How to Install Rudder System Auditing Tool on Debian 10
Rudder is a free and open-source continuous auditing and configuration tool that can be used to automate the IT Infrastructure. It is a web-based and multi-platform solution that makes your IT infrastructure more reliable and easier to manage. It comes with a set of rules that helps you to perform low-level configuration patterns and keep an eye on Infrastructure compliance. It provides a rich set of features including, Automatic host inventory, custom Policy editor, user-friendly web interface, Git backend, autoupdate dynamic groups, reusable policies and many more.
Rudder is made from several components :
- Rudder Server : It is used to define the configurations to apply and collects application reports.
- Agents : Rudder relies on an agent installed on each managed machine. It is very fast and takes only 10 seconds to verify 100 rules. It runs on any kind of devices.
- Relay Servers : It is used to manage nodes in different networks through a single entry point.
In this tutorial, we will show you how to install Rudder Server and Rudder Agent in Debian 10 server.
Prerequisites
- Two server running Debian 10.
- A root password is configured on each server.
Getting Started
Before starting, it is a good idea to update your system with the latest version. You can update your system with the following command:
apt-get update -y
apt-get upgrade -y
After updating the system, restart it to implement the changes.
Install Rudder Server
Before installing the Rudder server, you will need to install some dependencies in your system. You can install all the required dependencies using the following command:
apt-get install apt-transport-https ca-certificates wget dirmngr gnupg software-properties-common -y
Once the packages are installed, you will need to download and add the Rudder public key to your server.
You can download and add it with the following command:
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | apt-key add -
Next, add the Rudder repository using the following command:
sh -c 'echo "deb http://repository.rudder.io/apt/6.0/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list'
Finally, update the repository and install the Rudder server by running the following command:
apt-get update -y
apt-get install rudder-server-root -y
During installation, you will be asked to Configure database for rsyslog-pgsql with dbconfig-common as shown below:
Choose No and hit enter to start the installation. Once the installation has been completed successfully, you should see the following output:
You can access it via https://debian10/rudder INFO: Launching script to check if a migration is needed ... Done INFO: Make sure Rudder webapp is started... Done INFO: Make sure Apache HTTPd is started... Done INFO: No disable file detected and no agent executor process either. Restarting agent service...rudder-cf-serverd: enabled rudder-cf-execd: enabled ok: stop service rudder-agent succeeded rudder-cf-serverd: enabled rudder-cf-execd: enabled ok: start service rudder-agent succeeded Done INFO: Inventory older than 3 days, resending ...Rudder agent 6.0.2-debian10 Node uuid: root Start execution with config [20200203-072526-c88cf5a0] M| State Technique Component Key Message E| compliant Inventory inventory The inventory has been successfully sent info Rudder agent was run on a subset of policies - not all policies were checked ## Summary ##################################################################### 1 components verified in 3 directives => 1 components in Enforce mode -> 1 compliant Execution time: 11.32s ################################################################################ Done FINISH: Rudder agent check ran properly, please look at messages above to see if there has been any error. Setting up rudder-server-root (6.0.2-debian10) ... Created symlink /etc/systemd/system/multi-user.target.wants/rudder-server.service → /lib/systemd/system/rudder-server.service. Processing triggers for libc-bin (2.28-10) ... Processing triggers for rsyslog (8.1901.0-1) ...
Access Rudder Web Interface
At this point Rudder is installed and running. It's time to access the Rudder web interface.
Open your web browser and type the URL https://your-server-ip/rudder/. You will be redirected to the Rudder login page as shown below:
Provide the default Rudder username and password as admin/admin and click on the SIGN IN button. You should see the Rudder dashboard in the following screen:
It is recommended to change the default admin password for security reasons. You can also list your allowed networks in Settings => General => Allowed Networks. You should add your network here if you want to add the node from a different network. By default, this will contain your servers attached networks.
Install and Configure Rudder Agent
Next, you will need to install the Rudder Agent on the system that you want to manage from Rudder server.
By default, the Rudder agent is not available in the Debian 10 default repository. So you will need to add the Rudder repository to your system.
First, download and add the Rudder public key with the following command:
wget --quiet -O- "https://repository.rudder.io/apt/rudder_apt_key.pub" | apt-key add -
Next, add the Rudder repository with the following command:
sh -c 'echo "deb http://repository.rudder.io/apt/6.0/ $(lsb_release -cs) main" > /etc/apt/sources.list.d/rudder.list'
Once the repository has been added, update the repository and install the Rudder agent with the following command:
apt-get update -y
apt-get install rudder-agent -y
After installing the Rudder agent, you will need to define your Rudder server IP address in Rudder agent configuration file.
You can do it by editing the following file:
nano /var/rudder/cfengine-community/policy_server.dat
Add the following line:
your-rudder-server-ip
Save and close the file when you are finished. Then, restart the Rudder agent service to implement the changes:
systemctl restart rudder-agent.service
You can now verify the Rudder agent service with the following command:
systemctl status rudder-agent.service
You should get the following output:
? rudder-agent.service - Rudder agent umbrella service Loaded: loaded (/lib/systemd/system/rudder-agent.service; enabled; vendor preset: enabled) Active: active (exited) since Fri 2020-01-31 08:00:37 UTC; 8min ago Docs: man:rudder(8) https://docs.rudder.io Main PID: 5177 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4701) Memory: 0B CGroup: /system.slice/rudder-agent.service Jan 31 08:00:37 debianclient systemd[1]: Starting Rudder agent umbrella service... Jan 31 08:00:37 debianclient systemd[1]: Started Rudder agent umbrella service.
Verify Rudder Agent
Ruder server and agent are now installed and configured. It's time to verify whether the Rudder agent is added in the Rudder server or not.
Open your web browser and type the URL https://your-server-ip/rudder and click on the Node Management => Accept new nodes as shown below:
Click on the Accept button to accept the new node. You should see the confirmation page shown below:
Click on the Accept button to accept the new node. You should see your newly added node in the following screen:
In the above screen, you should see 100% non-compliance for a newly added node. To resolve this, you will need to force the agent to run and send an inventory by running the following command:
rudder agent inventory
You should see the following output:
Rudder agent 6.0.2-debian10 (CFEngine Core 3.10.2) Node uuid: 20200203-072526-c88cf5a0-8211-8a30bs00ffa9 Start execution with config [30471213-214835-13b4se13] M| State Technique Component Key Message E| compliant Inventory inventory The inventory has been successfully sent ## Summary ##################################################################### => 1 components in Enforce mode -> 1 compliant execution time: 11.27s ################################################################################
Conclusion
In the above article, we learned how to install the Ruder server on Debian 10 server. We also learned how to install the Rudder agent and add it to the Rudder server. You can now add more nodes to your Rudder server and start managing them. For more information about the Rudder configuration, you can visit the Rudder documentation site at Rudder Doc. Feel free to ask me if you have any questions.