Skip to main content
Defenders installed in Bare Metal environments

Search

Installing Defender on RHEL8

© 2024 Cequence Security. All Rights Reserved.

Installing Defender on RHEL8

  • Updated on
  • ~ minute read
Download PDF

This document outlines the steps to install and configure Cequence Defender on a RHEL server.

Before you start

Make sure your hardware and software environment meets the requirements in this section.

Hardware Requirements

  • CPU: 2 vCPU x86_64 architecture
  • Memory: 4 GB RAM
  • Disk: 40 GB disk (or 20GB free space in /var and 10GB for /opt)

Operating System and Software Requirements

  • OS: RHEL 8.x (latest version preferred)
  • User: Account with sudo privileges
  • Package Repository: Access to local/remote repository for OS package installation.
  • Development Packages: Standard OS installation with development packages
  • Disk Space:
    • At least 20GB free space in /var
    • 10GB free space for /opt
    • OR 40GB for single mount point /
  • Network Configuration:
    • firewalld disabled on startup
    • SELinux disabled on startup
  • Inbound firewall requirement
    • SSH (tcp/22)
    • HTTPS (tcp/443)
  • Outbound firewall requirement
    • Defender communicates with the Cequence Unified API Protection (UAP) platform to send metadata and pull down policy for enforcement against bad actors.
      • HTTPS (tcp/443)

Generating a client ID and client secret

Several Cequence components must authenticate to the Cequence UAP platform in order to transmit and receive data. Create authentication credentials in the Cequence UAP platform to enable this authentication.

  1. Log in to the UAP management portal UI.
    The URL for the management portal is typically of the form https://ui.<your-tenant-name>.<domain>. Replace <your-tenant-name> with the name of your Cequence tenant organization. Replace <domain> with your domain name.
  2. Select General Settings > User Management.
    The User Management pane appears.
  3. Click the Clients tab.
  4. Click Add New Client.
    The new client dialog box appears.
  5. Type the client name in the Client Name field.
    This name is the client ID. Note the client ID for later use.
  6. Enable the Traffic Management toggle.
  7. (Optional) To change the token lifespan from the default of 1800 seconds, type a whole number of seconds in Token Lifespan.
  8. Click Save.
    A dialog box with the client secret appears.
  9. Click the blue Copy icon to copy the secret to the clipboard, then click Close.
    The client is now set up. Note the client name for future use.
    The client list appears.
  10. Note the value of the client secret for later use. This value will not be shown again later on the UI for security reasons.

What you need to download

Download the Cequence Defender installer package.

Installing the container tools

The installation process makes use of Podman, Docker, and Python. Install the prerequisites by running the following command.

sudo yum install python36.x86_64 podman podman-docker -y

Setting up Cequence Defender

  1. SSH to the server.

  2. Create a directory for Defender

    sudo mkdir /opt/cequence

  3. Set permissions on the directory.

    sudo chown root:$USER /opt/cequence
    sudo chmod 775 /opt/cequence

  4. Extract the downloaded archive

    defender-bundle.tar zxvf <path>/cequence-defender.tar.gz -C /opt

  5. Run the setup.sh script with your subdomain, upstream server, client ID, and client secret createdf earlier.

    /opt/cequence/bin/setup.sh cqai.<yourdomain.com> <upstream-server> <client-id> <client-secret> 

Verify your installation

Check the System Diagnostics section on the Cequence UAP platform portal to see if the Defender instance is listed.

Was this article helpful?
Japanese (Japan)