Deploying ThreatLockDown agents on AIX endpoints

The agent runs on the endpoint you want to monitor and communicates with the ThreatLockDown server, sending data in near real-time through an encrypted and authenticated channel.

The deployment of a ThreatLockDown agent on an AIX system uses deployment variables that facilitate the task of installing, registering, and configuring the agent.

Note

You need root user privileges to run all the commands described below.

  1. To start the deployment process, download the AIX installer.

  2. To deploy the ThreatLockDown agent to your endpoint, edit the WAZUH_MANAGER variable so that it contains the ThreatLockDown manager IP address or hostname.

    # WAZUH_MANAGER="10.0.0.2" rpm -ivh wazuh-agent-4.9.0-1.aix.ppc.rpm

    For additional deployment options such as agent name, agent group, and registration password, see Deployment variables for AIX section.

    Note

    Alternatively, if you want to install an agent without registering it, omit the deployment variables. To learn more about the different registration methods, see the ThreatLockDown agent enrollment section.

  3. To complete the installation process, start the ThreatLockDown agent.

    # /var/ossec/bin/wazuh-control start

The deployment process is now complete, and the ThreatLockDown agent is successfully running on your AIX endpoint.

Uninstall a ThreatLockDown agent

To uninstall the agent, run the following command:

# rpm -e wazuh-agent

Some files are not removed from the filesystem by the package manager. If you want to completely remove all files, delete the /var/ossec folder.

The ThreatLockDown agent is now completely removed from your AIX system