Automating AppDefense Guest module on Linux systems
You can install AppDefense Guest Module on the supported Linux system. The installation of AppDefense Guest Module installs the AppDefense package, Guest Introspection package, and the netfilter dependencies.
Guest Introspection is a service that is deployed to offload security functions to a dedicated security appliance on each host. As a result, Guest Introspection removes the need for an antivirus agent within the guest operating system.
Recently I was tasked to install AppDefense guest module on handful number of Linux servers. There are numerous ways to automate the installation of AppDefense guest module package depending upon the tools you have. I wrote below PowerShell script to automate the package installation on each AppDefense supported Linux systems.
This script requires VMware Tools or open-vm-tools to be installed & running inside guest OS. Also an input file with the list of VMs on which package has to be installed.
Write-Host "Enter the vCenter you wish to connect to:" -ForegroundColor Yellow $vcenter = Read-Host $vc_creds = Get-Credential -Message "Please enter the vCenter Admin Credentials" Try{ Connect-VIServer $vcenter -Credential $vc_creds -ErrorAction Stop | Out-Null } catch{ Write-Host $Error[0] -ForegroundColor Red break } $file = Read-Host "Enter text File complete Path" $list = Get-Content $file $vms = Get-VM $list Write-Host "Starting AppDefense Installation. Please enter the Linux VM root Credentials" -ForegroundColor Yellow Start-Sleep -Seconds 2 $os_creds = Get-Credential -Message "Enter the Linux VM Guest OS root Credentials" $installed = @() $poweredoff = @() $failedvm = @() $i = 0 $InstallScript = 'curl -s https://appd-dl.vmware.com/repository/linux-guest-install.sh | sudo bash' $QueryScript = '/etc/init.d/vmw_glxd status' foreach($vm in $vms){ $i++ Write-Progress -activity "Configuring AppDefense. This will take some time. . ." -status "Configuring: $i of $($vms.Count)" -percentComplete (($i / $vms.Count) * 100) if($vm.PowerState -eq "PoweredOn"){ $QueryResult = Invoke-VMScript -VM $vm -ScriptText $QueryScript -ScriptType bash -GuestCredential $os_creds -ErrorAction Continue if($QueryResult.Contains("AppDefense is running")){ } else{ $InstallResult = Invoke-VMScript -VM $vm -ScriptText $InstallScript -ScriptType bash -GuestCredential $os_creds -ErrorAction Continue $installedvm = @{Name=$vm} $installedObj = New-Object PSObject -Property $installedvm $installed += $installedObj $ExitCode = $InstallResult.ExitCode } } } Write-Progress -Activity "Configuring AppDefense. This will take some time. . ." -Status "Ready" -Completed