Deploy Azure Security Center for IoT C based security agent for Linux

Photo by Louis Reed on Unsplash

If you are planning to use Azure security center for your Linux device, you can install the Azure security center agent on the device by following the steps below.

1. Login to your device. In my case, it is a Virtual machine using ubuntu 18.04. I did a ssh into my machine using below command.

ssh <username>@<ip_of_the_machine>

2. Once logged in to device, you can download the Azure Security Center IoT Agent build/release zip file from here. I have downloaded the C Agent Version 0.0.6 on my Virtual machine.

3. Unzip the tar,gz file using the following command.

tar -xzf ubuntu-18.04-x64.tar.gz

4. It’s time to fire the ASCIoT agent installation commend which is mentioned below.

sudo ./InstallSecurityAgent.sh -aui SecurityModule  -aum SymmetricKey  -f securekey -hn <IotHubName>.azure-devices.net -di <deviceId>-i

Above command line arguments are explained below

• -aui :- It is the type of authentication to be used which can be either SecurityModule or Device authentication. For further details on ASCIoT agent authentication types look here.
• -aum:- This is the Module twin symmetric key. A module twin is added to your device identity in IoT hub. To add a module twin to your device identity in IoT hub follow steps from here. The name of the module twin will be azureiotsecurity.
• -f:- It is the file path where your azureiotsecurity module symmetric key exists. Create one file and paste the symmetric key there.
• -hn:- It is your IoT hub hostname which can be found in the overview section of IoT hub in Azure portal.
• -di:- It is the deviceId of your device identity that exist in IoT hub, if not then create one from Azure portal.

Once above command ran successfully verify that your agent is installed correctly and is in running state usign below command.

systemctl status ASCIoTAgent.service

The output of above command should be like below:-

ASCIoTAgent.service - Azure Security Center for IoT Agent
   Loaded: loaded (/etc/systemd/system/ASCIoTAgent.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-06-14 06:10:43 UTC; 50s ago
 Main PID: 1142 (ASCIoTAgent)
    Tasks: 5 (limit: 9479)
   CGroup: /system.slice/ASCIoTAgent.service
           └─1142 /var/ASCIoTAgent/ASCIoTAgent
Jun 14 06:10:58 asctestvm ASCIoTAgent[1142]: [event_monitor_task.c] collection finished successfully.
Jun 14 06:10:58 asctestvm ASCIoTAgent[1142]: [event_monitor_task.c] Collect process create.
Jun 14 06:10:58 asctestvm ASCIoTAgent[1142]: [process_creation_collector.c] Setting up checkpoint even though process creation run did not finish successfuly.
Jun 14 06:10:58 asctestvm ASCIoTAgent[1142]: [event_monitor_task.c] collection failed.
Jun 14 06:10:58 asctestvm ASCIoTAgent[1142]: [event_monitor_task.c] Collect login.
Jun 14 06:10:58 asctestvm ASCIoTAgent[1142]: [event_monitor_task.c] collection finished successfully.
Jun 14 06:10:58 asctestvm ASCIoTAgent[1142]: [event_monitor_task.c] Collect connection create.
Jun 14 06:10:59 asctestvm ASCIoTAgent[1142]: [connection_create_collector.c] 37 records were filtered.
Jun 14 06:10:59 asctestvm ASCIoTAgent[1142]: [event_monitor_task.c] collection finished successfully.
Jun 14 06:10:59 asctestvm ASCIoTAgent[1142]: [event_monitor_task.c] collection finished successfully.

If this post was helpful, please click the clap 👏 button below a few times to show your support! ⬇⬇