7.0NG.VERSION-BUILD_ARCH.exe" /S --ip 192.168.0.59 --group Applications --alias Mifunne --remote_config 1
Unattended Uninstall
The uninstaller, which is an executable called uninstall.exe
that remains in the Pandora FMS installation directory, also allows unattended uninstallation, for this you have to run the uninstaller with the option /S
.
For example, assuming that Pandora FMS is installed in the default path:
"%ProgramFiles%\pandora_agent\uninst.exe" /S
Using PandoraAgent.exe from the command line
If you run:
pandoraagent.exe --help
will display something similar to this:
C:\Users\Jimmy>"%ProgramFiles%\pandora_agent\pandoraagent.exe" --help Pandora agent for Windows v7.0NG.761 Build 220427 Usage: C:\Program Files\pandora_agent\pandoraagent.exe [OPTION] Available options are: --install: Install the Pandora Agent service. --uninstall: Uninstall the Pandora Agent service. --test-ssh: Test the SSH Pandora Agent configuration. --test-ftp: Test the FTP Pandora Agent configuration. --process: Run the Pandora Agent as a user process instead of a service. C:\Users\Jimmy>
To install the service (if it is not installed), just run the following in the directory where the executable is (geusually C:\Program Files
or equivalent).
pandoraagent.exe --install
This will install the service on the machine, based on the path where the .exe
is located.
To test if it connects via SSH with the Pandora FMS server:
C:\WINDOWS\system32>cd %PROGRAMFILES% C:\Program Files>cd pandora_agent C:\Program Files\pandora_agent>PandoraAgent.exe --test-ssh Public key file C:\Program Files\pandora_agent\key\id_dsa.pub exists. Private key file: C:\Program Files\pandora_agent\key\id_dsa exists. Connecting with munchkin.pandorafms.com. Authentication successful. Host fingerprint: Created a blank XML file in C:\Program Files\pandora_agent\temp\ssh.test Remote copying C:\Program Files\pandora_agent\temp\ssh.test on server munchkin.pandorafms.com at /var/spool/pandora/data_in/ssh.test Successfully file copied to remote host Successfully disconnected from remote host The SSH test was successful! C:\Program Files\pandora_agent>
If you want to uninstall it, it's the same process but with a different option:
pandoraagent.exe --uninstall
Pandora FMS Windows Agent as a process
It is possible, for debugging, testing, and other unusual circumstances, to run the agent in “Process” mode. This is done by running it from the command line:
pandoraagent.exe --process
There are some limitations in running in process mode, since Pandora FMS is designed to run as a service and under the SYSTEM
user. If you run it with another user without privileges, there will be functionalities that do not work correctly.