16. 02. 2024 Reinhold Trocker Log-SIEM, NetEye

Enabling Elastic Agents Upgrades in Restricted or Closed Networks

In this article, we’ll explore how to configure the “Agent Binary Download” setting and set up your own artifact registry for binary downloads within a NetEye cluster.

Prerequisites

Before we begin, ensure you have the following prerequisites in place:

  • Your Elastic Agents can access https://YOURCLUSTERNAME/
  • Your Elastic Agents are Version 8.10.3 or higher

Configuring the “Agent Binary Download” Setting

  1. Access NetEye
    • Log in to your NetEye instance
  2. Navigate to Fleet Settings
    • Go to Fleet
    • Click on Settings
  3. Add or edit the binary source
    • Under Agent Binary Download, click Add Agent Binary Source or Edit
    • Set a descriptive name for the binary source, like
      Elastic Artifacts on NetEye Cluster
    • Specify the address where you’ll host the artifacts repository (your custom registry), like:
      https://YOURCLUSTERNAME/neteyeshared/elasticdownload/
  4. Make it the default (optional)
    • If you want to make this location the default for all agent policies, select Make this host the default for all agent policies
  5. Save your changes

Hosting Your Own Artifact Registry

If routing traffic through a proxy server is not an option, you can host your own Elastic Package Registry. Here’s how:

  1. Remember that your Apache Server is running on a single cluster-node
    • When changing something in /neteye/shared/httpd/, be sure to do it on the node which has httpd running (the node which actually owns the cluster IP)
    • When changing something in /etc/httpd/, change it on all cluster nodes
  2. Create a Directory
    • Choose a location on your server where you want to host the artifacts. For example:
      • mkdir /neteye/shared/httpd/neteyeshare
        mkdir /neteye/shared/httpd/neteyeshare/elasticdownload
        mkdir /neteye/shared/httpd/neteyeshare/elasticdownload/beats
        mkdir /neteye/shared/httpd/neteyeshare/elasticdownload/beats/elastic—agents
        chown apache.apache -R /neteye/shared/httpd/neteyeshare
  3. Copy Artifacts
    • Place the necessary NetEye artifacts (binaries, packages, etc.) into this directory.
      Please see Air-gapped environments | Fleet and Elastic Agent Guide [8.12] | Elastic,
      or do something like:
      • cd /neteye/shared/httpd/neteyeshare/elasticdownload/beats/elastic agent
        wget https://artifacts.e1astic.co/down10ads/beats/e1astic—agent/e1astic—agent—8.11.3—windows—x86_64.zip
        wget https://artifacts.e1astic.co/down10ads/beats/e1astic—agent/e1astic—agent—8.11.3—windows—x86_64.zip.asc
        wget https://artifacts.e1astic.co/down10ads/beats/e1astic—agent/e1astic—agent—8.11.3—windows—x86_64.zip.sha512
        wget https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.11.3-linux-x86_64.tar.gz
        wget https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.11.3-linux-x86_64.tar.gz.asc
        wget https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.11.3-linux-x86_64.tar.gz.sha512
        chown apache.apache *
  4. Configure Apache
    • Tell your Apache installation to deliver everything from the folder /neteye/shared/httpd/neteyeshare/
      • #cat /etc/httpd/conf.d/neteye-share.conf
        #
        # This configuration file allows the NetEye client software to be accessed at
        # http://localhost/neteye-client-software/
        #
        Alias /neteyeshare /neteye/shared/httpd/neteyeshare
        <Directory "/neteye/shared/httpd/neteyeshare">
          Options Indexes
          #Formatting improvement of index view
          IndexOptions FancyIndexing FoldersFirst HTMLTable VersionSort NameWidth=*
          AllowOverride all
          Order allow,deny
          Allow from all
          Require all granted
        </Directory>
  5. Restart Apache
    • pcs resource restart httpd
  6. Make sure your elastic-agent client machines trust the HTTPS server certificate of your cluster
    • For Windows clients, manage this by filling the Microsoft certificate store appropriately (see certlm.msc)
    • For Linux clients, see /etc/pki/tls/certs/ca-bundle.crt or the appropriate procedure for the distribution you use

Update NetEye Configuration

  1. Edit NetEye Configuration
    • On your NetEye cluster, update the Agent Policy configuration to point to the new artifact location
    • Modify the Agent Policy ⇒ “Agent Binary Download” setting to use the previously configured Elastic Artifacts on NetEye Cluster
  2. Test Connectivity
    • Verify that NetEye agents can download the required binaries from the Apache directory

Conclusion

By hosting your Elastic artifacts via an existing NetEye Apache server, you can upgrade Elastic agents without needing to give them access to the internet.

By configuring the “Agent Binary Download” setting and hosting your own artifact registry, you can ensure that Elastic Agents in your NetEye cluster have access to the required binaries, even in restricted or closed networks.

These Solutions are Engineered by Humans

Did you read this article because you’re knowledgeable about networking? Do you have the skills necessary to manage networks? We’re currently hiring for roles like this as well as other roles here at Würth Phoenix.

Reinhold Trocker

Reinhold Trocker

IT professional, IT security, (ISC)2 CISSP, technical consultant

Author

Reinhold Trocker

IT professional, IT security, (ISC)2 CISSP, technical consultant

Latest posts by Reinhold Trocker

12. 12. 2024 Log Management, Log-SIEM
Sample osquery Investigations for a Security Incident
08. 11. 2024 Log Management, Log-SIEM
Configuring EnvironmentFile for Elastic Agents on NetEye Nodes
24. 10. 2024 Log Management, Log-SIEM
Categories of documents – create more namespaces within an agent’s environment
19. 10. 2023 Log Management, Log-SIEM
Integration of Elasticsearch Clients without Authentication and without TLS
12. 10. 2023 Log Management, Log-SIEM
stunnel TCP keepalive Settings Preventing Firewall from Blocking Log Traffic
See All

Related Content

Tags: ,

20. 12. 2024 Atlassian, NetEye, Service Management

Managing Alerts with JSM: Focus on Incident Management (Part 2)

In the first part of this series, we explored how Jira Service Management (JSM) helps streamline Incident Management, aligning with ITIL v4 best practices. Incident Management aims to restore normal service operation as quickly as possible after a disruption, ensuring Read More
20. 12. 2024 Automation, Development, NetEye

When Less is More: NetEye Update and Upgrade Checkpoints

Hello everyone! Today, I'd like to briefly discuss an improvement to the update and upgrade procedures that we've started to adopt with NetEye 4.39! What we wanted to improve One aspect that made quite an impact was that whenever the Read More
19. 12. 2024 Automation, Development, NetEye

NetEye Install and Upgrades: Moving to a Parallel Architecture

Hello everyone! Today, I’d like to share an exciting improvement we’ve made to the installation and upgrade procedures in NetEye, introducing a faster and more efficient parallel architecture! Why Modernize the Installation and Upgrade Processes? At Würth Phoenix, we strive Read More
12. 12. 2024 Log Management, Log-SIEM

Sample osquery Investigations for a Security Incident

Note: This description of a security analyst's daily routine is fictitious. However, the osquery examples have been tested and can therefore be used as a template for your own research. 1. Alarm Detection Today started with a high-severity alarm from our Read More
03. 12. 2024 ITOA, NetEye

Grafana 11 Compatibility

Scenario NetEye 4 provides a graphical engine to represent time series monitoring data stored in an Influx database: the Grafana engine accessible through the ITOA menu on the left hand side. Grafana is very powerful: it consists of a dashboard Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive