Install FireEye on Linux


Table of contents

FireEye is a new Endpoint Detection and Response (EDR) system that is replacing the usage of traditional anti-virus software on campus. It will be required on all University-owned computers by June 30th, 2021.

FireEye runs on Windows, Mac and Linux. FireEye is for University-owned machines only.

Install FireEye on Linux

NOTE: Other third-party antivirus programs must be uninstalled before installing FireEye. Specific install instructions may vary depending on the distribution of Linux in use.

  1. Go to the FireEye software installer on Terpware.
    • To access this page, you must log in with your university credentials.
  2. Download, unzip, unarchive the install file linked below (named similar to IMAGE_HX_AGENT_LINUX_xx.xx.x.tgz).
    • This should show several different distribution and version specific Linux install packages as well as a file named agent_config.json.
  3. Install the appropriate package for your distribution and version of Linux.
    • Usually this will place things in /opt/fireeye, if not, adjust the following commands as needed.
  4. Initialize the agent with the config file: sudo /opt/fireeye/bin/xagt -i /path/to/agent_config.json
  5. Start the agent: sudo systemctl start xagt
    • It may be sudo service xagt start for some distributions and versions of Linux.
  6. Set the agent to start on reboot: sudo systemctl enable xagt
    • This step may not be necessary for some distributions and versions of Linux.

Email itsec-consulting@umd.edu to get more information regarding installing the agent on Linux. At this time, we recommend installing the agent only on Linux desktop machines and to contact us for assistance with testing before installing on Linux server machines.

Top

Verify install

  1. After installing the agent you should be able to verify if it is running by typing the following into a terminal window: ps -ef | grep xagt
  2. You should see some processes listed including one named xagt.
  3. You can verify the version running via the following command: /opt/fireeye/bin/xagt -v

Top

Information collected by FireEye agents

As part of the FireEye agent's endpoint detection and response capabilities, the agent will collect information when an alert is triggered for remediation purposes.

Information collected may include agent event data, list of running processes, event or system log data, file system data, network data, system information data or other relevant elements.

Top