Setting Up the Kenna Agent

Prerequisites

It is recommended that you use a dedicated server or VM to run the Kenna Agent. Please make sure that your firewall rules allow the Kenna Agent to talk to your internal connectors as well as reach out to Kenna.

These scanners are currently supported:

  • Nexpose
  • Nessus
  • Sonatype

Important: The machine must have network access to your scanner and the Kenna Security API.

Recommended specifications:

Operating System

RHEL or derivative (RHEL 7+, CentOS 7+, Fedora 28+)

RAM

1-2 GB

Number of CPUs

1-2

Disk size

20 GB, encrypted

Note: HTTP/S proxying is supported. Refer to the Proxy for Agent section.

Windows server-based installs are not supported at this time. If you are interested, please let us know.

Important: When using a proxy or firewall, you will need to whitelist the following addresses:

  • api.kennasecurity.com
  • packages.kennasecurity.com
  • app.kennasecurity.com

Install the Agent

Tip: You can execute the commands as Root if you do not wish to use sudo.

In the Command Prompt, create a new "kenna.repo" file using

$ sudo touch /etc/yum.repos.d/kenna.repo

Edit the newly created kenna.repo file; enter and save the following content:

[kennasecurity]
name=Kenna Security
baseurl=https://packages.kennasecurity.com/rpm/
enabled=1
gpgkey=https://packages.kennasecurity.com/rpm/kenna_security_packages.gpg.public
repo_gpgcheck=1
gpgcheck=0


Next, you are ready to begin the install process. Based on your OS, enter the appropriate command. 

Fedora 28+

$ sudo dnf install kenna-agent

RHEL 7+, CentOS 7+

$ sudo yum install kenna-agent

When prompted, enter "y" to confirm to accept the key.

Enter "y" again to confirm to download the agent.

Connector Setup

You must first select a connector if you have no existing connector before proceeding with the connector setup.  Log in to your Kenna Account, click the Connectors tab to select a connector. 

Once you have selected a connector, the connector-specific setup page opens as shown below. Connector_Setup.png

Click the Use Kenna Agent checkbox.

Fill in Username, Password, Host information as well as select the desired Schedule, if not already completed.

Note: You can make changes to your cron as required. Changes to the Schedule change the config snippet as shown. 

Important: The connector ID is blank initially and only populates after the connector is saved.

Agent_Config_Screen.png

Note: All times are in UTC.

Click Save to confirm your changes. 

Important: By clicking Save, the Run and Upload & Run buttons will be disabled.

Any previously set schedule will not work and all new connector runs will be completed using the Kenna Agent.

Configure the Agent

Note: A connector must be added, as shown in the pervious section, before proceeding configuring the agent.

Important: You require your Kenna API token to configure and use the Kenna Agent.

Log into Kenna and navigate to API keys menu option.

Locate your API key and click the Copy button to copy the API token.

 

Edit the "/etc/kenna-agent/kenna-agent.toml" file. 

In the kenna-agent.toml file, complete and save the following information:

Item

What to Enter
token

Paste in the API token.
id

Enter the connector ID.

Tip: To locate your connector ID, select the connector in the Connectors tab. In the Details page that displays, highlight and copy the Connector ID.
type

Enter the connector type such as “nexpose”, “nessus”.
url

Enter the scanner URL (protocol + host + port).
username

Enter the scanner credentials.
password
schedule

Enter a cron job schedule using the “min hr dom mon dow” format.

Important: Time is interpreted in UTC.

Start and Enable the Agent

Once installation is complete, you are ready to run the agent. Enter to start the agent.

$ sudo systemctl start kenna-agent

In the Command Prompt, enter "kenna-agent check" to check the configuration details of the Kenna Agent. Use this command to troubleshoot issues by reviewing the Check Summary.

KennaAgentCheckSummary.png

Updating the Agent

When a new version is available, you can upgrade/update the Kenna Agent using the appropriate command for your OS:

Fedora 28+

$ sudo dnf update kenna-agent

RHEL 7+, CentOS 7+

$ sudo yum update kenna-agent

When an update or upgrade is available, running the info kenna-agent command results in system notification detailing the current version and the new version that is available.

Fedora 28+

$ sudo dnf info kenna-agent 

RHEL 7+, CentOS 7+

$ sudo yum info kenna-agent 

Proxy for Agent

When a proxy is used, the agent is capable of working with HTTP and HTTPS settings. 

In the command prompt, enter the following command: 

$ sudo systemctl edit kenna-agent.service

In the editor, create/add an environment variable override.

Note: For different proxy settings, multiple environment variables can be added.

[Service]
Environment=HTTPS_PROXY=https://myproxy:4566(replace the URL with your proxy)
Environment=HTTP_PROXY=https://myproxy:4566


Enter the following command to restart the Kenna Agent.After adding or creating the variables, save the changes and exit the editor.

$ sudo systemctl restart kenna-agent.service 

Helpful commands

Start agent:

$ sudo systemctl start kenna-agent

Enable agent:

$ sudo systemctl enable kenna-agent

Stop agent:  

$ sudo systemctl stop kenna-agent

Agent process status:

$ sudo systemctl status kenna-agent

Check config details:

$ kenna-agent check 

 

 

Powered by Zendesk