SUSE
OpenSUSE and SUSE Linux Enterprise Server Deployment Guide
This guide covers deploying Endura Sensor on SUSE-based distributions including OpenSUSE Leap, OpenSUSE Tumbleweed, and SUSE Linux Enterprise Server (SLES) using the official Endura package repository.
Prerequisites
Before starting, ensure you have:
- OpenSUSE Leap 15+, OpenSUSE Tumbleweed, or SUSE Linux Enterprise Server 15+
- Root or sudo access for package installation
- curl command available for repository installation
- systemd for service management
- Active internet connection for package downloads
- At least 512MB of available RAM
- 1GB of available disk space
Installation
Step 1: Install Endura Repository and Sensor Package
Install the Endura repository and sensor package with a single command:
curl -sSf https://repo.endurasecurity.com/install/endura-sensor/testing.sh | sudo -E shThis command will:
- Add the Endura package repository to your system
- Install the GPG key for package verification
- Install the
endura-sensorpackage - Install systemd service files
Step 2: Verify Installation
Verify that the Endura Sensor is installed correctly:
endura versionYou should see output showing the installed version of the Endura Sensor.
Step 3: Check Service Status
Check that the systemd service is installed but not yet running:
sudo systemctl status endura-sensorThe service should be installed but inactive (stopped) by default.
Configuration
Step 1: Configure Team Server Connection
In order for the Runtime Sensor to report data to a centralized Team Server instance, edit the environment configuration file:
sudo nano /opt/endura/sensor/environAdd or modify the following environment variables in this file:
# Required for Team Server integration
ENDURA_TEAM_SERVER=https://your-team-server.company.com
ENDURA_SENSOR_TOKEN=your_sensor_token_from_team_server
# Optional configuration variables
ENDURA_BATCHER_AUTOFLUSH=false
ENDURA_HTTP_TIMEOUT=30
ENDURA_LOG_FILE=/var/log/endura/sensor.log
ENDURA_LOG_LEVEL=info
ENDURA_SENSOR_KILL_TASK=true
ENDURA_TLS_VERIFY=trueYou can obtain the value for ENDURA_SENSOR_TOKEN as follows:
- Browse to your Team Server instance and login.
- Select “Sensors” in the main navigation on the left-hand side.
- Click the “Create” button in the upper-left hand corner.
- Provide a name and description for the sensor and click “Save”.
- The provided “Access Token” serves as your
ENDURA_SENSOR_TOKEN.
Configuration Variables
Required for Team Server Integration:
ENDURA_TEAM_SERVER: The fully qualified URL of your Team Server instanceENDURA_SENSOR_TOKEN: The sensor token generated by Team Server for this sensor
Optional Configuration:
ENDURA_BATCHER_AUTOFLUSH: Set totrueto automatically submit violations as detected instead of batching them (default:false)ENDURA_HTTP_TIMEOUT: Number of seconds the HTTP client will wait when interacting with Team Server (default: 5)ENDURA_LOG_FILE: Fully qualified path to a log file on disk for saving logs (default:/var/log/endura/sensor.log)ENDURA_LOG_LEVEL: Log level of eithertrace,debug,info,warn, orerror(default:info)ENDURA_SENSOR_KILL_TASK: Set tofalseto disable killing tasks/processes that trigger violations (default:true)ENDURA_TLS_VERIFY: Controls TLS certificate verification (default:true) - WARNING: Setting tofalseis dangerous and only suitable for testing
Step 2: Start and Enable the Service
Start the Endura Sensor service and enable it to start automatically at boot:
# Start the service
sudo systemctl start endura-sensor
# Enable automatic startup at boot
sudo systemctl enable endura-sensor
# Verify the service is running
sudo systemctl status endura-sensorStep 3: Verify Service Operation
Check that the sensor is operating correctly:
# Check service status
sudo systemctl is-active endura-sensor
# View recent logs
sudo journalctl -u endura-sensor -n 20
# Follow live logs
sudo journalctl -u endura-sensor -fStep 4: Verify Team Server Connection (Optional)
If you configured Team Server integration, verify the connection is working:
- Browse to your Team Server instance and login.
- Select Sensors in the main navigation on the left-hand side.
- Search for your recently created Sensor and verify the Status column shows “Active”.
- Select Deployments in the main navigation on the left-hand side.
- Verify a new Deployment appears whose name reflects the hostname of this host.
Service Management
Viewing Logs
View service logs using journalctl:
# View all logs for the service
sudo journalctl -u endura-sensor
# View recent logs (last 50 lines)
sudo journalctl -u endura-sensor -n 50
# Follow live logs
sudo journalctl -u endura-sensor -f
# View logs since a specific time
sudo journalctl -u endura-sensor --since "2024-01-01 00:00:00"
# View logs with timestamps
sudo journalctl -u endura-sensor -o short-isoService Control Commands
# Start the service
sudo systemctl start endura-sensor
# Stop the service
sudo systemctl stop endura-sensor
# Restart the service
sudo systemctl restart endura-sensor
# Reload configuration (if supported)
sudo systemctl reload endura-sensor
# Check service status
sudo systemctl status endura-sensor
# Enable automatic startup
sudo systemctl enable endura-sensor
# Disable automatic startup
sudo systemctl disable endura-sensor
# Check if service is enabled
sudo systemctl is-enabled endura-sensorUpdating the Sensor
Update via Zypper
Update the Endura Sensor to the latest version:
# Update the sensor package
sudo zypper update endura-sensor
# Restart the service to use the new version
sudo systemctl restart endura-sensor
# Verify the new version
endura versionVerify Update
After updating, verify the sensor is running correctly:
# Check service status
sudo systemctl status endura-sensor
# Check logs for any issues
sudo journalctl -u endura-sensor -n 20
# Verify the new version
endura versionSecurity Considerations
File Permissions
The sensor runs with appropriate security permissions:
# Check service file permissions
ls -la /etc/systemd/system/endura-sensor.service
# Check configuration file permissions
ls -la /opt/endura/sensor/environ
# Ensure configuration files have restricted permissions
sudo chmod 600 /opt/endura/sensor/environ
sudo chown root:root /opt/endura/sensor/environFirewall Configuration
If using a firewall, ensure the sensor can communicate with Team Server:
# For SuSEfirewall2 (SLES 12 and older)
sudo SuSEfirewall2 open EXT TCP https
# For firewalld (SLES 15+ and OpenSUSE Leap)
sudo firewall-cmd --permanent --add-rich-rule="rule family=ipv4 destination address=your-team-server-ip port=443 protocol=tcp accept"
sudo firewall-cmd --reload
# Or allow HTTPS traffic generally with firewalld
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# For ufw (if installed on OpenSUSE)
sudo ufw allow out 443/tcpAppArmor Considerations
If AppArmor is enabled (common on SUSE systems), the sensor package includes appropriate AppArmor profiles. If you encounter AppArmor denials:
# Check for AppArmor denials
sudo dmesg | grep -i apparmor | grep endura
# Check AppArmor status
sudo aa-status | grep endura
# View AppArmor profile status
sudo aa-status
# If issues persist, check AppArmor logs
sudo journalctl | grep -i apparmor | grep enduraUninstalling the Sensor
Remove the Package
To completely remove the Endura Sensor:
# Stop the service
sudo systemctl stop endura-sensor
sudo systemctl disable endura-sensor
# Remove the package
sudo zypper remove endura-sensor
# Remove logs if desired
sudo rm -rf /var/log/endura/Remove Repository (Optional)
To remove the Endura repository from your system:
# Remove repository configuration
sudo zypper removerepo endura-sensor
# Or remove manually
sudo rm -f /etc/zypp/repos.d/endura*.repo
# Remove GPG key
sudo rpm -e gpg-pubkey-$(rpm -qa gpg-pubkey* | grep -i endura | head -1 | cut -d'-' -f3-4)
# Clean package cache
sudo zypper clean --allTroubleshooting
Common Issues
Service fails to start:
# Check detailed service status
sudo systemctl status endura-sensor -l
# Check configuration syntax
sudo /usr/bin/endura --help
# Verify configuration file exists and is readable
sudo ls -la /opt/endura/sensor/environ
# Check for permission issues
sudo journalctl -u endura-sensor | grep -i permissionCannot connect to Team Server:
# Test network connectivity
curl -v https://your-team-server.company.com/_health
# Check DNS resolution
nslookup your-team-server.company.com
# Verify firewall rules (firewalld)
sudo firewall-cmd --list-all
# Check TLS certificate issues
openssl s_client -connect your-team-server.company.com:443High resource usage:
# Monitor resource usage
top -p $(pgrep endura-sensor)
# Check memory usage
ps aux | grep endura-sensor
# View detailed system usage
sudo systemd-cgtopConfiguration issues:
# Validate environment file syntax
sudo cat /opt/endura/sensor/environ
# Test configuration
sudo -u endura /usr/bin/endura version
# Check file permissions
sudo ls -la /opt/endura/sensor/Log Analysis
# Search for error messages
sudo journalctl -u endura-sensor | grep -i error
# Search for connection issues
sudo journalctl -u endura-sensor | grep -i "connection\|timeout\|refused"
# Check startup messages
sudo journalctl -u endura-sensor --since "$(date -d '1 hour ago')"
# Export logs for analysis
sudo journalctl -u endura-sensor --no-pager > endura-sensor.logSUSE-Specific Troubleshooting
# Check zypper repository status
sudo zypper repos
# Refresh repository metadata
sudo zypper refresh
# Check for package conflicts
sudo zypper verify endura-sensor
# View package information
sudo zypper info endura-sensor
# Check for dependency issues
sudo zypper verifyGetting Help
If you encounter issues:
- Check service logs:
sudo journalctl -u endura-sensor - Verify configuration:
sudo cat /opt/endura/sensor/environ - Test network connectivity to Team Server
- Ensure proper file permissions and AppArmor contexts
- Check system resources and kernel compatibility
- Verify repository configuration:
sudo zypper repos
For additional support, refer to the Endura documentation or contact your system administrator.