cancel
Showing results for 
Search instead for 
Did you mean: 

Problems installing ePO agent onto Linux systems from ePO console

Jump to solution

  Hi folks,

  I'm able to manually install the install.sh ePO installer package onto a LInux system (RHEL 5) and then push down the Policy Auditor agent down via policy shortly thereafter. However I have not been able to deploy the client from the ePO console. Looking at the security log on the client, I see the following;

Nov  7 17:35:55 xevious sshd[3560]: Connection from X.X.X.X port 54383

Nov  7 17:35:55 xevious sshd[3560]: Accepted password for root from X.X.X.X port 54383 ssh2

Nov  7 17:35:55 xevious sshd[3560]: pam_unix(sshd:session): session opened for user root by (uid=0)

Nov  7 17:35:55 xevious sshd[3560]: subsystem request for sftp

Nov  7 17:35:57 xevious sshd[3560]: Connection closed by X.X.X.X

Nov  7 17:35:57 xevious sshd[3560]: pam_unix(sshd:session): session closed for user root

Nov  7 17:35:57 xevious sshd[3560]: Closing connection to X.X.X.X

Nov  7 17:35:57 xevious sshd[3583]: Connection from X.X.X.X port 54386

Nov  7 17:35:57 xevious sshd[3583]: Accepted password for root from X.X.X.X port 54386 ssh2

Nov  7 17:35:57 xevious sshd[3583]: pam_unix(sshd:session): session opened for user root by (uid=0)

Nov  7 17:35:57 xevious sudo:     root : sorry, you must have a tty to run sudo ; TTY=unknown ; PWD=/root ; USER=root ; COMMAND=./install.sh -i

Nov  7 17:35:58 xevious sshd[3583]: Connection closed by X.X.X.X

Nov  7 17:35:58 xevious sshd[3583]: pam_unix(sshd:session): session closed for user root

Nov  7 17:35:58 xevious sshd[3583]: Closing connection to X.X.X.X

It looks like the problem is that sudo has the reguiretty option set based on the line;

Nov  7 17:35:57 xevious sudo:     root : sorry, you must have a tty to run sudo ; TTY=unknown ; PWD=/root ; USER=root ; COMMAND=./install.sh -i

I don't want to turn off that option for security reasons. Is there another way around this?

I've also tried using non-root credentials with and account that can run any command from sudo, but I still get the same error message.

Having sudo set to requiretty is a pretty common secuirty practice so I'm curious what others have done that have Linux/Unix systems in there environment.

I've had no problems pushing the client out to MacOS X systems which also require a ssh session to be established.

Any suggestions?

1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: Problems installing ePO agent onto Linux systems from ePO console

Jump to solution

Hi...

Deploying to RHEL from ePO requires the requiretty option, I'm afraid: please see page 33 in the MA .6 Product Guide for details.

HTH -

Joe

3 Replies

Re: Problems installing ePO agent onto Linux systems from ePO console

Jump to solution

Just as an experiment, I ran this command as root from a terminal;

ssh -t xevious sudo sh ~/Desktop/RHEL/install.sh -i

where the path ~/Destkop/RHEL/install.sh is the location of the ePO installer script on the target system.

The package installed fine.

So it is possible to install this thing remotely from the console if the commands sent where configured similarly to what I issued above.

I then issued the command;

ssh -l username -t xevious sudo sh ~/Desktop/RHEL/install.sh -i

Where username is a legitimate user that is listed in the sudoers file with permission to run any command from sudo.

I was prompted twice for my password, once during the initial logon and once for the sudo password. Package installed fine afterwords.

If the ePO server handled the client install in this matter, it would be even better.

Any suggestions?

Message was edited by: landmissle on 11/7/11 8:17:52 PM CST
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: Problems installing ePO agent onto Linux systems from ePO console

Jump to solution

Hi...

Deploying to RHEL from ePO requires the requiretty option, I'm afraid: please see page 33 in the MA .6 Product Guide for details.

HTH -

Joe

Re: Problems installing ePO agent onto Linux systems from ePO console

Jump to solution

  Hi JoeBidgood,

  Thanks for the reply. I checked the manual you referenced and you're correct.

  I would be really nice if the "requiretty" was not a requirement for console deployment.