First we need to turn the ARC on in the Movere Console. To do this, open the Console and select the Linux Devices and Linux ARC checkboxes (refer below):
Now navigate to the ARC tab and select the desired ARC interval and duration (refer below):
NOTE: For the settings to save to the config file, the "Next" button must be selected, (changing the page saves the settings in the config file).
Next, close the Console and navigate to the folder the Movere Console is being run from. Once there, copy the LinuxBot folder to a new location for editing (refer below):
Within the LinuxBot folder, the below three files should appear:
As ARC scans occurr over one or more days, we recommend running the ARC in the background, (it can be run in foreground if needed). Commands for both modes are included in below.
In the LinuxBot folder you should see an .x86 and .x64 file: please use the .x86 file on 32-bit Linux devices and .x64 on 64-bit systems.
Rename the file Movere.Arc.Linux.Bot.x64 (or Movere.Arc.Linux.Bot.x86 for 32-bit systems) to Movere.Arc.Linux.Bot, then delete the other file (refer below):
Next, navigate back to the folder the Movere Console is being run from and copy the Token.txt file to the folder you created above. This is the cloud authentication token which is only downloaded when automatic uploading is enabled (refer below):
Rename the Token.txt file to Movere.Arc.Linux.Bot.token in the folder you created (refer below):
Now open the Movere.Arc.Linux.Bot.xml file to add the following lines to both enable logging and disable logging via HTTP to the Console since this scan is being run locally:
The bottom of the xml file should look like this:
Next, copy these three files to the Linux device(s) to be scanned.The below example uses PSCP (PuTTY), but any method can be used:
These files may need to be marked as executable using this command: chmod 755 Movere.*
Once copied to the device(s) to be scanned, the Linux Bot can be executed. There are multiple options available, depending on how the user is logged onto the Linux device:
- If logged in as root, execute the Bot using this command: nohup ./Movere.Arc.Linux.Bot >& Movere.log &
- If not logged in as root, but sudo is available, use this command: sudo -v sudo nohup ./Movere.Arc.Linux.Bot >& Movere.log &
- NOTE: the sudo -v prompts the user for a password. This is required because running the Bot using nohup as sudo may NOT prompt for a password, causing it to hang.
- If not logged in as root, and sudo is not available, use this command: nohup ./Movere.Arc.Linux.Bot >& Movere.log &
- Note the extra "&" at the end - this tells Linux to run the command in the background.
If the above options fail, then the Bot can be launched in the foreground (not a background app) using either of these commands:
- sudo ./Movere.Arc.Linux.Bot
After its launched, Bot progress can be checked by looking at the Movere.log file using either of these commands:
- cat Movere.log
- tail Movere.log
Below is an example of what a successful bot should look like:
The ‘file uploaded successfully’ line informs us that the ARC is running and uploading its results. ARC scans will will continue to run in this manner until the date/time specified in the config file has passed.