Runtime Sensor
Deployment
Alpine Linux

Alpine Linux

Deployment Guide

This guide covers deploying Endura Sensor on Alpine Linux. Since Endura does not provide native apk repository support, the installation script will make use of the generic TGZ package.

Prerequisites

Before starting, ensure you have:

  • Alpine Linux (current release)
  • Root or sudo access for package installation
  • curl command available for repository installation
  • Active internet connection for package downloads
  • At least 512MB of available RAM
  • 1GB of available disk space

Installation

Step 1: Install Endura Sensor Package

Install the Endura Sensor using the installation script, which will automatically detect Alpine Linux:

curl -sSf https://repo.endurasecurity.com/install/endura-sensor/testing.sh | sudo -E sh

This command will:

  • Detect Alpine Linux and download the appropriate package
  • Install the sensor binary and files to system locations
  • Set up appropriate file permissions

Step 2: Verify Installation

Verify that the Endura Sensor is installed correctly:

endura version

You should see output showing the installed version of the Endura Sensor.

Step 3: Check Sensor Status

Check that the sensor is not yet running:

endura sensor status

The sensor should not be running by default.

Configuration

Step 1: Configure Team Server Connection

In order for the Runtime Sensor to report data to a centralized Team Server instance, edit the environment configuration file:

sudo vi /opt/endura/sensor/environ

Add or modify the following environment variables in this file:

# Required for Team Server integration
ENDURA_TEAM_SERVER=https://your-team-server.company.com
ENDURA_SENSOR_TOKEN=your_sensor_token_from_team_server

# Optional configuration variables
ENDURA_BATCHER_AUTOFLUSH=false
ENDURA_HTTP_TIMEOUT=30
ENDURA_LOG_FILE=/var/log/endura/sensor.log
ENDURA_LOG_LEVEL=info
ENDURA_SENSOR_KILL_TASK=true
ENDURA_TLS_VERIFY=true

You can obtain the value for ENDURA_SENSOR_TOKEN as follows:

  1. Browse to your Team Server instance and login.
  2. Select “Sensors” in the main navigation on the left-hand side.
  3. Click the “Create” button in the upper-left hand corner.
  4. Provide a name and description for the sensor and click “Save”.
  5. The provided “Access Token” serves as your ENDURA_SENSOR_TOKEN.

Configuration Variables

Required for Team Server Integration:

  • ENDURA_TEAM_SERVER: The fully qualified URL of your Team Server instance
  • ENDURA_SENSOR_TOKEN: The sensor token generated by Team Server for this sensor

Optional Configuration:

  • ENDURA_BATCHER_AUTOFLUSH: Set to true to automatically submit violations as detected instead of batching them (default: false)
  • ENDURA_HTTP_TIMEOUT: Number of seconds the HTTP client will wait when interacting with Team Server (default: 5)
  • ENDURA_LOG_FILE: Fully qualified path to a log file on disk for saving logs (default: /var/log/endura/sensor.log)
  • ENDURA_LOG_LEVEL: Log level of either trace, debug, info, warn, or error (default: info)
  • ENDURA_SENSOR_KILL_TASK: Set to false to disable killing tasks/processes that trigger violations (default: true)
  • ENDURA_TLS_VERIFY: Controls TLS certificate verification (default: true) - WARNING: Setting to false is dangerous and only suitable for testing

Step 2: Start the Sensor

Start the Endura Sensor as a daemon:

# Start the sensor as a daemon
sudo endura sensor start -d

# Verify the sensor is running
endura sensor status

Step 3: Verify Sensor Operation

Check that the sensor is operating correctly:

# Check sensor status
endura sensor status

# View and follow logs
endura sensor logs -f

Step 4: Verify Team Server Connection (Optional)

If you configured Team Server integration, verify the connection is working:

  1. Browse to your Team Server instance and login.
  2. Select Sensors in the main navigation on the left-hand side.
  3. Search for your recently created Sensor and verify the Status column shows “Active”.
  4. Select Deployments in the main navigation on the left-hand side.
  5. Verify a new Deployment appears whose name reflects the hostname of this host.

Sensor Management

Viewing Logs

View sensor logs using the endura command:

# Follow live logs
endura sensor logs -f

# View logs without following
endura sensor logs

Sensor Control Commands 

# Start the sensor as a daemon
sudo endura sensor start -d

# Stop the sensor (graceful)
sudo endura sensor stop

# Stop the sensor (forceful - terminates active jobs)
sudo endura sensor stop --force

# Check sensor status
endura sensor status

Updating the Sensor

Update via Install Script

Since Endura does not provide native apk packages, updates are performed by re-running the installation script:

# Stop the sensor before updating
sudo endura sensor stop --force

# Re-run the installation script to get the latest version
curl -sSf https://repo.endurasecurity.com/install/endura-sensor/testing.sh | sudo -E sh

# Start the sensor with the new version
sudo endura sensor start -d

# Verify the new version
endura version

Note: The installation script will detect that the sensor is already installed and update it to the latest version while preserving your configuration.

Verify Update

After updating, verify the sensor is running correctly:

# Check sensor status
endura sensor status

# Check logs for any issues
endura sensor logs

# Verify the new version
endura version

Security Considerations

File Permissions

The sensor runs with appropriate security permissions:

# Check configuration file permissions
ls -la /opt/endura/sensor/environ

# Ensure configuration files have restricted permissions
sudo chmod 600 /opt/endura/sensor/environ
sudo chown root:root /opt/endura/sensor/environ

Firewall Configuration

Alpine Linux typically uses iptables for firewall management. If using a firewall, ensure the sensor can communicate with Team Server:

# For iptables
sudo iptables -A OUTPUT -d your-team-server-ip -p tcp --dport 443 -j ACCEPT

# Save iptables rules (Alpine specific)
sudo /etc/init.d/iptables save

# Or if using awall (Alpine Wall)
echo 'filter {
    output tcp dport 443 daddr your-team-server-ip ACCEPT;
}' | sudo tee -a /etc/awall/optional/endura.json
sudo awall enable endura
sudo awall activate

AppArmor Considerations

Alpine Linux may use AppArmor in some configurations. If you encounter AppArmor denials:

# Check if AppArmor is running
ps aux | grep apparmor

# Check for AppArmor denials in system logs
sudo grep -i apparmor /var/log/messages | grep endura

# View AppArmor profiles if installed
sudo ls /etc/apparmor.d/ 2>/dev/null || echo "AppArmor not installed"

Uninstalling the Sensor

Remove the Installation

To completely remove the Endura Sensor:

# Stop the sensor
sudo endura sensor stop --force

# Remove the sensor binary and files
sudo rm -rf /opt/endura/
sudo rm -f /usr/bin/endura

# Remove user and group (if created)
sudo deluser endura 2>/dev/null || true
sudo delgroup endura 2>/dev/null || true

# Remove logs if desired
sudo rm -rf /var/log/endura/

Troubleshooting

Common Issues

Sensor fails to start:

# Check sensor status
endura sensor status

# Check configuration syntax
endura --help

# Verify configuration file exists and is readable
sudo ls -la /opt/endura/sensor/environ

# Check for permission issues
endura sensor logs | grep -i permission

Cannot connect to Team Server:

# Test network connectivity
curl -v https://your-team-server.company.com/_health

# Check DNS resolution
nslookup your-team-server.company.com

# Verify firewall rules
sudo iptables -L | grep 443

# Check TLS certificate issues
openssl s_client -connect your-team-server.company.com:443

High resource usage:

# Monitor resource usage
top -p $(pgrep endura-sensor)

# Check memory usage
ps aux | grep endura-sensor

# View system resource usage
free -h && df -h

Configuration issues:

# Validate environment file syntax
sudo cat /opt/endura/sensor/environ

# Test configuration
sudo -u endura /usr/bin/endura version 2>/dev/null || echo "User 'endura' may not exist"

# Check file permissions
sudo ls -la /opt/endura/sensor/

Installation issues:

# Verify installation script execution
curl -sSf https://repo.endurasecurity.com/install/endura-sensor/testing.sh | sudo -E sh -x

# Check disk space
df -h /opt/

# Verify file system permissions
sudo ls -la /opt/

# Check musl compatibility (Alpine uses musl libc)
ldd /usr/bin/endura 2>/dev/null || echo "Static binary - no dependencies"

Log Analysis 

# Search for error messages
endura sensor logs | grep -i error

# Search for connection issues
endura sensor logs | grep -i "connection\|timeout\|refused"

# View recent logs
endura sensor logs

# Follow logs for real-time analysis
endura sensor logs -f

Getting Help

If you encounter issues:

  1. Check sensor logs: endura sensor logs
  2. Verify configuration: sudo cat /opt/endura/sensor/environ
  3. Test network connectivity to Team Server
  4. Ensure proper file permissions
  5. Check system resources and kernel compatibility
  6. Verify installation completed successfully

For additional support, refer to the Endura documentation or contact your system administrator.

Amazon Linux 2023