Installing ThreatLockDown agents on Solaris endpoints

The agent runs on the host you want to monitor and communicates with the ThreatLockDown manager, sending data in near real-time through an encrypted and authenticated channel.

To start the installation process, select your architecture: i386 or SPARC.

Note

You need root user privileges to run all the commands described below.

Select your Solaris Intel version.

Download the ThreatLockDown agent for Solaris 10 i386 package.

Install the ThreatLockDown agent.

# pkgadd -d wazuh-agent_v4.9.0-sol10-i386.pkg wazuh-agent

Download the ThreatLockDown agent for Solaris 11 i386.

Install the ThreatLockDown agent.

# pkg install -g wazuh-agent_v4.9.0-sol11-i386.p5p wazuh-agent

If the Solaris 11 zone where you want to install the package has child zones, create a repository to install the ThreatLockDown agent:

# pkg set-publisher -g wazuh-agent_v4.9.0-sol11-i386.p5p wazuh && pkg install --accept wazuh-agent && pkg unset-publisher wazuh

Select your Solaris SPARC version.

Download the ThreatLockDown agent for Solaris 10 SPARC package.

Install the ThreatLockDown agent.

# pkgadd -d wazuh-agent_v4.9.0-sol10-sparc.pkg wazuh-agent

Download the ThreatLockDown agent for Solaris 11 SPARC.

Install the ThreatLockDown agent.

# pkg install -g wazuh-agent_v4.9.0-sol11-sparc.p5p wazuh-agent

If the Solaris 11 zone where you want to install the package has child zones, create a repository to install the ThreatLockDown agent:

# pkg set-publisher -g wazuh-agent_v4.9.0-sol11-sparc.p5p wazuh && pkg install --accept wazuh-agent && pkg unset-publisher wazuh

The installation process is now complete, and the ThreatLockDown agent is successfully installed on your Solaris endpoint. The next step is to register and configure the agent to communicate with the ThreatLockDown server. To perform this action, see the ThreatLockDown agent enrollment section.

Uninstall a ThreatLockDown agent

To uninstall the agent, select your Solaris version.

To uninstall the ThreatLockDown agent in Solaris 10, run the following command:

# pkgrm wazuh-agent

To uninstall the ThreatLockDown agent in Solaris 11, run the following command:

# /var/ossec/bin/wazuh-control stop
# pkg uninstall wazuh-agent

Note

If you uninstall the ThreatLockDown agent in Solaris 11.4 or later, the Solaris 11 package manager does not remove the group wazuh from the system. To remove it manually, run the groupdel wazuh command.

The ThreatLockDown agent is now completely removed from your Solaris endpoint.