Installing and Uninstalling the ThreatLocker Linux Agent

3 min. readlast update: 09.23.2024

The Linux Agent is currently in beta testing and we encourage you to install it only in non-production environments. Please report any issues to a Cyber Hero.

Supported OS: 

  • Ubuntu Server 22.04.4 LTS (Jammy Jellyfish)
  • Red Hat Enterprise Linux 9.4 (Plow) (May work on 9.2 as well)

Included ThreatLocker Products:

  • Allowlisting

Prerequisites 

Selinux - Selinux is NOT installed by default on Ubuntu Systems  

  1. Launch Terminal and run the following command 

    1. sudo apt install policycoreutils selinux-utils selinux-basics 

  1. Once Selinux is installed, it must be activated with the following command  

    1. sudo selinux-activate 

  1. Once Activated, reboot the Ubuntu system

    1. sudo reboot now 

  1. Verify successful Selinux Installation and Activation by using the following command: sestatus 

  1. If enabled, Selinux installation is complete 

Locating the Installer Package

Current Linux Beta Stub Installers can be found on any page within the ThreatLocker beta portal, including: 

  • The 'Install Computer' button on the Computers Page 

  • The 'Download Installer' button on the Computer Groups Page 

  • The 'Install Computer' button located on the top right of the portal 

A choice of either a RPM or DEB file can be downloaded, depending on which version of Linux the agent will be installed on. 

Install Agent 

  1. Install package - Use the appropriate package manager to install the ThreatLocker package. For example, if running Ubuntu, you will use “apt”

    1. <dnf|yum|apt> -y install ./threatlocker-<version>.x86_64.<rpm|deb> 

      1. Note:  Do NOT include group key

      2. example: if using ubuntu, sudo apt install ./1.0.5-230_ubuntu_22_4.x86_64.deb  

  1. Set the API Server with the following commands:  

    1. sudo threatlockerctl --register-api-name <api name> 

      1. Note: "API Name" is NOT a URL, example: api  

               b. sudo threatlockerctl --custom-api <URL> 

  1. Register computer to your portal: 

    1. sudo threatlockerctl --register-computer <installkey> 

Example:

Example uses the 1.0.5-230.deb installer on a 22.04 Ubuntu Server and installs to api.c.threatlocker.com 

  1. Install Package  

    1. sudo apt install ./1.0.5-230_ubuntu_22_4.x86_64.deb 
  1. Set the API Server with the following commands:  

    1. sudo threatlockerctl --register-api-name api 

    2. sudo threatlockerctl --custom-api https://api.c.threatlocker.com  

  1. Register computer to your portal:  

    1. sudo threatlockerctl --register-computer <installkey>

 

Although the instructions above work well, as a shortcut, the agent may be able to be installed by renaming the installer file and running the install command as follows:

<Name of installer>_<Install Key>_<api>.<rpm|deb> and following step one below. 

For Example:

Sudo yum install –y ./ThreatlockerInstaller_dfbf45238923eeb335416bee_g.RPM 

 

 

Locating the Custom API :

To locate the custom API URL, navigate to 'Help', located in the upper right corner of the portal. Replace the characters between api. and .threatlocker in the url above with the characters in parenthesis found in the Help dropdown beside the ThreatLocker Access title.
For example, using the information in the picture below, the custom-api would become https://api.e.threatlocker.com

 

Locating the Install Key: 

  1. Navigate to the Computers Page > Computer Groups.
  2. Select the group the computer being installed is a member of.
  3. In the sidebar, the Install Key is located under the General tab, labeled ‘Install Key’. 

A screenshot of a computer

Description automatically generated

Uninstalling the ThreatLocker Linux Agent

After disabling Tamper Protection from the ThreatLocker portal, run the command that corresponds with the distro being utilized:

Sudo <dnf|yum|apt> remove -y threatlocker

 

 

 

 

Was this article helpful?