Nuix Adaptive Security endpoint agent management
This section describes the administrative agent management tasks and information.
The agent stores data in the Digital Behavior Recorder (DBR) on disk and collects events and survey information. The Endpoint agent is deployed to endpoints to collect data, perform actions, process rules, and send data back to the Endpoint server.
Uninstall agents
This section describes how to uninstall the agent for Windows, Mac, and Linux operating systems.
Uninstall the windows agent
Uninstalling the Windows agent will delete all files. Use the following command to manually uninstall the agent:
-u <Name_of_Installer>
Uninstall the Mac agent
Uninstalling the Mac agent will delete all files. Use the following command to manually uninstall the agent (and KEXT):
sudo /Library/Nuix/Endpoint/uninstaller.sh
Uninstall the Linux agent
Uninstalling the Linux agent will delete all files. Use the following command to manually uninstall the agent:
sudo /opt/nuix/endpoint/uninstaller.sh
Agent file locations
This section describes the agent file locations for Windows, Mac, and Linux operating systems.
Windows agent file locations
The installer puts the agent file in the following directories:
Install Directory
%ProgramFiles%NuixAdaptiveSecurity\
Data Directory
%ProgramFiles%NuixAdaptiveSecurity\Data
Mac agent file locations
The installer puts the agent file in the following directories:
/Library/Nuix/Endpoint
This file location contains the agent executable ("NuixAS"), data files, uninstaller, and the kernel extension ("NuixASDriver.kext").
/Library/LaunchDaemons
On a macOS machine, services such as the agent are controlled by a system daemon named “launchd.” This system daemon starts the services as a system startup using the property list file, which the installer places in the following location: /Library/LaunchDaemons. This system monitors the agent and restarts it in the event of a crash.
To test launchd, terminate the agent process by entering one of the following in the command line:
sudo pkill NuixAS
or
sudo launchctl kill TERM system/com.nuix.NuixAS
If functioning properly, the agent daemon restarts almost immediately. The log file shows the agent terminating and restarting.
/etc/newsyslog.d
A log rotation config file ("com.nuix.NuixAS.conf") is placed in this directory. By default, the agent writes a log file to "/var/log/nuix/NuixAS.log", which can be changed by the server. The log is a plain text file. Use a command line text utility, such as cat, tail, or grep to view the log file. A typical log entry looks like the following:
2019-03-27_16:09:59.384670 INFO TID:0xb0192 C:00000000 P:16505 [475]:Service (NuixAS) starting, version: 2.0.0-423
Each log entry starts with a timestamp, then a severity (listed as info, warn, or error), a thread ID, an error code (hex), a process ID (PID), and then the message.
The OS rotates the log files to keep their size down, according to the configuration file. The log files are in the installer in the following directory "/etc/newsyslog.d/com.nuix.NuixAS.conf". This file tells the log rotator to create a new log file whenever the old one reaches 6 MB. The old logs are compressed and up to five logs are maintained.
Linux agent file locations
The installer puts the Linux agent file in the following directories. These directories are configurable during installation by modifying the .run script.
/opt/nuix/endpoint
This file contains the agent executable (nuixas) and the uninstaller.
/var/opt/nuix/data
This file contains the agent data including DBR and comms queues.
/lib/systemd/system/nuixsas.service
This file contains the systemd service configuration file. The Linux agent is controlled by a system daemon called “systemd.” Systemd starts the agent at system startup, monitors the agent, and restarts the agent in the event of a system crash.
Etc/logrotate.d/nuixAS.conf
This file contains the log rotation configuration file.