Installing Authentication Verifier Agent on Linux in Acunetix 360 (Debian Distribution)

You can download and install authentication verifier agents to verify that you run authenticated scans in your local environment.

  • In order to scan a website located on your internal network, and not accessible from the internet, you can install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Acunetix 360.
  • You can download and install an internal verifier agent to perform the authentication, so you can make sure that your scan is authenticated.

To install the authentication verifier agent on the Linux operating system, you must install some dependencies on the system, such as .NET, Mono. Mono is a software platform designed to allow developers to easily create cross-platform applications that become part of the .NET Foundation.

This topic explains how to install, update, and uninstall authentication verifier agents on Linux (Debian). Using Windows? See Installing Authentication Verifier Agents. For the RedHat distributions, see Installing Authentication Verifier Agent on Linux (RedHat Distribution).

Tips

The Authentication Verifier Agent is an optional component.


Download and install the authentication verifier agent if you need to scan websites with form or basic authentication or OAuth2. The authentication verifier agents also work for the Authentication Profiles, Custom Scripts for Form Authentication, CyberArk Vault, HashiCorp Vault, and AzureKey Vault.

Downloading and configuring authentication verifier agent on Linux

There are 3 steps in this process:

  1. Downloading an authentication verifier agent
  2. Installing an authentication verifier agent
  3. Setting an authentication verifier agent as a Linux Service

Prerequisites

Information

Starting with the 7 December 2022 dated release, internal agents are bundled with the required .NET framework. So, you don't need to install .NET into your environment. As a result, the installation steps are changed with version 2.0.2.157.

Hardware Requirements

  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 4 GB RAM or higher recommended
  • 10 GB Free Disk space for each internal agent
  • If NTLM is used as the authentication method, Ubuntu version 24.04 or its equivalent must be used at a minimum

Network Requirements

  • The Agent should be configured so that it can reach your internal website through HTTP/HTTPS.
  • The Agent needs to be able to access the Acunetix 360 Authentication Verifier Server’s HTTP(S) (443) port.

Allowlisting Requirements

  • www.invicti.com
  • r87.me
  • 52.1.118.97, acx-avservice.acunetix360.com

Required Access

  • User(s) must have root privileges to run the required commands.

Step 1. Downloading authentication verifier agent

You need to download the installation files of the authentication verifier agent.

How to download the authentication verifier agent
  1. Log in to Acunetix 360.
  2. From the main menu, go to Agents > Manage Agents > Configure New Agent.
  3. From the Authentication Verifier section, select Linux to download the required files to install the verifier agent.

Step 2. Installing the authentication verifier agent

How to install the authentication verifier agent
  1. Open a terminal window.
  2. Update the following operating system application repositories:

sudo apt update && sudo apt upgrade -y

  1. Install the following dependent packages:

sudo apt-get install p7zip-full

sudo apt install -y wget gss-ntlmssp nano mono-complete apt-transport-https

  1. Next, install dotnet-sdk-3.1 for Linux operating systems. (This 4th step is only required for internal agents older than version 2.0.2.157.)

Information

If you've already installed the SDK or runtime, use the dotnet --list-sdks and dotnet --list-runtimes commands to see which versions are installed.

wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.deb


sudo dpkg -i packages-microsoft-prod.deb && sudo apt update

sudo apt install -y dotnet-sdk-3.1

  1. Create a folder for Acunetix 360 Verifier dependency:

sudo mkdir -p /home/[YOUR_USER]/.local/share/Netsparker_Ltd

sudo chown -R [YOUR_USER] /home/[YOUR_USER]/.local/share

Information

[YOUR_USER] in the 5th step must be the same as [YOUR_USER] in the unit file described later in this article.

  1. Install the Headless Chrome browser dependencies:

sudo apt install -y gconf-service libasound2 libatk1.0-0 libatk-bridge2.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libappindicator1 libnss3 lsb-release xdg-utils libgdiplus

IMPORTANT:

If the operating system is Ubuntu 24.04 or higher, the following should be used:

sudo apt install -y libasound2t64 libatk1.0-0 libatk-bridge2.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libnss3 lsb-release xdg-utils libgdiplus

Information

Only for Kali distributions, you may face a problem while installing the libappindicator1 dependency specified in the 6th step. If you do so, see Adding Debian Repository to the Sources.List in Kali Rolling.

  1. Next, extract the TAR file:

To extract the authentication verifier agent, run the following commands:

cd /home/[YOUR_USER]

tar -xvf Acunetix_360_Verifier_Agent.tar --one-top-level

            Open appsettings.json file via any text editor you prefer in order to enter the necessary information, such as ApiToken:

cd /home/[YOUR_USER]/Acunetix_360_Verifier_Agent

nano appsettings.json


These settings will be used by the agent:

  • AgentName: This can be anything you want. This text will be displayed when you are starting a new scan. (If you are going to install more than one instance of the agent, you must set a unique agentName value for each instance, something you will use later.)
  • AgentType: This can be Standard.
  • ApiToken: In Acunetix 360, the Agent Token is displayed in the Configure New Agent window. Copy the value into the apiToken.

Changing default data folder for the authentication verifier agent

To change the default data folder, add the following attribute under AgentInfo: "ScanDataFolderPath": "FullPath"

The full path, for example, can be the following: /home/[YOUR_USER]/[data folder]/

If you modify the existing agent's appsettings.json file, you need to restart the service. If you add this line to the new agent, you can keep following the installation instruction.

Warning

  • Do not edit the ApiRootUrl address. If edited, your authentication verifier agent may not work.
  • Whitelist the ApiRootUrl address so that the authentication verifier agents can access the verifier server for the form authentication.
  • Make sure the machine where the authentication verifier agent is installed can access the ApiRootURL.

Setting proxy in authentication verifier agent

You can set a proxy for the authentication verifier agent in Acunetix 360. You are required to manually enter proxy settings to the appsettings.json file with your preferred text editor.

Acunetix 360 supports Basic Authentication but not Digest and NTLM.

Field

Description

Proxy Mode

Enter your proxy settings if you want the Agent to use or not to use the proxy. There are three modes:

  • NoProxy: The Agent does not use a proxy even if you configure the server's proxy settings.
  • SystemProxy: The Agent uses the System Proxy that was defined on the server.
  • CustomProxy: The Agent uses Custom Proxy that you define in the appsettings.json file.

Use Default Credentials

Enter true if you authenticate to the proxy via the user that the Agent service is defined.

Username

Enter a username for authentication

Password

Enter a password for authentication

Domain

Enter a domain name

Address

Enter a proxy address. Only IP address or hostname without schema and port is allowed.

Port

Enter a port for the proxy

Bypass on Local

Enter a value that indicates whether to bypass the proxy server for local addresses.

Bypass List

Enter the address(es) that do not use the proxy server. Enter address(es) as RegEx.

Using Proxy Auto-Configuration file

You can use Proxy Automatic Configuration (PAC) to configure your proxy. A PAC file lets you describe the proxy configuration in a file using JavaScript, so you can manage your proxy settings effortlessly.

Information

To use a PAC file, you must set the Proxy Mode to System Proxy in the appsetting.json file.

How to use a Proxy Auto-Configuration file  in Linux (Debian Distribution)
  1. Go to Settings > Network > Network Proxy.
  2. From the Network Proxy window, select Automatic.
  3. In the Configuration URL field, enter the PAC file's URL address.

  1. Close the window.
How to Add Debian Repository to the Source.List in the Kali Rolling Distribution

You need to add the Debian Repository to the Source.List in Kali Rolling so that you can install the libappindicator1 for the Headless Chrome browser dependencies.

  1. Open a terminal window.
  2. sudo nano /etc/apt/sources.list
  3. Add the following lines to the Source.List file
  • deb http://deb.debian.org/debian buster main contrib non-free
  • deb-src http://deb.debian.org/debian buster main contrib non-free
  1. Save and close the document.
  2. sudo apt update
  3. sudo apt install libappindicator1

Once you install the libappindicator1, you can resume Installing the Agent with the 7th step.

Step 3. Setting authentication verifier agent as a Linux Service

An internal agent should be configured as a Linux service so that it can poll the Acuentix 360 servers regularly and can take the scan initiation command from the server.

You can complete this process in three steps:

Add a unit file for a Acunetix 360 Agent

  1. Open a terminal
  2. cd /etc/systemd/system
  3. sudo touch [YOUR_AGENT_NAME].service
  4. sudo nano [YOUR_AGENT_NAME].service

Information

The AgentName in the appsetting.json file and the unit file name for the agent must have the same name.

  1. Add the following script into [YOUR_AGENT_NAME].service

For internal agents older than 2.0.2.157, use the following script:

[Unit]

Description=netsparker.service description

[Service]

Type=notify

KillMode=process

Restart=always

RestartSec=30

SyslogIdentifier=[YOUR_USER]

KillSignal=SIGINT

User=[YOUR_USER]

WorkingDirectory= [YOUR_AGENT_DIRECTORY_PATH]

ExecStart=/usr/bin/dotnet [YOUR_AGENT_DIRECTORY_PATH]/Acunetix.Cloud.Agent.dll

[Install]

WantedBy=multi-user.target

For internal agents version 2.0.2.157 or newer, use the following script:

[Unit]

Description=netsparker.service description

[Service]

Type=notify

KillMode=process

Restart=always

RestartSec=30

SyslogIdentifier=[YOUR_USER]

KillSignal=SIGINT

User=[YOUR_USER]

WorkingDirectory= [YOUR_AGENT_DIRECTORY_PATH]

ExecStart = [Your Agent Directory path]/Acunetix.Cloud.Agent

[Install]

WantedBy=multi-user.target

Information

The [YOUR_USER] in the unit file must be the same as [YOUR_USER] that you entered while installing the verifier agent.

Save and close the document.

Configure Sudoers for a Acunetix 360 Agent

  1. sudo cd /etc/sudoers.d
  2. sudo touch [YOUR_AGENT_NAME]-systemctl
  3. sudo visudo -f [YOUR_AGENT_NAME]-systemctl
  4. Add the following script into [YOUR_AGENT_NAME]-systemctl
  1. [YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl start [YOUR_AGENT_NAME].service
  2. [YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl stop [YOUR_AGENT_NAME].service


Save and close the document.

Start Acunetix 360 Agent as a Linux Service

  1. sudo systemctl daemon-reload
  2. sudo systemctl start [YOUR_AGENT_NAME].service

You can now check the status of the connection between Acunetix 360 and the authentication verifier agent. From the Agents menu, select Manage Verifier.

Tips

To keep the scanning agent service running in case of rebooting of the machine where the Agent is installed, do the following:

1. Open a terminal.

2. Run the following code: sudo systemctl enable [YOUR_AGENT_NAME].service

Updating authentication verifier agents

There are three methods to update your authentication verifier agent.

  • When a new verifier agent version has been published, you can update your Agents manually using installation files on the machines on which agents are installed.
  • You can update agents manually by selecting Update Agent (visible only when the Enable Auto Update is not configured and the new version of the Agent is available). While the update is in progress, the State field will display 'Updating'.
  • You can enable the auto update feature. The target verifier agent updates itself as soon as possible when it’s idle.

How to enable automatic Authentication Verifier Agent updates
  1. From the main menu, select Agents > Manage Verifiers.
  2. Next to the relevant agent, select the Command drop-down, then Enable Auto Update.

Installing multiple authentication verifier agents on Linux

You can install more than one agent in Linux.

Tips

Make sure that you enter a different name for the new agent.

How to install multiple agents on Linux
  1. Open a terminal window.
  2. Create a new folder for the new agent.
  3. Copy the TAR file into the new folder and extract the TAR file
  4. Follow the instructions in Step 2. Installing authentication verifier agent and Step 3. Setting authentication verifier agent as a Linux Service.

Uninstalling authentication verifier agent

You may uninstall verifier agents.

How to uninstall the authentication verifier agent
  1. Open a terminal window.
  2. Run sudo systemctl stop {your-agent-name}.service
  3. Run cd /etc/systemd/system
  4. Run sudo rm {your-agent-name}.service
  5. Run systemctl daemon-reload

This command will stop and delete the verifier agent service. If required, you can delete the related folder.


 
« Back to the Acunetix Support Page