ZeroLock® Agent: ESXi Installation

A guide to installing the ZeroLock Agent onto the ESXi Hypervisor using VIB

Advanced Settings 

Regardless of the installation method, the following settings must be done.  These settings are for the Collector that the endpoint will be connecting to. The Collector is the ZeroLock® Management Console (ZMC) service that collects endpoint connection and threat information.  It also authenticates and communicates with the ZeroLock® Agents. 

These settings should only have to be done once when configuring the ZMC, as the values rarely change after that point. 

Navigate to Deploy on the left side menu which opens the screen below. undefined-Jan-24-2024-07-09-25-8419-PM

  1. Click on Advanced Settings.  
  2. On the next screen, the Agent Version defaults to the latest release available, but there is the option to select a previous version.  
  3. The Endpoint Profile may remain default unless you wish to use another profile from the drop-down list. 
  4. If desired, additional Endpoint Groups may be added by selecting from the drop-down list. 
  5. Enter the collector IP address(s) or the FQN for one or more collector server(s).  
  6. Click the Save as Default button to save the information and return to the Deploy home screen. 

Advanced Settings 2.100.13-1


VIB - vSphere Installation Bundle 

Along with a file archive and an xml descriptor file, a VIB contains a signature file attesting to its Acceptance (trust) level.  When Secure Boot is enabled, the acceptance level must be set to Level 4 CommunitySupported

Note: You must run the installer from a datastore path and provide the absolute path in the command. 

To install using the VIB on systems that have Secure Boot enabled, the acceptance level must be set to Level 4 – CommunitySupported. Changing the acceptance level may be done through the UI or, in an SSH session, by entering the commands: 

  1. Verify Secure boot setting: /usr/lib/vmware/secureboot/bin/secureBoot.py -s
  2. Verify Acceptance level: esxcli software acceptance get
  3. Set Acceptance level:
    • ESXi 6.7:
      • sed -i '/host-acceptance-level/ s/.*/\/system\/uservars\/host-acceptance-level = "community"/' /etc/vmware/esx.conf
        auto-backup.s
    • ESXi 7 and greater
      • echo '{"level": "COMMUNITY_SUPPORTED"}' > acceptance.json && configstorecli config current set -c esx_update -g software -k acceptance_level -infile ./acceptance.json
  4. Verify Acceptance level: esxcli software acceptance get 

ESXi 8.0 update 2+ disables the Runtime ptrace by default, so this capability must be enabled (True), and the system must be rebooted before installing the agent.

    1. Enter the command: esxcli system settings kernel list | grep -i ptrace   
    2. If the Configured and Runtime Value of ‘allowPtrace’ is False, then reset to True and reboot the ESXi.  (1 - Configured Value, 2 – Runtime Value, 3 – Default Value )
            command:  esxcli system settings kernel set --setting=allowPtrace --value=True
    3. Following reboot, confirm the Configured and Runtime values = True.
      ESXi 8.0 Update 2+-2

 VIB Package Installation 

  1. Once the Advanced Settings are complete and you are back on the Deploy home screen, under Download, select VIB Installer then the ZeroLock-Installer-<version number>.vib (Insert the version number of the ZA) to download the installer file, then copy it to a data location on the target endpoint(s). One option is to use the scratch directory.
  2. Use the Copy Install Instructions button to copy the installation command. In a terminal session to the target system, cd to the location the installer file was uploaded to (Scratch folder) and execute the copied command to install.


Validating Agent Installation 

Regardless of the installation method used, the Agent installation should always be validated.  This is a simple process of selecting the Endpoints tab on the left menu. The new endpoint will be listed; the green dot in the status column indicates a successfully installed agent on the endpoint system.   

ESXi Endpoint Validation screen

Note: When you SSH into the endpoint an MFA alert setting should generate an alert. 


 Useful Commands 

To Start | Stop | Status | Restart the ZeroLock agent.

#/etc/init.d/zerolock
Usage: zerolock {start|stop|status|restart}

Agent Status resixed 210x26

To get information about the installed ZeroLock VIB Package

                   esxcli software vib list | grep zerolock

 esxcli software vib get -n zerolock 


View ZeroLock™ Agent Logs

Locate the ZeroLock™ Agent logs.

cd /opt/zerolock/zerolock-tyr     To go to the Tyr directory.

/opt/zerolock/zerolock-tyr$ ls -la   To list the contents of the directory.    


 

To see the ZeroLock™ Agent log in detail, open a terminal session to the new Endpoint.  

cat Tyr.log   To read the log

 



For more information, please see the ValiCyber Support page