deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-17 07:47:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3506 from MicrosoftDocs/macky-nixclean08

Browse Source 
Cleaned up code boxes
This commit is contained in:
Jeff Borsecnik 2020-08-12 08:38:42 -07:00 committed by GitHub
commit 987fe9dfe7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
windows/security/threat-protection/microsoft-defender-atp/linux-support-install.md
View File

@ -26,12 +26,15 @@ ms.topic: conceptual
## Verify if installation succeeded ## Verify if installation succeeded
An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, one can obtain and check the installation logs using: An error in installation may or may not result in a meaningful error message by the package manager. To verify if the installation succeeded, obtain and check the installation logs using:
```bash ```bash
$ sudo journalctl | grep 'microsoft-mdatp' > installation.log sudo journalctl | grep 'microsoft-mdatp' > installation.log
$ grep 'postinstall end' installation.log ```
```bash
grep 'postinstall end' installation.log
```
```Output
microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216 microsoft-mdatp-installer[102243]: postinstall end [2020-03-26 07:04:43OURCE +0000] 102216
``` ```
@ -44,8 +47,9 @@ Also check the [Client configuration](linux-install-manually.md#client-configura
Check if the mdatp service is running: Check if the mdatp service is running:
```bash ```bash
$ systemctl status mdatp systemctl status mdatp
```
```Output
● mdatp.service - Microsoft Defender ATP ● mdatp.service - Microsoft Defender ATP
Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled) Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago Active: active (running) since Thu 2020-03-26 10:37:30 IST; 23h ago
@ -61,41 +65,43 @@ Check if the mdatp service is running:
1. Check if "mdatp" user exists: 1. Check if "mdatp" user exists:
```bash ```bash
$ id "mdatp" id "mdatp"
``` ```
If theres no output, run If theres no output, run
```bash ```bash
$ sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp sudo useradd --system --no-create-home --user-group --shell /usr/sbin/nologin mdatp
``` ```
2. Try enabling and restarting the service using: 2. Try enabling and restarting the service using:
```bash ```bash
$ sudo systemctl enable mdatp sudo systemctl enable mdatp
$ sudo systemctl restart mdatp
``` ```
3. If mdatp.service isn't found upon running the previous command, run
```bash ```bash
$ sudo cp /opt/microsoft/mdatp/conf/mdatp.service <systemd_path> sudo systemctl restart mdatp
where <systemd_path> is
/lib/systemd/system for Ubuntu and Debian distributions
/usr/lib/systemd/system for Rhel, CentOS, Oracle and SLES
``` ```
and then rerun step 2.
3. If mdatp.service isn't found upon running the previous command, run:
```bash
sudo cp /opt/microsoft/mdatp/conf/mdatp.service <systemd_path>
```
where ```<systemd_path>``` is
```/lib/systemd/system``` for Ubuntu and Debian distributions and
```/usr/lib/systemd/system``` for Rhel, CentOS, Oracle and SLES.
Then rerun step 2.
4. If the above steps dont work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details. 4. If the above steps dont work, check if SELinux is installed and in enforcing mode. If so, try setting it to permissive (preferably) or disabled mode. It can be done by setting the parameter `SELINUX` to "permissive" or "disabled" in `/etc/selinux/config` file, followed by reboot. Check the man-page of selinux for more details.
Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot. Now try restarting the mdatp service using step 2. Revert the configuration change immediately though for security reasons after trying it and reboot.
5. Ensure that the daemon has executable permission. 5. Ensure that the daemon has executable permission.
```bash ```bash
$ ls -l /opt/microsoft/mdatp/sbin/wdavdaemon ls -l /opt/microsoft/mdatp/sbin/wdavdaemon
```
```Output
-rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon -rwxr-xr-x 2 root root 15502160 Mar 3 04:47 /opt/microsoft/mdatp/sbin/wdavdaemon
``` ```
If the daemon doesn't have executable permissions, make it executable using: If the daemon doesn't have executable permissions, make it executable using:
```bash ```bash
$ sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon sudo chmod 0755 /opt/microsoft/mdatp/sbin/wdavdaemon
``` ```
and retry running step 2. and retry running step 2.
@ -105,7 +111,7 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
1. Check the file system type using: 1. Check the file system type using:
```bash ```bash
$ findmnt -T <path_of_EICAR_file> findmnt -T <path_of_EICAR_file>
``` ```
Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned. Currently supported file systems for on-access activity are listed [here](microsoft-defender-atp-linux.md#system-requirements). Any files outside these file systems won't be scanned.
@ -113,13 +119,15 @@ Now try restarting the mdatp service using step 2. Revert the configuration chan
1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command: 1. If running the command-line tool `mdatp` gives an error `command not found`, run the following command:
```bash ```bash
$ sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp sudo ln -sf /opt/microsoft/mdatp/sbin/wdavdaemonclient /usr/bin/mdatp
``` ```
and try again. and try again.
If none of the above steps help, collect the diagnostic logs: If none of the above steps help, collect the diagnostic logs:
```bash ```bash
$ sudo mdatp diagnostic create sudo mdatp diagnostic create
```
```Output
Diagnostic file created: <path to file> Diagnostic file created: <path to file>
``` ```
Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs. Path to a zip file that contains the logs will be displayed as an output. Reach out to our customer support with these logs.