Agent stand-alone Installation

Introduction

The Stealthium Guest Agent can be installed on it's own to look at the data that it collects. It can't connect to the larger Stealthium ecosystem on it's own, so it is limited, but provides a way to evaluate the types of information Stealthium can gather. Much of the power of Stealthium is in correlation of events across guests and systems, a single agent only provides a small part of that picture.

Installation

Install the Debian package:

sudo dpkg -i stealthium-agent.deb

If there are dependency issues, resolve them:

sudo apt-get install -f

Start the service:

sudo systemctl start stealthium-agent

Check the status:

sudo systemctl status stealthium-agent

Enable the service to start on boot (optional):

sudo systemctl enable stealthium-agent

Examining the data

The Stealthium Agent in demo mode prints the Hyperprints to standard out which get captured by journald. You can evaluate what it has captured by using some of these examples.

View the last ten events:

journalctl -n 10 -u stealthium-agent --no-pager

Stream all CUDA events:

journalctl -f -u stealthium-agent | grep CudaEvent

Watch all DNS events in a pretty printed format (using jq):

journalctl -f -u stealthium-agent --output json | jq -r '
    .MESSAGE | fromjson | select(.type == "DnsEvent")
'

Introduction​

Installation​

Examining the data​

Introduction

Installation

Examining the data