How to Install Rudder System Auditing Tool on Debian 10

Rudder is a free and open-source continuous auditing and configuration tool that can be used to automate the IT Infrastructure. It is a web-based and multi-platform solution that makes your IT infrastructure more reliable and easier to manage. It comes with a set of rules that helps you to perform low-level configuration patterns and keep an eye on Infrastructure compliance. It provides a rich set of features including, Automatic host inventory, custom Policy editor, user-friendly web interface, Git backend, autoupdate dynamic groups, reusable policies and many more.

Rudder is made from several components :

  • Rudder Server : It is used to define the configurations to apply and collects application reports.
  • Agents : Rudder relies on an agent installed on each managed machine. It is very fast and takes only 10 seconds to verify 100 rules. It runs on any kind of devices.
  • Relay Servers : It is used to manage nodes in different networks through a single entry point.

In this tutorial, we will show you how to install Rudder Server and Rudder Agent in Debian 10 server.

Prerequisites

  • Two server running Debian 10.
  • A root password is configured on each server.

Getting Started

Before starting, it is a good idea to update your system with the latest version. You can update your system with the following command:

apt-get update -y
apt-get upgrade -y

After updating the system, restart it to implement the changes.

Install Rudder Server

Before installing the Rudder server, you will need to install some dependencies in your system. You can install all the required dependencies using the following command:

apt-get install apt-transport-https ca-certificates wget dirmngr gnupg software-properties-common -y

Once the packages are installed, you will need to download and add the Rudder public key to your server.

You can download and add it with the following command:

wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | apt-key add -

Next, add the Rudder repository using the following command:

sh -c 'echo "deb http://repository.rudder.io/apt/6.0/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list'

Finally, update the repository and install the Rudder server by running the following command:

apt-get update -y
apt-get install rudder-server-root -y

During installation, you will be asked to Configure database for rsyslog-pgsql with dbconfig-common as shown below:

Configure rsyslog for postgres

Choose No and hit enter to start the installation. Once the installation has been completed successfully, you should see the following output:

You can access it via https://debian10/rudder

INFO: Launching script to check if a migration is needed ...
Done
INFO: Make sure Rudder webapp is started... Done
INFO: Make sure Apache HTTPd is started... Done
INFO: No disable file detected and no agent executor process either. Restarting agent service...rudder-cf-serverd: enabled
rudder-cf-execd: enabled
ok: stop service rudder-agent succeeded
rudder-cf-serverd: enabled
rudder-cf-execd: enabled
ok: start service rudder-agent succeeded
 Done
INFO: Inventory older than 3 days, resending ...Rudder agent 6.0.2-debian10
Node uuid: root
Start execution with config [20200203-072526-c88cf5a0]

M| State         Technique                 Component                 Key                Message
E| compliant     Inventory                 inventory                                    The inventory has been successfully sent
info     Rudder agent was run on a subset of policies - not all policies were checked

## Summary #####################################################################
1 components verified in 3 directives
   => 1 components in Enforce mode
      -> 1 compliant
Execution time: 11.32s
################################################################################
 Done
FINISH: Rudder agent check ran properly, please look at messages above to see if there has been any error.
Setting up rudder-server-root (6.0.2-debian10) ...
Created symlink /etc/systemd/system/multi-user.target.wants/rudder-server.service → /lib/systemd/system/rudder-server.service.
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for rsyslog (8.1901.0-1) ...

Access Rudder Web Interface

At this point Rudder is installed and running. It's time to access the Rudder web interface.

Open your web browser and type the URL https://your-server-ip/rudder/. You will be redirected to the Rudder login page as shown below:

Rudder login

Provide the default Rudder username and password as admin/admin and click on the SIGN IN button. You should see the Rudder dashboard in the following screen: 

Rudder dashboard

It is recommended to change the default admin password for security reasons. You can also list your allowed networks in Settings => General => Allowed Networks. You should add your network here if you want to add the node from a different network. By default, this will contain your servers attached networks.

Install and Configure Rudder Agent

Next, you will need to install the Rudder Agent on the system that you want to manage from Rudder server.

By default, the Rudder agent is not available in the Debian 10 default repository. So you will need to add the Rudder repository to your system.

First, download and add the Rudder public key with the following command:

wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | apt-key add -

Next, add the Rudder repository with the following command:

sh -c 'echo "deb http://repository.rudder.io/apt/6.0/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list'

Once the repository has been added, update the repository and install the Rudder agent with the following command:

apt-get update -y
apt-get install rudder-agent -y

After installing the Rudder agent, you will need to define your Rudder server IP address in Rudder agent configuration file.

You can do it by editing the following file:

nano /var/rudder/cfengine-community/policy_server.dat

Add the following line:

your-rudder-server-ip

Save and close the file when you are finished. Then, restart the Rudder agent service to implement the changes:

systemctl restart rudder-agent.service

You can now verify the Rudder agent service with the following command:

systemctl status rudder-agent.service

You should get the following output:

? rudder-agent.service - Rudder agent umbrella service
   Loaded: loaded (/lib/systemd/system/rudder-agent.service; enabled; vendor preset: enabled)
   Active: active (exited) since Fri 2020-01-31 08:00:37 UTC; 8min ago
     Docs: man:rudder(8)
           https://docs.rudder.io
 Main PID: 5177 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4701)
   Memory: 0B
   CGroup: /system.slice/rudder-agent.service

Jan 31 08:00:37 debianclient systemd[1]: Starting Rudder agent umbrella service...
Jan 31 08:00:37 debianclient systemd[1]: Started Rudder agent umbrella service.

Verify Rudder Agent

Ruder server and agent are now installed and configured. It's time to verify whether the Rudder agent is added in the Rudder server or not.

Open your web browser and type the URL https://your-server-ip/rudder and click on the Node Management => Accept new nodes as shown below:

Rudder agent installation

Rudder node

Click on the Accept button to accept the new node. You should see the confirmation page shown below:

Accept

Click on the Accept button to accept the new node. You should see your newly added node in the following screen:

Node added successfully

In the above screen, you should see 100% non-compliance for a newly added node. To resolve this, you will need to force the agent to run and send an inventory by running the following command:

rudder agent inventory

You should see the following output:

Rudder agent 6.0.2-debian10 (CFEngine Core 3.10.2)
Node uuid: 20200203-072526-c88cf5a0-8211-8a30bs00ffa9
Start execution with config [30471213-214835-13b4se13]

M| State         Technique                 Component                 Key                Message
E| compliant     Inventory                 inventory                                    The inventory has been successfully sent

## Summary #####################################################################
   => 1 components in Enforce mode
      -> 1 compliant
execution time: 11.27s
################################################################################

Conclusion

In the above article, we learned how to install the Ruder server on Debian 10 server. We also learned how to install the Rudder agent and add it to the Rudder server. You can now add more nodes to your Rudder server and start managing them. For more information about the Rudder configuration, you can visit the Rudder documentation site at Rudder Doc. Feel free to ask me if you have any questions.

Share this page:

0 Comment(s)