M Audit Vault Agent Auto Start Configuration

Learn how to configure Audit Vault Agent to restart automatically when the host machine is restarted.

Audit Vault Agent is installed on a host machine. The Audit Vault Agent is not restarted automatically when the host machine is restarted. The Audit Vault Agent can be configured to restart automatically, whenever the host machine is restarted. The configuration is different for the type of operating system installed on the host machine. This appendix contains the required information.

Note:

  • This functionality involves configuring a service to restart the Agent and is available in Oracle AVDF releases 20.3 to 20.6.
  • Starting with Oracle AVDF release 20.7, a new Agent auto start functionality is introduced. This functionality constantly monitors the Agent and also restarts the Agent if it stops unexpectedly. See Configuring Agent Auto Restart Functionality for complete information.

M.1 Configuring Agent Auto Start on Host Machine With OL7 and OL8

Learn to configure Audit Vault Agent auto start functionality on a host machine with OL7 and OL8.

  1. Install the Audit Vault Agent and activate using the activation key.
  2. Run the following command to manually start the Audit Vault Agent as agent user:
    <AgentHome>/bin/agentctl start
  3. Create a file /etc/systemd/system/multi-user.target.wants/agentctl.service as root user. Use the sample script provided below. In this sample script replace the <AgentUser> and <AgentHome> with relevant Agent user name and Agent home directory.
    
    [Unit]
     
    Description=AgentController Service
     
    After=network.target
     
    After=syslog.target
     
     
     
    [Install]
     
    WantedBy=multi-user.target
     
     
    [Service]
     
    User=<Agent User>
     
    Type=forking
     
     
    # Start main service
     
    ExecStart=<AgentHome>/bin/agentctl start
     
     
     
    #Stop main service
     
    ExecStop=<AgentHome>/bin/agentctl stop
     
     
    RemainAfterExit=yes
  4. Run the following command to enable the service from the directory /etc/systemd/system/multi-user.target.wants/ as root user:
    systemctl enable agentctl.service

    Note:

    This command may throw the following error message. Ignore this message.

    Failed to execute operation: Invalid argument
  5. Run the following command as agent user to stop the Agent process:
    <AgentHome>/bin/agentctl stop
  6. Run the following command as agent user to restart using systemctl:
    systemctl start agentctl.service
  7. To verify successful configuration of Agent auto start functionality, follow these steps:
    1. Reboot the system.
    2. After the system is up, check the status by running the following command:
      systemctl status agentctl.service
    3. Verify the status is STARTED.

      Note:

      Ensure the Agent is started or stopped only using the systemctl command. Using the agentctl command leads to inconsistencies and must be avoided.

M.2 Configuring Agent Auto Start on Host Machine With OL6

Learn to configure Audit Vault Agent auto start functionality on a host machine with OL6.

  1. Install the Audit Vault Agent and activate using the activation key.
  2. Create the script as root user in the location /etc/init.d/agentAVDF. Use the sample script provided below. In this sample script set the USER and AGENT_HOME with appropriate Agent user and Agent home path.
  3. In the script update the chkconfig parameter with start priority and stop priority. The parameters <start priority> and <stop priority> decide the order in which file is executed, in comparison with the rest of files that exist in the location ./etc/init.d during machine start and shutdown respectively. Smaller priority numbers are executed first. For example, # chkconfig: 2345 99 95
    
    # chkconfig: 2345 <start priority> <stop priority>
    
    PROGRAM="agentAVDF"
    
    USER=<AgentUser>
    
    AGENT_HOME=<AgentHomeDirectory>
    
    
    start() {
    
        su - ${USER} -c "/bin/bash -c '${AGENT_HOME}/bin/agentctl start'"
    
    }
    
    
    stop() {
    
        su - ${USER} -c "/bin/bash -c '${AGENT_HOME}/bin/agentctl stop'"
    
    }
    
    
    case "$1" in
    
        start)
    
            start
    
            ;;
    
    
        stop)
    
            stop
    
            ;;
    
    
        *)
    
            echo $"Usage: $0 {start|stop}"
    
            exit 1
    
    esac
    
  4. Run the following command to provide execute permission to the script:
    chmod +x /etc/init.d/agentAVDF
  5. Run the following command to enable the service:
    /sbin/chkconfig agentAVDF on
  6. To verify successful configuration of Agent auto start functionality, follow these steps:
    1. Reboot the system.
    2. After the system is up, wait for few minutes and then run the following command:
      <AgentHome>/bin/agentctl status
    3. Verify the status is RUNNING.

M.3 Configuring Agent Auto Start on Host Machine With Windows x64

Learn to configure Audit Vault Agent auto start functionality on a host machine with Windows x64.

  1. Register the Audit Vault Agent as a Windows service, for Windows x64.
  2. The Windows Agent service is automatically started when the Windows host machine is restarted.

M.4 Configuring Agent Auto Start on Host Machine With Solaris [SPARC/x64]

Learn to configure Audit Vault Agent auto start functionality on a host machine with Solaris [SPARC/x64].

  1. Install the Audit Vault Agent and activate using the activation key.
  2. Create the file /lib/svc/method/agentAVDF as root user. Use the sample script provided below. In this sample script set the AGENT_USER and AGENT_HOME with appropriate Agent user and Agent home path.
    
    #!/bin/sh
    
    ##################################################
    # name: agentAVDF
    # purpose: script that will start or stop the AVDF agent daemon.
    ##################################################
    
    case "$1" in
    start )
    su - <AGENT_USER> -c "/bin/bash -c '<AGENT_HOME>/bin/agentctl start'"
    ;;
    stop )
    su - <AGENT_USER> -c "/bin/bash -c '<AGENT_HOME>/bin/agentctl stop'"
    ;;
    * )
    echo "Usage: <AGENT_HOME>/bin/agentctl (start | stop)"
    exit 1
    esac
    
  3. Run the following command to provide execute permission to the script:
    chmod +x /lib/svc/method/agentAVDF
  4. Create a manifest file /tmp/agentAVDF.xml as root user, using the below sample manifest file.
    
    <?xml version="1.0" ?>
    <!DOCTYPE service_bundle
    SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
    <service_bundle name="startstopAgent" type="manifest">
    <service name="startstopAgent" version="1" type="service">
    <dependency name="multi_user_dependency" grouping="require_all"
    restart_on="none" type="service">
    <service_fmri value="svc:/milestone/multi-user"/>
    </dependency>
    <exec_method name="start" type="method" timeout_seconds="300"
    exec="/lib/svc/method/agentAVDF start"/>
    <exec_method name="stop" type="method" timeout_seconds="300"
    exec="/lib/svc/method/agentAVDF stop"/>
    <!--
    The exec attribute below can be changed to a command that SMF
    should execute when the service is refreshed. Use svcbundle -s
    refresh-method to set the attribute.
    -->
    <exec_method name="refresh" type="method" timeout_seconds="60"
    exec=":true"/>
    <!--
    A duration property group is not needed.
    -->
    <instance name="default" enabled="true"/>
    <template>
    <common_name>
    <loctext xml:lang="start/stop AVDF agent">
    startstopAgent
    </loctext>
    </common_name>
    <description>
    <loctext xml:lang="The service can start and stop AVDF Agent by agentctl">
    The startstopAgent service.
    </loctext>
    </description>
    </template>
    </service>
    </service_bundle>
    
  5. Run the following command as root user, to validate the manifest file:
    /usr/sbin/svccfg validate /tmp/agentAVDF.xml
  6. Run the following command as root user, to copy the manifest file to the location /lib/svc/manifest/site/:
    cp /tmp/agentAVDF.xml /lib/svc/manifest/site/
  7. Run the following command as root user, to import the manifest file and start the service:
    /usr/sbin/svcadm restart manifest-import
  8. Run the following command as root user, to check the status of the service. The status of the service must be maintenance or online. If the status is offline, then run the below command again after few minutes:
    
    svcs | grep startstopAgent
  9. To verify successful configuration of Agent auto start functionality, follow these steps:
    1. Reboot the system.
    2. After the system is up, wait for few minutes and then run the following command as root user:
      # svcs | grep startstopAgent

      The status of the service must be online.

M.5 Configuring Agent Auto Start on Host Machine With IBM AIX

Learn to configure Audit Vault Agent auto start functionality on the host machine with IBM AIX.

  1. Install the Audit Vault Agent and activate using the activation key.
  2. Create the script as root user in the location /etc/rc.d/init.d/agentAVDF. Use the sample script provided below. In this sample script set the AGENT_USER, JAVA_HOME, and AGENT_HOME with appropriate Agent user, Java home path, and Agent home path respectively.
    
    #!/bin/bash
     
    ##################################################
    # Agent start/stop script
    ##################################################
     
     
    case "$1" in
    start )
    su - <AGENT_USER> -c "/bin/bash -c 'PATH=<JAVA_HOME>/bin:$PATH; <AGENT_HOME>/bin/agentctl start;'"
    ;;
    stop )
    su - <AGENT_USER> -c "/bin/bash -c 'PATH=<JAVA_HOME>/bin:$PATH; <AGENT_HOME>/bin/agentctl stop;'"
    ;;
    * )
    echo "Usage: <AGENT_HOME>/bin/agentctl (start | stop)"
    exit 1
    esac
    
  3. Run the following command as root user to provide execute permission to the script:
    chmod +x /etc/rc.d/init.d/agentAVDF
  4. Create symlink S<script name> and K<script name> under the directory /etc/rc.d/rc2.d/. The symlink S file and symlink K is used to start and end the Agent during machine start and shutdown respectively. Create symlinks by running the below commands as root user. The parameter <priority_number> decides the order in which the file runs in comparison with the rest of the files that exist in the directory ./etc/rc.d/rc2.d. Smaller priority numbers are run first.
    ln -s /etc/rc.d/init.d/agentAVDF /etc/rc.d/rc2.d/S<priority_number>agentAVDF
    ln -s /etc/rc.d/init.d/agentAVDF /etc/rc.d/rc2.d/K<priority_number>agentAVDF

    For example:

    ln -s /etc/rc.d/init.d/agentAVDF /etc/rc.d/rc2.d/S99999agentAVDF
    ln -s /etc/rc.d/init.d/agentAVDF /etc/rc.d/rc2.d/K99999agentAVDF
  5. To verify successful configuration of Agent auto start functionality, follow these steps:
    1. Reboot the Agent machine.
    2. After the machine is up, wait for few minutes, and then run the following command as agent user:
      <AgentHome>/bin/agentctl status
    3. Ensure the status is RUNNING.