Installing the Protect Agent on Linux as a Systemd service



1. Download the rpm from https://console.tph.io or execute `curl https://updates.percol8.co.za/protect/protectrelay-2.7-5.noarch.rpm' from the Linux machine. 

2. Once the RPM is on the Linux machine, execute `yum/dnf install protectrelay-2.7-5.noarch.rpm' to install the RPM.

3. Once installed enable and start the service by executing the commands below:


systemctl enable protect
systemctl start protect



Once started, you can edit and configure the cfg.properties file.



How to configure Protect Agent cfg.properties



To set up the Protect Agent, you will need to configure the cfg.properties file.


Linux command = vi /protect/conf/cfg.properties


The file contains the following:


Variable meanings:


Variable
Description
Required
server
This is the Protect IPs of 41.79.180.180 / 41.79.181.181
Specify both IPs separated by a comma, eg, 41.79.180.180,41.79.181.181
Yes
token
This is your network token configured in Protect (This links your Protect to the Protect Agent). You will find this by editing your relevant Network.
Yes
local_dns
This should be set to upstream DNS servers, eg, 8.8.8.8
Yes
local_domian
This is the local domain if the Agent is running a windows server.
No
listen_ip
If installed on the AD server, the listen IP would need to be specified. If not, leave it as 0.0.0.0No
run_mapper
Used for Active Directory integration.No

query_cache_ttl
Protect has 300 seconds cache for a query result from its policy server. You can set a number between 0 and 3600 seconds. If you increase the value, it will reduce the traffic to your policy server but your filtering policy change will be reflected after the cache expired.
Yes

use_https_dns

No
use_https_query

With this option enabled, Protect will do its policy queries over HTTPS

Yes

radius_acct_port
The port to which you receive RADIUS accounting requests. We use UDP/1813 at default.
No

radius_shared_secret
Shared secret string for your Wi-Fi router to communicate with Protect.No

radius_enable_logout
Destroy user login session when the status type of an accounting request is 'Stop'.
No

use_radius
Run RADIUS account server.No


Once complete, restart the service by executing `systemctl restart protect`