Installing Authentication Verifier Agent on Linux in Acunetix 360 (RedHat Distribution)
You can download and install authentication verifier agents to verify that you run authenticated scans in your local environment.
- In order to scan a website located on your internal network, and not accessible from the internet, you can install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Acunetix 360.
- If the website that you scan requires a form authentication, you can download and configure an internal verifier agent. This internal agent performs the authentication so that you can run authenticated scanning in your network.
To install the authentication verifier agent on the Linux operating system, you must install some dependencies on the system, such as .NET, Mono. Mono is a software platform designed to allow developers to easily create cross-platform applications that become part of the .NET Foundation.
This topic explains how to install, update, and uninstall authentication verifier agents on Linux (RedHat). Using Windows? See Installing Authentication Verifier Agents. For the Debian distributions, see Installing Authentication Verifier Agent on Linux (Debian Distribution).
Tips The Authentication Verifier Agent is an optional component. Download and install the authentication verifier agent if you need to scan websites with form or basic authentication or OAuth2. The authentication verifier agents also work for the Authentication Profiles, Custom Scripts for Form Authentication, and CyberArk Vault and HashiCorp Vault. |
Downloading and configuring authentication verifier agent
There are 3 steps in this process:
- Downloading an authentication verifier agent
- Installing an authentication verifier agent
- Setting an authentication verifier agent as a Linux Service
Warning This instruction is valid for the authentication verifier agents 2.0.2.134 or newer versions. If you have older versions, it is strongly recommended that you delete the older versions and reinstall the newer verifier agents. |
Prerequisites
Hardware Requirements
- 1.4 GHz Processor (2.0 GHz or faster recommended)
- 2 GB RAM (4 GB or higher recommended)
- 10 GB Free Disk space for each internal agent
Network Requirements
- The Agent should be configured so that it can reach your internal website through HTTP/HTTPS.
- The Agent needs to be able to access the Acunetix 360 Authentication Verifier Service Server's HTTP(S) (443) port.
Required Access
- User(s) must have administrator privileges to run the required commands.
Step 1. Downloading authentication verifier agent
You need to download the installation files of the authentication verifier agent.
How to download the authentication verifier agent
- Log in to Acunetix 360.
- From the main menu, go to Agents > Manage Agents > Configure New Agent.
- From the Authentication Verifier section, select Linux to download the required files to install the verifier agent.
Step 2. Installing authentication verifier agent
Once you download the required file, you can install an Acunetix 360 verifier agent in your environment.
How to Install an Acunetix 360 Verifier Agent
- Open a terminal window.
- Install the dependent packages (Ignore this step for Fedora distribution):
sudo yum install -y epel-release |
- Update operating system application repositories:
sudo yum update -y |
- Install the dependent packages:
sudo yum install p7zip p7zip-plugins sudo yum install -y nano tar gssntlmssp mono-complete libgdiplus |
- Next, install .NET Core 3.1 SDK for Linux OS:
Information If you've already installed the SDK or runtime, use the dotnet --list-sdks and dotnet --list-runtimes commands to see which versions are installed. |
CentOS 8, Fedora 32, Fedora 33:
sudo yum install -y dotnet-sdk-3.1 |
CentOS 7:
sudo rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpm |
- Create folder for Acunetix 360 Verifier dependency:
sudo mkdir -p /home/[YOUR_USER]/.local/share/Netsparker_Ltd sudo chown -R [YOUR_USER] /home/[YOUR_USER]/.local/share |
Information [YOUR_USER] in the 5th step must be the same as [YOUR_USER] in the unit file described later in this article. |
- Install the Headless Chrome browser dependencies:
sudo yum install -y pango.x86_64 libXcomposite.x86_64 libXcursor.x86_64 libXdamage.x86_64 libXext.x86_64 libXi.x86_64 libXtst.x86_64 cups-libs.x86_64 libXScrnSaver.x86_64 libXrandr.x86_64 GConf2.x86_64 alsa-lib.x86_64 atk.x86_64 gtk3.x86_64 xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic libX11-xcb.so.1 libnss3.so xorg-x11-fonts-Type1 xorg-x11-fonts-misc |
- Next, extract the TAR file:
To extract the authentication verifier agent, run the following commands:
tar xf Acunetix_360_Verifier_Agent.tar chmod +x .local-chromium/Linux-*/chrome-linux/chrome |
Open appsettings.json file via any text editor you prefer, for example:
sudo nano appsettings.json |
These settings will be used by the scan agent:
- AgentName: This can be anything you want. This text will be displayed when you are starting a new scan. (If you are going to install more than one instance of the agent, you must set a unique agentName value for each instance, something you will use later.)
- AgentType: This can be Standard.
- ApiToken: In Acunetix 360, the Agent Token is displayed in the Configure New Agent window. Copy the value into the apiToken.
Warning
|
Setting proxy in authentication verifier agent
You can set a proxy for the authentication verifier agent in Acunetix 360. You are required to manually enter proxy settings to the appsettings.json file with your preferred text editor.
Acunetix 360 supports Basic Authentication but not Digest and NTLM.
Field | Description |
Proxy Mode | Enter your proxy settings if you want the Agent to use or not to use the proxy. There are three modes:
|
Use Default Credentials | Enter true if you authenticate to the proxy via the user that the Agent service is defined. |
Username | Enter a username for authentication |
Password | Enter a password for authentication |
Domain | Enter a domain name |
Address | Enter a proxy address. Only IP address or hostname without schema and port is allowed. |
Port | Enter a port for the proxy |
Bypass on Local | Enter a value that indicates whether to bypass the proxy server for local addresses. |
Bypass List | Enter the address(es) that do not use the proxy server. Enter address(es) as RegEx. |
Using Proxy Auto-Configuration file
You can use Proxy Automatic Configuration (PAC) to configure your proxy. A PAC file lets you describe the proxy configuration in a file using JavaScript, so you can manage your proxy settings effortlessly.
Information To use a PAC file, you must set the Proxy Mode to System Proxy in the appsetting.json file. |
How to use a Proxy Auto-Configuration file in Linux
- Go to Settings > Network > Network Proxy.
- From the Network Proxy window, select Automatic.
- In the Configuration URL field, enter the PAC file's URL address.
- Close the window.
Step 3. Setting authentication verifier agent as a Linux Service
When you install an internal authentication verifier agent, you need to set it as a Linux service. So, the verifier agent can poll the Acunetix 360 servers regularly and can take the initiation command from the server.
You can complete this process in three steps:
Add a unit file for an Acunetix 360 Agent
- Open a terminal
- cd /etc/systemd/system
- sudo touch [YOUR_AGENT_NAME].service
- sudo nano [YOUR_AGENT_NAME].service
Information The AgentName in the appsetting.json file and the unit file name for the agent must have the same name. |
- Add the following script into [YOUR_AGENT_NAME].service
[Unit] Description=acunetix.service description [Service] Type=notify KillMode=process Restart=always RestartSec=30 SyslogIdentifier=[YOUR_USER] KillSignal=SIGINT User=[YOUR_USER] WorkingDirectory= [YOUR_AGENT_DIRECTORY_PATH] ExecStart=/usr/bin/dotnet [YOUR_AGENT_DIRECTORY_PATH]/Acunetix.Cloud.Agent.dll [Install] WantedBy=multi-user.target |
Information The [YOUR_USER] in the unit file must be the same as [YOUR_USER] that you entered while installing the verifier agent. |
Save and close the document.
Configure Sudoers for an Acunetix 360 Agent
- sudo cd /etc/sudoers.d
- sudo touch [YOUR_AGENT_NAME]-systemctl
- sudo visudo -f [YOUR_AGENT_NAME]-systemctl
- Add the following script into [YOUR_AGENT_NAME]-systemctl
- [YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl start [YOUR_AGENT_NAME].service
- [YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl stop [YOUR_AGENT_NAME].service
Save and close the document.
Start Acunetix 360 Agent as a Linux Service
- sudo systemctl daemon-reload
- sudo systemctl start [YOUR_AGENT_NAME].service
You can now check the status of the connection between Acunetix 360 and the authentication verifier agent. From the Agents menu, select Manage Verifiers.
Updating authentication verifier agents
There are three methods to update your authentication verifier agent.
- When a new verifier agent version has been published, you can update your Agents manually using installation files on the machines on which agents are installed.
- You can update agents manually by selecting Update Agent (visible only when the Enable Auto Update is not configured and the new version of the Agent is available). While the update is in progress, the State field will display 'Updating'.
- You can enable the auto update feature. The target verifier agent updates itself as soon as possible when it’s idle.
How to enable automatic Authentication Verifier Agent updates
- From the main menu, select Agents > Manage Verifiers.
- Next to the relevant agent, select the Command drop-down, then Enable Auto Update.
Installing multiple authentication verifier agents on Linux
You can install more than one agent in Linux.
Tips Make sure that you enter a different name for the new agent. |
How to Install Multiple Agents on the Same Operating System
- Open a terminal window.
- Create a new folder for the new agent.
- Copy the TAR file into the new folder, and extract the TAR file
- Follow the instructions in Step 2. Installing authentication verifier agent and Step 3. Setting authentication verifier agent as a Linux Service.
Uninstalling authentication verifier agent
You may uninstall verifier agents.
How to uninstall the authentication verifier agent
- Open a terminal window.
- Run sudo systemctl stop {your-agent-name}.service
- Run cd /etc/systemd/system
- Run sudo rm {your-agent-name}.service
- Run systemctl daemon-reload
This command will stop and delete the verifier agent service. If required, you can delete the related folder.