Installing the Quantum IoT Protect Nano Agent

Prerequisites

• An IoT device that runs on Linux OS.

• Make sure your IoT device:

  • Has the system utilities listed in Shell Utilities Requirements.

  • Meets the library requirements in Libraries Requirements.

  • Has the directories listed in Directories Requirements.

• You must be a root user on the IoT device.

• Nano Agent installation package (CheckPoint-Nano-Agent-DDMMYY.sh), where DDMMYY is the release date of the installation package.

  Note - Contact your Check Point representative to ensure that your IoT device supports the installation of the Quantum IoT Protect Nano Agent and to get the installation package.

Agent Installation

The installation package CheckPoint-Nano-Agent-DDMMYY.sh is a self-extracting archive that contains these files:

• General installation script - install-cp-nano-combined.sh

• Nano Agent installer - install-cp-nano-wlp-standalone.sh

• Workload Protection installer - install-workload-protection.sh

The package includes additional database files compatible with specific firmware, which remain unused until later in the integration. To apply CFI protection, the protection file in the installation package must match the SHA256 hash of the firmware file (executable or library). These files are called hash files in this document.

To install the Quantum IoT Protect Nano Agent on the IoT device:

1. Connect to the command line on the IoT device as the root user.

2. Assign the execute permission to the installation script:

   chmod u+x CheckPoint-Nano-Agent-DDMMYY.sh

3. Optionally, to change the default (root) installation directory, run the command below. Otherwise, skip the step to install the agent in the root directory - /.

   export BASEDIR=<path>

   where <path> is the path to the required directory.

4. Run the installation script with this command:

   CheckPoint-Nano-Agent-DDMMYY.sh --install --offline_mode [--max-log-size-kb <Size>] [--max-log-rotation <Number>]

   Note - Add sudo at the beginning if you are not running as root.

   The table below provides descriptions of the installation script parameters:

   Parameter	Description
   --install	Starts the installation
   --offline_mode	Installs the Nano Agent and its components in the offline mode (Standalone mode)
   --max-log-size-kb <Size>	Optional. Specifies the maximum size of the script’s log file, in kilobytes. When the active log file reaches the specified size, the system renames (rotates) the current log file and creates a new active log file Default: 4096
   --max-log-rotation <Number>	Optional. Specifies how many rotated log files to keep. When the number of the rotated log files reaches the specified number, the system deletes the oldest log file Default: 10

5. Reboot the IoT device.

Agent Removal

To uninstall the Quantum IoT Protect Nano Agent from the IoT device:

1. Connect to the command line interface on the IoT device.

2. Run:

   cpnano --uninstall [-y]

3. Reboot the IoT device.

   The Nano Agent and its components are uninstalled from the device.