Installing the Protect Agent on Linux as a Systemd service
1. Download the rpm from https://console.tph.io or execute `curl https://updates.percol8.co.za/protect/protectrelay-2.7-5.noarch.rpm' from the Linux machine.
2. Once the RPM is on the Linux machine, execute `yum/dnf install protectrelay-2.7-5.noarch.rpm' to install the RPM.
3. Once installed enable and start the service by executing the commands below:
| systemctl enable protect systemctl start protect |
Once started, you can edit and configure the cfg.properties file.
How to configure Protect Agent cfg.properties
To set up the Protect Agent, you will need to configure the cfg.properties file.
Linux command = vi /protect/conf/cfg.properties
The file contains the following:
Variable meanings:
| Variable | Description | Required |
| server | This is the Protect IPs of 41.79.180.180 / 41.79.181.181 Specify both IPs separated by a comma, eg, 41.79.180.180,41.79.181.181 | Yes |
| token | This is your network token configured in Protect (This links your Protect to the Protect Agent). You will find this by editing your relevant Network. | Yes |
| local_dns | This should be set to upstream DNS servers, eg, 8.8.8.8 | Yes |
| local_domian | This is the local domain if the Agent is running a windows server. | No |
| listen_ip | If installed on the AD server, the listen IP would need to be specified. If not, leave it as 0.0.0.0 | No |
| run_mapper | Used for Active Directory integration. | No |
query_cache_ttl | Protect has 300 seconds cache for a query result from its policy server. You can set a number between 0 and 3600 seconds. If you increase the value, it will reduce the traffic to your policy server but your filtering policy change will be reflected after the cache expired. | Yes |
use_https_dns | No | |
| use_https_query | With this option enabled, Protect will do its policy queries over HTTPS | Yes |
radius_acct_port | The port to which you receive RADIUS accounting requests. We use UDP/1813 at default. | No |
radius_shared_secret | Shared secret string for your Wi-Fi router to communicate with Protect. | No |
radius_enable_logout | Destroy user login session when the status type of an accounting request is 'Stop'. | No |
use_radius | Run RADIUS account server. | No |
Once complete, restart the service by executing `systemctl restart protect`