Runtime Sensor
Deployment
RHEL/Alma/Rocky

RHEL/Alma/Rocky

Deployment Guide

This guide covers deploying Endura Sensor on RPM-based distributions including RedHat Enterprise Linux (RHEL), AlmaLinux, and Rocky Linux using the official Endura package repository.

Prerequisites

Before starting, ensure you have:

  • RedHat Enterprise Linux 8/9/10, AlmaLinux 8/9/10, or Rocky Linux 8/9/10
  • Root or sudo access for package installation
  • curl command available for repository installation
  • systemd for service management
  • Active internet connection for package downloads
  • At least 512MB of available RAM
  • 1GB of available disk space

Installation

Step 1: Install Endura Repository and Sensor Package

Install the Endura repository and sensor package with a single command:

curl -sSf https://repo.endurasecurity.com/install/endura-sensor/testing.sh | sudo -E sh

This command will:

  • Add the Endura package repository to your system
  • Install the GPG key for package verification
  • Install the endura-sensor package
  • Install systemd service files

Step 2: Verify Installation

Verify that the Endura Sensor is installed correctly:

endura version

You should see output showing the installed version of the Endura Sensor.

Step 3: Check Service Status

Check that the systemd service is installed but not yet running:

sudo systemctl status endura-sensor

The service should be installed but inactive (stopped) by default.

Configuration

Step 1: Configure Team Server Connection

In order for the Runtime Sensor to report data to a centralized Team Server instance, edit the environment configuration file:

sudo nano /opt/endura/sensor/environ

Add or modify the following environment variables in this file:

# Required for Team Server integration
ENDURA_TEAM_SERVER=https://your-team-server.company.com
ENDURA_SENSOR_TOKEN=your_sensor_token_from_team_server

# Optional configuration variables
ENDURA_BATCHER_AUTOFLUSH=false
ENDURA_HTTP_TIMEOUT=30
ENDURA_LOG_FILE=/var/log/endura/sensor.log
ENDURA_LOG_LEVEL=info
ENDURA_SENSOR_KILL_TASK=true
ENDURA_TLS_VERIFY=true

You can obtain the value for ENDURA_SENSOR_TOKEN as follows:

  1. Browse to your Team Server instance and login.
  2. Select Sensors in the main navigation on the left-hand side.
  3. Click the Create button in the upper-left hand corner.
  4. Provide a name and description for the sensor and click Save.
  5. The provided Access Token serves as your ENDURA_SENSOR_TOKEN.

Configuration Variables

Required for Team Server Integration:

  • ENDURA_TEAM_SERVER: The fully qualified URL of your Team Server instance
  • ENDURA_SENSOR_TOKEN: The sensor token generated by Team Server for this sensor

Optional Configuration:

  • ENDURA_BATCHER_AUTOFLUSH: Set to true to automatically submit violations as detected instead of batching them (default: false)
  • ENDURA_HTTP_TIMEOUT: Number of seconds the HTTP client will wait when interacting with Team Server (default: 5)
  • ENDURA_LOG_FILE: Fully qualified path to a log file on disk for saving logs (default: /var/log/endura/sensor.log)
  • ENDURA_LOG_LEVEL: Log level of either trace, debug, info, warn, or error (default: info)
  • ENDURA_SENSOR_KILL_TASK: Set to false to disable killing tasks/processes that trigger violations (default: true)
  • ENDURA_TLS_VERIFY: Controls TLS certificate verification (default: true) - WARNING: Setting to false is dangerous and only suitable for testing

Step 2: Start and Enable the Service

Start the Endura Sensor service and enable it to start automatically at boot:

# Start the service
sudo systemctl start endura-sensor

# Enable automatic startup at boot
sudo systemctl enable endura-sensor

# Verify the service is running
sudo systemctl status endura-sensor

Step 3: Verify Service Operation

Check that the sensor is operating correctly:

# Check service status
sudo systemctl is-active endura-sensor

# View recent logs
sudo journalctl -u endura-sensor -n 20

# Follow live logs
sudo journalctl -u endura-sensor -f

Step 4: Verify Team Server Connection (Optional)

If you configured Team Server integration, verify the connection is working:

  1. Browse to your Team Server instance and login.
  2. Select Sensors in the main navigation on the left-hand side.
  3. Search for your recently created Sensor and verify the Status column shows “Active”.
  4. Select Deployments in the main navigation on the left-hand side.
  5. Verify a new Deployment appears whose name reflects the hostname of this host.

Service Management

Viewing Logs

View service logs using journalctl:

# View all logs for the service
sudo journalctl -u endura-sensor

# View recent logs (last 50 lines)
sudo journalctl -u endura-sensor -n 50

# Follow live logs
sudo journalctl -u endura-sensor -f

# View logs since a specific time
sudo journalctl -u endura-sensor --since "2024-01-01 00:00:00"

# View logs with timestamps
sudo journalctl -u endura-sensor -o short-iso

Service Control Commands 

# Start the service
sudo systemctl start endura-sensor

# Stop the service
sudo systemctl stop endura-sensor

# Restart the service
sudo systemctl restart endura-sensor

# Reload configuration (if supported)
sudo systemctl reload endura-sensor

# Check service status
sudo systemctl status endura-sensor

# Enable automatic startup
sudo systemctl enable endura-sensor

# Disable automatic startup
sudo systemctl disable endura-sensor

# Check if service is enabled
sudo systemctl is-enabled endura-sensor

Updating the Sensor

Update via DNF

Update the Endura Sensor to the latest version:

# Update the sensor package
sudo dnf upgrade -y endura-sensor

# Restart the service to use the new version
sudo systemctl restart endura-sensor

# Verify the new version
endura version

Verify Update

After updating, verify the sensor is running correctly:

# Check service status
sudo systemctl status endura-sensor

# Check logs for any issues
sudo journalctl -u endura-sensor -n 20

# Verify the new version
endura version

Security Considerations

File Permissions

The sensor runs with appropriate security permissions:

# Check service file permissions
ls -la /etc/systemd/system/endura-sensor.service

# Check configuration file permissions
ls -la /opt/endura/sensor/environ

# Ensure configuration files have restricted permissions
sudo chmod 600 /opt/endura/sensor/environ
sudo chown root:root /opt/endura/sensor/environ

Firewall Configuration

If using a firewall, ensure the sensor can communicate with Team Server:

# For firewalld (RHEL/Rocky/Alma default)
sudo firewall-cmd --permanent --add-rich-rule="rule family=ipv4 destination address=your-team-server-ip port=443 protocol=tcp accept"
sudo firewall-cmd --reload

# Or allow HTTPS traffic generally
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

SELinux Considerations

If SELinux is enabled (default on RHEL-based systems), the sensor package includes appropriate SELinux policies. If you encounter SELinux denials:

# Check for SELinux denials
sudo ausearch -m avc -ts recent | grep endura

# If issues persist, check SELinux status
sudo sestatus

# View SELinux context of sensor files
ls -laZ /opt/endura/sensor/

Uninstalling the Sensor

Remove the Package

To completely remove the Endura Sensor:

# Stop the service
sudo systemctl stop endura-sensor
sudo systemctl disable endura-sensor

# Remove the package
sudo dnf remove -y endura-sensor

# Remove logs if desired
sudo rm -rf /var/log/endura/

Remove Repository (Optional)

To remove the Endura repository from your system:

# Remove repository configuration
sudo rm -f /etc/yum.repos.d/endura*.repo

# Remove GPG key
sudo rpm -e gpg-pubkey-$(rpm -qa gpg-pubkey* | grep -i endura | head -1 | cut -d'-' -f3-4)

# Clean package cache
sudo dnf clean all

Troubleshooting

Common Issues

Service fails to start:

# Check detailed service status
sudo systemctl status endura-sensor -l

# Check configuration syntax
sudo /usr/bin/endura --help

# Verify configuration file exists and is readable
sudo ls -la /opt/endura/sensor/environ

# Check for permission issues
sudo journalctl -u endura-sensor | grep -i permission

Cannot connect to Team Server:

# Test network connectivity
curl -v https://your-team-server.company.com/_health

# Check DNS resolution
nslookup your-team-server.company.com

# Verify firewall rules
sudo firewall-cmd --list-all

# Check TLS certificate issues
openssl s_client -connect your-team-server.company.com:443

High resource usage:

# Monitor resource usage
top -p $(pgrep endura-sensor)

# Check memory usage
ps aux | grep endura-sensor

# View detailed system usage
sudo systemd-cgtop

Configuration issues:

# Validate environment file syntax
sudo cat /opt/endura/sensor/environ

# Test configuration
sudo -u endura /usr/bin/endura version

# Check file permissions
sudo ls -la /opt/endura/sensor/

Log Analysis 

# Search for error messages
sudo journalctl -u endura-sensor | grep -i error

# Search for connection issues
sudo journalctl -u endura-sensor | grep -i "connection\|timeout\|refused"

# Check startup messages
sudo journalctl -u endura-sensor --since "$(date -d '1 hour ago')"

# Export logs for analysis
sudo journalctl -u endura-sensor --no-pager > endura-sensor.log

Getting Help

If you encounter issues:

  1. Check service logs: sudo journalctl -u endura-sensor
  2. Verify configuration: sudo cat /opt/endura/sensor/environ
  3. Test network connectivity to Team Server
  4. Ensure proper file permissions and SELinux contexts
  5. Check system resources and kernel compatibility

For additional support, refer to the Endura documentation or contact your system administrator.

Oracle LinuxSUSE