Prerequisites
It is recommended that you use a dedicated server or VM to run the Kenna Agent. Please make sure that your firewall rules allow the Kenna Agent to talk to your internal connectors as well as reach out to Kenna.
These scanners are currently supported:
- Nexpose
- Nessus
- Sonatype
Recommended specifications:
|
Operating System |
RHEL or derivative (RHEL 7+, CentOS 7+, Fedora 28+) |
|
RAM |
1-2 GB |
|
Number of CPUs |
1-2 |
|
Disk size |
20 GB, encrypted |
Important: The machine must have network access to your scanner and the Kenna Security API.
Note: HTTP/S proxying is supported. Refer to the Proxy for Agent section.
Windows server-based installs are not supported at this time. If you are interested, please let us know.
Install the Agent
Tip: You can execute the commands as Root if you do not wish to use sudo.
In the Command Prompt, create a new "kenna.repo" file using
$ sudo touch /etc/yum.repos.d/kenna.repo
Edit the newly created kenna.repo file; enter and save the following content:
[kennasecurity]
name=Kenna Security
baseurl=https://packages.kennasecurity.com/rpm/
enabled=1
gpgkey=https://packages.kennasecurity.com/rpm/kenna_security_packages.gpg.public
repo_gpgcheck=1
gpgcheck=0
Next, you are ready to begin the install process. Based on your OS, enter the appropriate command.
Fedora 28+
$ sudo dnf install kenna-agent
RHEL 7+, CentOS 7+
$ sudo yum install kenna-agent
When prompted, enter "y" to confirm to accept the key.
Enter "y" again to confirm to download the agent.
Configure the Agent
Important: You require your Kenna API token to configure and use the Kenna Agent.
Log into Kenna and navigate to API keys menu option.
Locate your API key and click the Copy button to copy the API token.
Edit the "/etc/kenna-agent/kenna-agent.toml" file.
In the kenna-agent.toml file, complete and save the following information:
| Item |
What to Enter |
| token |
Paste in the API token. |
| id |
Enter the connector ID. Tip: To locate your connector ID, select the connector in the Connectors tab. In the Details page that displays, highlight and copy the Connector ID. |
| type |
Enter the connector type such as “nexpose”, “nessus”. |
| url |
Enter the scanner URL (protocol + host + port). |
| username |
Enter the scanner credentials. |
| password | |
| schedule |
Enter a cron job schedule using the “min hr dom mon dow” format. Important: Time is interpreted in UTC. |
Start and Enable the Agent
Once installation is complete, you are ready to run the agent. Enter to start the agent.
$ sudo systemctl start kenna-agent
In the Command Prompt, enter "kenna-agent check" to check the configuration details of the Kenna Agent. Use this command to troubleshoot issues by reviewing each component.
Updating the Agent
When a new version is available, you can upgrade/update the Kenna Agent using the appropriate command for your OS:
Fedora 28+
$ sudo dnf update kenna-agent
RHEL 7+, CentOS 7+
$ sudo yum update kenna-agent
When an update or upgrade is available, running the info kenna-agent command results in system notification detailing the current version and the new version that is available.
Fedora 28+
$ sudo dnf info kenna-agent
RHEL 7+, CentOS 7+
$ sudo yum info kenna-agent
Proxy for Agent
When a proxy is used, the agent is capable of working with HTTP and HTTPS settings.
In the command prompt, enter the following command:
$ sudo systemctl edit kenna-agent.service
In the editor, create/add an environment variable override.
Note: For different proxy settings, multiple environment variables can be added.
[Service]
Environment=HTTPS_PROXY=https://myproxy:4566(replace the URL with your proxy)
Environment=HTTP_PROXY=https://myproxy:4566
Enter the following command to restart the Kenna Agent.After adding or creating the variables, save the changes and exit the editor.
$ sudo systemctl restart kenna-agent.service
Helpful commands
Start agent:
$ sudo systemctl start kenna-agent
Enable agent:
$ sudo systemctl enable kenna-agent
Stop agent:
$ sudo systemctl stop kenna-agent
Agent process status:
$ sudo systemctl status kenna-agent
Check config details:
$ kenna-agent check