NetApp Cloud Insights – Cloud Secureを使ってみた(導入編)
こんにちは。たかやまです。
突然ですが、ウイルス対策していますか?
ウイルス対策ソフトを入れているから大丈夫という声が聞こえてきそうですが、そのソフトが従来型の「パターンマッチング」方式の場合、パターンを変えて進化し続ける新種のマルウェアに対応できない可能性があります。
最近でパターンではなく実際のウイルスの動きに注目する User Behavior Analysis(ユーザー⾏動分析:UBA)という検知方法が注目されています。
そこで、今回はNetAppが提供しているUBAサービス Cloud Secure を使ってみたいと思います。
UBAとは
UBAは通常状態のユーザ動作とマルウェア感染時の異常な動作を比較し検知する方法です。
機械学習で動作の異常判定をするため従来のウイルス対策ソフトでは検出できなかった内部脅威の検知も可能にします。
傾向分析 : 普段ユーザがどのような振る舞いをしているかをログ収集し分析
異常検知 : 通常時・異常時それぞれの行動を学習し、定義する
内部脅威 : マルウェアの動作だけでなく、ユーザの不正行為(大量ファイル削除/ファイル持ち出し)を検知
Cloud Secureとは
Cloud SecureはNetAppが提供する監視SaaS Cloud Insightsの機能の一部になります。
Cloud Secureがユーザ認証情報(Active Directory/LDAP)とNetApp ONTAPで行われるデータ操作情報を結びつけることでユーザーの振る舞いを監視します。
主な特徴は以下のとおりです。
- 異常な振る舞いを検知し、管理者へ通知
- 異常検知時、ONTAPスナップショットを取得
- アクセス元を遮断しリアルタイムに攻撃をSTOP
- 監査ログで攻撃元、影響範囲の特定
導入してみる
全体構成
今回の構成は以下のとおりです。
エージェントインストール
Cloud Secure Agent Installation
はじめにCloud Secure AgentをEC2にインストールします。
以下の要件にあったEC2インスタンスを用意してください。
エージェントインストール要件
機能 | 要件 |
---|---|
OS | ・RedHat Enterprise Linux 7.x/8.x 64ビット ・CentOS 7.x/ 8 Stream 64ビット |
CPU/メモリ | 4cpu/16GB |
ディスクスペース | /optに25-30GB |
ネットワーク | ・ 100Mbps〜1Gbps ・ インバウンドポート35000-55000 ・アウトバウンドポート7/389/443/636/35000-55000 |
OSは今回CentOS 8 Streamを使用しています。
小ネタですが、以下のCLIコマンドで最新のCentos 8 StreamのAMIを確認できます。
aws ec2 describe-images \ --owners 125523088429 \ --region ap-northeast-1 \ --filters Name=name,Values="CentOS Stream 8*" Name=architecture,Values=x86_64 \ --query 'reverse(sort_by(Images, &CreationDate))[:1].ImageId' \ --output text
https://wiki.centos.org/Cloud/AWS
EC2の作成が完了したら、Cloud Secure AgentをインストールするためにCloud Insightsにログインします。
Cloud Insightsへログインするためには、Cloud Central/Cloud Insightsのアカウント登録が必要となります。
まだの方はNetApp公式Youtubeの登録方法が非常にわかりやすいのでぜひご覧ください!
アカウント登録後、NetAppの統合データ管理サイトのCloud Centralにログインします。
https://services.cloud.netapp.com/
Cloud Centralログイン後、Cloud Insightsにログインします。
Cloud Insightsログイン後、左ペインのCloud Secureを選択します。
Cloud Secureの機能が展開されたら、ADMIN
-> Data Collectors
-> Agents
-> + Agent
を選択します。
Agentをインストールするためのトークンが付与されたコマンドが発行されます。
今回はCentOS 8 Streamを利用しているのでCentOSを選択し、インストールコマンドをコピーします。
※プロキシを利用している場合は、1.
のプロキシ設定を行ってください。
root権限で出力されたコマンドを実行します。
インストールコマンド内でunzipを実行するので、unzipモジュールが入っていない場合はここでインストールします。
sudo su - yum install -y unzip token='xxxxx' installerName=cloudsecure-linux-agent-installer-1.507.0.zip && curl -H "Authorization: Bearer $token" -o $installerName https://tn5499.cs01-ap-1.cloudinsights.netapp.com/rest/v1/agents/installers/linux/1.507.0 && unzip $installerName -d . && chmod 755 -Rf . && sudo /bin/bash -c "TOKEN=$token HTTPS_PROXY='$https_proxy' ./cloudsecure-agent-install.sh"
実行ログ(展開)
$ sudo su - 最終ログイン: 2022/05/18 (水) 05:01:43 UTC日時 pts/1 # yum install -y unzip CentOS Stream 8 - AppStream 16 MB/s | 22 MB 00:01 CentOS Stream 8 - BaseOS 27 MB/s | 22 MB 00:00 CentOS Stream 8 - Extras 36 kB/s | 18 kB 00:00 Dependencies resolved. ================================================================================================================================================================================== Package Architecture Version Repository Size ================================================================================================================================================================================== Installing: unzip x86_64 6.0-46.el8 baseos 196 k Transaction Summary ================================================================================================================================================================================== Install 1 Package Total download size: 196 k Installed size: 414 k Downloading Packages: unzip-6.0-46.el8.x86_64.rpm 1.7 MB/s | 196 kB 00:00 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 340 kB/s | 196 kB 00:00 warning: /var/cache/dnf/baseos-5d5072979dfa6055/packages/unzip-6.0-46.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY CentOS Stream 8 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <[email protected]>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : unzip-6.0-46.el8.x86_64 1/1 Running scriptlet: unzip-6.0-46.el8.x86_64 1/1 Verifying : unzip-6.0-46.el8.x86_64 1/1 Installed: unzip-6.0-46.el8.x86_64 Complete! # token='xxxxx' installerName=cloudsecure-linux-agent-installer-1.507.0.zip && curl -H "Authorization: Bearer $token" -o $installerName https://tn5499.cs01-ap-1.cloudinsights.netapp.com/rest/v1/agents/installers/linux/1.507.0 && unzip $installerName -d . && chmod 755 -Rf . && sudo /bin/bash -c "TOKEN=$token HTTPS_PROXY='$https_proxy' ./cloudsecure-agent-install.sh" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 70.4M 100 70.4M 0 0 12.2M 0 0:00:05 0:00:05 --:--:-- 14.9M Archive: cloudsecure-linux-agent-installer-1.507.0.zip inflating: ./cloudsecure-agent-upgrade.sh inflating: ./cloudsecure-agent-install.sh inflating: ./cloudsecure-agent-image.zip Checking root user or not. Checking for supported linux distribution. CentOS is a supported linux distribution, proceeding with the installation. Checking available disk space for /opt/netapp. Checking for hostname. Checking for existing installation Checking for tmp directory permissions. tmp directory permissions present, proceeding with the installation. Setting up cssys user and group. Creating cssys group. Creating cssys user. Installing NetApp CloudSecure Agent. Unzipping the CloudSecure Agent at tmp folder. Archive: /root/cloudsecure-agent-image.zip inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/conf/application.ini inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.netapp.df.uba.cloudsecure-agent-1.507.0.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.scala-library-2.12.6.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-http_2.12-10.1.8.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-http-xml_2.12-10.1.8.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-http-spray-json_2.12-10.1.8.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-stream_2.12-2.5.19.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-slf4j_2.12-2.5.19.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.config-1.3.3.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.scala-logging.scala-logging_2.12-3.8.0.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.logging.log4j.log4j-api-2.17.1.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.logging.log4j.log4j-core-2.17.1.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.logging.log4j.log4j-slf4j-impl-2.17.1.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.commons.commons-lang3-3.1.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.commons.commons-exec-1.3.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.googlecode.json-simple.json-simple-1.1.1.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/io.spray.spray-json_2.12-1.3.5.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/commons-io.commons-io-2.5.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.httpcomponents.httpclient-4.5.10.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.fasterxml.jackson.module.jackson-module-scala_2.12-2.13.2.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.projectlombok.lombok-1.18.2.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-http-core_2.12-10.1.8.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.modules.scala-xml_2.12-1.1.1.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-actor_2.12-2.5.19.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-protobuf_2.12-2.5.19.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.reactivestreams.reactive-streams-1.0.2.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.ssl-config-core_2.12-0.3.6.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.slf4j.slf4j-api-1.7.25.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.scala-reflect-2.12.6.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/junit.junit-4.12.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.httpcomponents.httpcore-4.4.12.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/commons-logging.commons-logging-1.2.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/commons-codec.commons-codec-1.11.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.fasterxml.jackson.core.jackson-core-2.13.2.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.fasterxml.jackson.core.jackson-annotations-2.13.2.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.fasterxml.jackson.core.jackson-databind-2.13.2.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.thoughtworks.paranamer.paranamer-2.8.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-parsing_2.12-10.1.8.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.modules.scala-java8-compat_2.12-0.8.0.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.modules.scala-parser-combinators_2.12-1.1.1.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.hamcrest.hamcrest-core-1.3.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/bin/cloudsecure-agent inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/conf/version inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/bin/cloudsecure-agent-symptom-collector.sh inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/conf/log4j2.xml inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/cloudsecure-agent-uninstall.sh inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/cloudsecure-agent-upgrade.sh inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/cloudsecure-agent.service inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/ransomware_simulator.sh inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/svm_event_rate_checker.sh inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/vault/VAULT.dat inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/vault/vault.jceks inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/vault/vault.passwd inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/SectigoRSADomainValidationSecureServerCA.crt inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/USERTrustRSAAddTrustCA.crt inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/cs-wildcard-prod.crt inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/cs-wildcard-qa-old.crt inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/cs-wildcard-qa.crt inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/cs-wildcard.crt inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/keytool inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/pack200 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/rmid inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/java inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/jfr inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/jjs inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/rmiregistry inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/jrunscript inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/jaotc inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/unpack200 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/rmid.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/unpack200.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/keytool.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/java.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/rmiregistry.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/pack200.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/jjs.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/rmid.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/unpack200.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/keytool.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/java.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/rmiregistry.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/pack200.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/jjs.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/rmid.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/unpack200.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/keytool.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/java.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/rmiregistry.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/pack200.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/jjs.1 inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.rmi/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.rmi/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.rmi/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jsobject/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jsobject/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jsobject/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.sasl/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.sasl/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.sasl/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.smartcardio/pcsclite.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.smartcardio/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.smartcardio/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.smartcardio/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.accessibility/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.accessibility/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.accessibility/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/pkcs11cryptotoken.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/pkcs11wrapper.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/lcms.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/colorimaging.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/jpeg.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/mesa3d.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/harfbuzz.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/xwd.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/giflib.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/libpng.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.auth/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.auth/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.auth/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.jfr/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.jfr/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.jfr/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/thaidict.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/cldr.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.ci/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.ci/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.ci/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/joni.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/double-conversion.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management.rmi/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management.rmi/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management.rmi/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jdwp.agent/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jdwp.agent/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jdwp.agent/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.dns/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.dns/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.dns/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.compiler/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.compiler/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.compiler/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.logging/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.logging/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.logging/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.instrument/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.instrument/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.instrument/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.aot/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.aot/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.aot/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.datatransfer/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.datatransfer/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.datatransfer/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml.crypto/santuario.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml.crypto/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml.crypto/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml.crypto/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.prefs/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.prefs/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.prefs/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql.rowset/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql.rowset/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql.rowset/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.scripting/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.scripting/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.scripting/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.dynalink/dynalink.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.dynalink/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.dynalink/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.dynalink/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/public_suffix.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/icu.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/aes.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/cldr.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/unicode.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/asm.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/c-libutl.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.charsets/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.charsets/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.charsets/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.naming/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.naming/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.naming/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jfr/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jfr/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jfr/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.ed/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.ed/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.ed/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.pack/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.pack/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.pack/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.transaction.xa/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.transaction.xa/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.transaction.xa/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.agent/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.agent/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.agent/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.jgss/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.jgss/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.jgss/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.jgss/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.jgss/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.jgss/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.zipfs/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.zipfs/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.zipfs/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.se/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.se/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.se/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.ec/ecc.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.ec/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.ec/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.ec/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.sctp/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.sctp/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.sctp/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.net/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.net/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.net/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.httpserver/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.httpserver/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.httpserver/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.le/jline.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.le/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.le/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.le/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/bcel.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/dom.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/jcup.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/xerces.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/xalan.md inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.unsupported/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.unsupported/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.unsupported/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.rmi/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.rmi/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.rmi/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.ldap/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.ldap/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.ldap/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler.management/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler.management/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler.management/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.net.http/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.net.http/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.net.http/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn.shell/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn.shell/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn.shell/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.xml.dom/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.xml.dom/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.xml.dom/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management/LICENSE inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management/ASSEMBLY_EXCEPTION inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management/ADDITIONAL_LICENSE_INFO inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/management/jmxremote.access inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/management/jmxremote.password.template inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/management/management.properties inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/unlimited/default_local.policy inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/unlimited/default_US_export.policy inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/limited/default_local.policy inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/limited/default_US_export.policy inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/limited/exempt_local.policy inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/README.txt inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/java.security inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/java.policy inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/logging.properties inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/sound.properties inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/net.properties inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/server/libjsig.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/server/libjvm.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/server/Xusage.txt inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/security/cacerts inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/security/blacklisted.certs inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/security/public_suffix_list.dat inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/security/default.policy inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jfr/profile.jfc inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jfr/default.jfc inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jli/libjli.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libnio.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjdwp.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjawt.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjavajpeg.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/psfontj2d.properties inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjsig.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jexec inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libj2gss.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libmanagement_agent.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libdt_socket.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libawt.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjsound.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libmlib_image.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libverify.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/classlist inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libfontmanager.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libawt_xawt.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjimage.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjava.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libinstrument.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libj2pkcs11.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libextnet.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libawt_headless.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/modules inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libj2pcsc.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjaas.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/liblcms.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libmanagement.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libnet.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libsplashscreen.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libzip.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libunpack.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libmanagement_ext.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jspawnhelper inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jrt-fs.jar inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libprefs.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/librmi.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/psfont.properties.ja inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/tzdb.dat inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libsctp.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libsunec.so inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jvm.cfg inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/release setup cloud secure agent directory ownership setting 700 permission to /opt/netapp/cloudsecure recursively setting 755 permission to /var/log/netapp/ Copying service file to /usr/lib/systemd/system/cloudsecure-agent.service Setting systemd services for cloudsecure-agent. Taking backup of the VM default rmem values to /opt/netapp/cloudsecure/sysctl.conf.bkp Setting default and max rmem values Starting CloudSecure Agent services. Welcome to CloudSecure (R) 1.507.0 Agent ____ _____ / ___| | ___| | | |_|___ | |___ ___| | \____| |_____| NetApp (R) Installation: /opt/netapp/cloudsecure/agent Installation logs: /var/log/netapp//cloudsecure/install Agent Logs: /opt/netapp/cloudsecure/agent/logs To uninstall: sudo cloudsecure-agent-uninstall.sh --help
インストールに成功すると下にNew agent detected!
と表示されます。簡単!
Cloud Insightsコンソールに戻るとEC2のプライベートIPが記載されたAgentが出力されます。
Agent名はあとから変更できるので管理しやすい名前に変更することもできます。
ユーザディレクトリコレクタ設定
AgentとActive Directory/LDAPを紐付けるユーザディレクトリコレクタ設定を行います。
今回はActive Directoryを対象に設定していきたいと思います。
Active Directory
Configuring an Active Directory (AD) User Directory Collector
User Directory Collectors
-> + User Directory Collector
を選択します。
Active Directoryを選択します。
連携に必要なActive Directory情報を登録していきます。
他の項目は特に指定がなければそのままで大丈夫です。
Data Collectorが追加され、問題がなければStatusがRunning
になります。
データコレクター設定
Configuring the ONTAP SVM Data Collector
AgentとONTAP製品を紐付けるデータコレクタ設定を行います。
Data Collectors
-> + Data Collector
を選択します。
今回はFSx for ONTAPを使用するので以下のアイコンを選択します。
FSx for ONTAPの連携に必要な情報を入力していきます。
他の項目で監視対象のボリュームの細かい選択などもできます。
トラブルシューティング
このエラーはAD連携していないSVMのプロトコル監視対象にSMB/CIFSを選択したためのエラーです。対応としてNSF対応のSVMではここのチェックをはずして登録します。
Connector is in error state. Service name: audit. Reason for failure: Failed to configure fpolicy on SVM xxx. Reason: Missing value for zapi field: events.
このエラーはAgentサーバがFSx for ONTAPからのインバウンドポートが空いていない場合に通知されます。対応としてはFSx for ONTAPのセキュリティグループをソースにポート35000-55000のインバウンドを追加しました。
Error Message: "Connector is in error state. Service.name: audit. Reason for failure: External fpolicy server terminated."
動作確認
設定が済むと、以下のようにCloud Secureでユーザの状態やユーザのアクティビティを確認することができます。
料金
Cloud Secureの利用には1MUあたり月額9ドルで利用可能です。
NetApp Cloud Insights - ハイブリッド インフラの監視、最適化(エディションと価格)
Managed Unit(MU)とは?
コンピューティング:1MU = 2つのホスト(仮想または物理)
ストレージ:1MU = 4TiBの未フォーマットの外付けストレージ(物理または仮想)、またはNetApp StorageGRID、Dell EMC ECS、Hitachi Content Platform、IBM Cleversafeの40TiBの未フォーマット ストレージ(コンピューティング用のローカル ストレージは考慮しない)
例:
ホストが100個でストレージが100TiBの場合、(100/2) + (100/4) = 75MUを購入
NetApp StorageGRIDが200TiB、それ以外のストレージが200TiBの場合、(200/40) + (200/4) = 55MUを購入
Cloud Secureは30日間の無料Traialがあるので、ぜひTraialを試して使用感を試していただければと思います。
再掲になりますが無料Traialの有効化手順はこちらの動画がおすすめです!
まとめ
ところどころネットワーク周りでトラブルシューティングしましたが、慣れさえすれば設定項目も少なくサクッと設定できると思います。
次回はCloud SecureのUBAを使って異常検出と対策を試していきたいと思います。
以上、たかやまでした。