Runtime Sensor
Deployment
CentOS Stream

CentOS Stream

Deployment Guide

This guide covers deploying Endura Sensor on CentOS Stream using the official Endura package repository.

Prerequisites

Before starting, ensure you have:

  • CentOS Stream 8, 9, or 10
  • Root or sudo access for package installation
  • curl command available for repository installation
  • systemd for service management
  • Active internet connection for package downloads
  • At least 512MB of available RAM
  • 1GB of available disk space

Installation

Step 1: Install Endura Repository and Sensor Package

Install the Endura repository and sensor package with a single command:

curl -sSf https://repo.endurasecurity.com/install/endura-sensor/testing.sh | sudo -E sh

This command will:

  • Add the Endura package repository to your system
  • Install the GPG key for package verification
  • Install the endura-sensor package
  • Install systemd service files

Step 2: Verify Installation

Verify that the Endura Sensor is installed correctly:

endura version

You should see output showing the installed version of the Endura Sensor.

Step 3: Check Service Status

Check that the systemd service is installed but not yet running:

sudo systemctl status endura-sensor

The service should be installed but inactive (stopped) by default.

Configuration

Step 1: Configure Team Server Connection

In order for the Runtime Sensor to report data to a centralized Team Server instance, edit the environment configuration file:

sudo nano /opt/endura/sensor/environ

Add or modify the following environment variables in this file:

# Required for Team Server integration
ENDURA_TEAM_SERVER=https://your-team-server.company.com
ENDURA_SENSOR_TOKEN=your_sensor_token_from_team_server

# Optional configuration variables
ENDURA_BATCHER_AUTOFLUSH=false
ENDURA_HTTP_TIMEOUT=30
ENDURA_LOG_FILE=/var/log/endura/sensor.log
ENDURA_LOG_LEVEL=info
ENDURA_SENSOR_KILL_TASK=true
ENDURA_TLS_VERIFY=true

You can obtain the value for ENDURA_SENSOR_TOKEN as follows:

  1. Browse to your Team Server instance and login.
  2. Select “Sensors” in the main navigation on the left-hand side.
  3. Click the “Create” button in the upper-left hand corner.
  4. Provide a name and description for the sensor and click “Save”.
  5. The provided “Access Token” serves as your ENDURA_SENSOR_TOKEN.

Configuration Variables

Required for Team Server Integration:

  • ENDURA_TEAM_SERVER: The fully qualified URL of your Team Server instance
  • ENDURA_SENSOR_TOKEN: The sensor token generated by Team Server for this sensor

Optional Configuration:

  • ENDURA_BATCHER_AUTOFLUSH: Set to true to automatically submit violations as detected instead of batching them (default: false)
  • ENDURA_HTTP_TIMEOUT: Number of seconds the HTTP client will wait when interacting with Team Server (default: 5)
  • ENDURA_LOG_FILE: Fully qualified path to a log file on disk for saving logs (default: /var/log/endura/sensor.log)
  • ENDURA_LOG_LEVEL: Log level of either trace, debug, info, warn, or error (default: info)
  • ENDURA_SENSOR_KILL_TASK: Set to false to disable killing tasks/processes that trigger violations (default: true)
  • ENDURA_TLS_VERIFY: Controls TLS certificate verification (default: true) - WARNING: Setting to false is dangerous and only suitable for testing

Step 2: Start and Enable the Service

Start the Endura Sensor service and enable it to start automatically at boot:

# Start the service
sudo systemctl start endura-sensor

# Enable automatic startup at boot
sudo systemctl enable endura-sensor

# Verify the service is running
sudo systemctl status endura-sensor

Step 3: Verify Service Operation

Check that the sensor is operating correctly:

# Check service status
sudo systemctl is-active endura-sensor

# View recent logs
sudo journalctl -u endura-sensor -n 20

# Follow live logs
sudo journalctl -u endura-sensor -f

Step 4: Verify Team Server Connection (Optional)

If you configured Team Server integration, verify the connection is working:

  1. Browse to your Team Server instance and login.
  2. Select Sensors in the main navigation on the left-hand side.
  3. Search for your recently created Sensor and verify the Status column shows “Active”.
  4. Select Deployments in the main navigation on the left-hand side.
  5. Verify a new Deployment appears whose name reflects the hostname of this host.

Service Management

Viewing Logs

View service logs using journalctl:

# View all logs for the service
sudo journalctl -u endura-sensor

# View recent logs (last 50 lines)
sudo journalctl -u endura-sensor -n 50

# Follow live logs
sudo journalctl -u endura-sensor -f

# View logs since a specific time
sudo journalctl -u endura-sensor --since "2024-01-01 00:00:00"

# View logs with timestamps
sudo journalctl -u endura-sensor -o short-iso

Service Control Commands 

# Start the service
sudo systemctl start endura-sensor

# Stop the service
sudo systemctl stop endura-sensor

# Restart the service
sudo systemctl restart endura-sensor

# Reload configuration (if supported)
sudo systemctl reload endura-sensor

# Check service status
sudo systemctl status endura-sensor

# Enable automatic startup
sudo systemctl enable endura-sensor

# Disable automatic startup
sudo systemctl disable endura-sensor

# Check if service is enabled
sudo systemctl is-enabled endura-sensor

Updating the Sensor

Update via DNF

Update the Endura Sensor to the latest version:

# Update the sensor package
sudo dnf upgrade -y endura-sensor

# Restart the service to use the new version
sudo systemctl restart endura-sensor

# Verify the new version
endura version

Verify Update

After updating, verify the sensor is running correctly:

# Check service status
sudo systemctl status endura-sensor

# Check logs for any issues
sudo journalctl -u endura-sensor -n 20

# Verify the new version
endura version

Security Considerations

File Permissions

The sensor runs with appropriate security permissions:

# Check service file permissions
ls -la /etc/systemd/system/endura-sensor.service

# Check configuration file permissions
ls -la /opt/endura/sensor/environ

# Ensure configuration files have restricted permissions
sudo chmod 600 /opt/endura/sensor/environ
sudo chown root:root /opt/endura/sensor/environ

Firewall Configuration

If using a firewall, ensure the sensor can communicate with Team Server:

# For firewalld (CentOS Stream default)
sudo firewall-cmd --permanent --add-rich-rule="rule family=ipv4 destination address=your-team-server-ip port=443 protocol=tcp accept"
sudo firewall-cmd --reload

# Or allow HTTPS traffic generally
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

SELinux Considerations

If SELinux is enabled (default on CentOS Stream), the sensor package includes appropriate SELinux policies. If you encounter SELinux denials:

# Check for SELinux denials
sudo ausearch -m avc -ts recent | grep endura

# If issues persist, check SELinux status
sudo sestatus

# View SELinux context of sensor files
ls -laZ /opt/endura/sensor/

CentOS Stream-Specific Security Features

CentOS Stream includes upstream security features that may affect the sensor:

# Check kernel version (CentOS Stream gets newer kernels frequently)
uname -r

# Verify eBPF support in current kernel
sudo bpftool version 2>/dev/null || echo "bpftool not installed"

# Check for RHEL upstream security patches
sudo dnf list --security

Uninstalling the Sensor

Remove the Package

To completely remove the Endura Sensor:

# Stop the service
sudo systemctl stop endura-sensor
sudo systemctl disable endura-sensor

# Remove the package
sudo dnf remove -y endura-sensor

# Remove logs if desired
sudo rm -rf /var/log/endura/

Remove Repository (Optional)

To remove the Endura repository from your system:

# Remove repository configuration
sudo rm -f /etc/yum.repos.d/endura*.repo

# Remove GPG key
sudo rpm -e gpg-pubkey-$(rpm -qa gpg-pubkey* | grep -i endura | head -1 | cut -d'-' -f3-4)

# Clean package cache
sudo dnf clean all

Troubleshooting

Common Issues

Service fails to start:

# Check detailed service status
sudo systemctl status endura-sensor -l

# Check configuration syntax
sudo /usr/bin/endura --help

# Verify configuration file exists and is readable
sudo ls -la /opt/endura/sensor/environ

# Check for permission issues
sudo journalctl -u endura-sensor | grep -i permission

Cannot connect to Team Server:

# Test network connectivity
curl -v https://your-team-server.company.com/_health

# Check DNS resolution
nslookup your-team-server.company.com

# Verify firewall rules
sudo firewall-cmd --list-all

# Check TLS certificate issues
openssl s_client -connect your-team-server.company.com:443

High resource usage:

# Monitor resource usage
top -p $(pgrep endura-sensor)

# Check memory usage
ps aux | grep endura-sensor

# View detailed system usage
sudo systemd-cgtop

Configuration issues:

# Validate environment file syntax
sudo cat /opt/endura/sensor/environ

# Test configuration
sudo -u endura /usr/bin/endura version

# Check file permissions
sudo ls -la /opt/endura/sensor/

CentOS Stream Specific Troubleshooting 

# Check CentOS Stream version
cat /etc/centos-release

# Verify repository configuration
sudo dnf repolist enabled

# Check for CentOS Stream updates
sudo dnf check-update

# Verify kernel compatibility (CentOS Stream has frequent kernel updates)
uname -r
sudo bpftool feature 2>/dev/null | head -10 || echo "bpftool not available"

# Check for conflicting packages from multiple repos
sudo dnf list installed | grep -E "(kernel|bpf)" | head -10

# Verify EPEL repository isn't conflicting
sudo dnf repolist | grep -i epel

Package Management Issues 

# Check for repository metadata issues
sudo dnf makecache

# Verify GPG signatures
sudo dnf check --security

# Clear DNF cache
sudo dnf clean all
sudo dnf makecache

# Check for package conflicts
sudo dnf distro-sync --best

Log Analysis 

# Search for error messages
sudo journalctl -u endura-sensor | grep -i error

# Search for connection issues
sudo journalctl -u endura-sensor | grep -i "connection\|timeout\|refused"

# Check startup messages
sudo journalctl -u endura-sensor --since "$(date -d '1 hour ago')"

# Export logs for analysis
sudo journalctl -u endura-sensor --no-pager > endura-sensor.log

# Check for kernel messages
sudo dmesg | grep -i bpf | tail -10

Getting Help

If you encounter issues:

  1. Check service logs: sudo journalctl -u endura-sensor
  2. Verify configuration: sudo cat /opt/endura/sensor/environ
  3. Test network connectivity to Team Server
  4. Ensure proper file permissions and SELinux contexts
  5. Check system resources and kernel compatibility
  6. Verify CentOS Stream version: cat /etc/centos-release
  7. Check for recent kernel updates: dnf list installed kernel*

For additional support, refer to the Endura documentation or contact your system administrator.

Arch LinuxDebian and Ubuntu