Cequence Sensor for Linux captures network data from a Linux environment to send the Cequence UAP Platform. The Sensor captures both TLS-encrypted and non-encrypted network data.
- It captures TLS-encrypted data without needing the traffic to be decrypted using eBPF technology.
- It captures non-TLS data by listening on one or more network interfaces.
This article describes the steps to install the Cequence Sensor for Linux.
Note:
eBPF technology in general does not work for all types of application environments. Read this article to understand the limitations of generic eBPF technology.
Requirements
- x86_64 CPU architecture with Linux kernel 4.18 or higher
-
Supports capturing traffic from openssl, gnutls and nspr based TLS applications.
- Test the application by running:
ldd <path to application> | grep -E "tls|ssl|nspr|nss"
Download
Download the appropriate package from: Download: Cequence Sensor for Linux.
Install
Redhat / RPM
yum update
yum install sudo bash
rpm -ivh --force <package-name>
For example,
* rpm -ivh --force cequence-sensor.el9.x86_64.rpm (for RedHat 9.4)
* rpm -ivh --force cequence-sensor.el8.x86_64.rpm (for RedHat 8.9)
Ubuntu / Deb
apt update
apt install sudo bash
apt install ./cequence-sensor.deb
Configure
Update /etc/cequence/sensor.conf with appropriate values
export UAP_SUB_DOMAIN=
export UAP_CLIENT_ID=
export UAP_CLIENT_SECRET=
Ex:
export UAP_SUB_DOMAIN=<UAP domain URL> (e.g. acme.cequence.cloud)
export UAP_CLIENT_ID=<enter client ID from the UAP management portal>
export UAP_CLIENT_SECRET=<secret-value>
Enable sensor services
sudo systemctl enable cequence-sensor
sudo systemctl start cequence-sensor
Monitor Logs
tail -f /var/log/cequence/tls-sensor.log (captures logs of eBPF packet captures)
tail -f /var/log/cequence/network-sensor.log (captures logs of non-TLS packet captures)