Installing Authentication Verifier Agent on Linux in Acunetix 360 (RedHat Distribution)

To scan a website located on your internal network that is not accessible from the internet, you can install and configure a scan agent on your network. The agent will conduct the actual scan job and then report the results back to Acunetix 360. You can also install an internal authentication verifier agent to verify that you run authenticated scans in your local environment.

NOTE: The Authentication Verifier Agent is an optional component.

Install the authentication verifier agent if you need to scan websites with form or basic authentication, or OAuth2. The authentication verifier agents also work for Authentication Profiles, Custom Scripts for Form Authentication, CyberArk Vault, HashiCorp Vault, and AzureKey Vault.

This document explains how to install, update, and uninstall authentication verifier agents on Linux (RedHat).

TIP: For Windows, refer to Installing Authentication Verifier Agents. For Debian distributions, refer to Installing Authentication Verifier Agents on Linux (Debian Distribution).

Prerequisites

To install the authentication verifier agent on the Linux operating system, you must install some dependencies on the system, such as .NET.

Hardware Requirements

  • 1.4 GHz Processor (2.0 GHz or faster recommended)
  • 4 GB RAM or higher recommended
  • 10 GB Free Disk space for each internal agent
  • If NTLM is used as the authentication method, Ubuntu version 24.04 or its equivalent must be used at a minimum

Network Requirements

  • The Agent should be configured so that it can reach your internal website through HTTP/HTTPS.
  • The Agent needs to be able to access the Acunetix 360 Authentication Verifier Service Server's HTTP(S) (443) port.

Allowlisting Requirements

  • www.invicti.com
  • r87.me
  • 52.1.118.97, acx-avservice.acunetix360.com

Required Access

  • User(s) must have root privileges to run the required commands.

How to install and configure an authentication verifier agent

There are 3 steps in this process:

  1. Download the authentication verifier agent
  2. Install the authentication verifier agent
  3. Set the authentication verifier agent as a Linux Service

IMPORTANT: These instructions are valid for authentication verifier agents 2.1 and newer versions. If you have an older version, we strongly recommend you delete the older version and reinstall the newer authentication verifier agent.

Step 1: Download the authentication verifier agent

  1. Log in to Acunetix 360.
  2. Select Agents > Manage Agents from the left-side menu.
  3. Click + Configure New Agent.
  4. In the Authentication Verifier section, select Linux. 

The required files to install the verifier agent are downloaded. To install the authentication verifier agent, continue with step 2 below.

Step 2: Install the authentication verifier agent

NOTE: You need to disable SELinux before starting the installation. For further information about disabling SELinux, refer to the RedHat Documentation: Changing SELinux states and modes.

  1. Open a terminal window.
  2. Install the dependent packages (ignore this step for Fedora distribution):

sudo dnf install -y epel-release

Note: yum package manager is replaced with dnf in Rhel9

  1. Update operating system application repositories:

sudo yum update -y

  1. Install the dependent packages:

sudo yum install -y nano tar gssntlmssp mono-complete libgdiplus p7zip p7zip-plugins

WARNING:

RHEL 9 has removed support for NTLM authentication and no longer includes the gssntlmssp package. As a result, Acunetix 360 agents installed on RHEL 9 will not be capable of handling NTLM authentication.

Please ensure your systems and configurations account for this limitation when using Acunetix 360 with RHEL 9.

  1. Install the Headless Chrome browser dependencies:

sudo yum install -y pango.x86_64 libXcomposite.x86_64 libXcursor.x86_64 libXdamage.x86_64 libXext.x86_64 libXi.x86_64 libXtst.x86_64 cups-libs.x86_64 libXScrnSaver.x86_64 libXrandr.x86_64 GConf2.x86_64 alsa-lib.x86_64 atk.x86_64 gtk3.x86_64 xorg-x11-fonts-100dpi xorg-x11-fonts-75dpi xorg-x11-utils xorg-x11-fonts-cyrillic libX11-xcb.so.1 libnss3.so xorg-x11-fonts-Type1 xorg-x11-fonts-misc libgbm-dev  

WARNING:
If the operating system is Ubuntu 24.04 or higher, the following should be used:

sudo apt install -y libasound2t64 libatk1.0-0 libatk-bridge2.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation libnss3 lsb-release xdg-utils libgdiplus

  1. Extract the TAR file:

  • To extract the authentication verifier agent, run the following commands:

cd /home/[YOUR_USER]

tar -xvf Invicti_Enterprise_Verifier_Agent.tar --one-top-level

          

Open appsettings.json file via any text editor you prefer, for example:

      cd /home/[YOUR_USER]/Invicti_Enterprise_Verifier_Agent

nano appsettings.json

These settings will be used by the authentication verifier agent:

  • AgentName: This can be anything you want. This text will be displayed when you are starting a new scan. (If you are going to install more than one instance of the agent, you must set a unique agentName value for each instance, something you will use later.)
  • AgentType: This can be Standard.
  • ApiToken: In Acunetix 360, the Agent Token is displayed in the Configure New Agent window. Copy the value into the apiToken.

Changing default data folder for the authentication verifier agent

To change the default data folder, add the following attribute under AgentInfo: "ScanDataFolderPath": "FullPath"

The full path, for example, can be the following: /home/[YOUR_USER]/[data folder]/

If you modify the existing agent's appsettings.json file, you need to restart the service. If you add this line to the new agent, you can keep following the installation instruction.

Warning

  • Do not edit the ApiRootUrl address. If edited, your authentication verifier agent may not work.
  • Allowlist the ApiRootUrl address so that the authentication verifier agents can access the verifier server for the form authentication.
  • Make sure the machine where the authentication verifier agent is installed can access the ApiRootURL.

Step 3: Set the authentication verifier agent as a Linux Service

When you install an internal authentication verifier agent, you need to set it as a Linux service. So, the verifier agent can poll the Acunetix 360 servers regularly and can take the initiation command from the server.

You can complete this process in three steps:

Add a unit file for a Acunetix 360 Agent

  1. Open a terminal
  2. cd /etc/systemd/system
  3. sudo touch [YOUR_AGENT_NAME].service
  4. sudo nano [YOUR_AGENT_NAME].service

Information

The AgentName in the appsetting.json file and the unit file name for the agent must have the same name.

  1. Add the following script into [YOUR_AGENT_NAME].service

# For internal agents version 2.0.2.157 and newer:

[Unit]

Description=netsparker.service description

[Service]

Type=notify

KillMode=process

Restart=always

RestartSec=30

SyslogIdentifier=[YOUR_USER]

KillSignal=SIGINT

User=[YOUR_USER]

WorkingDirectory= [YOUR_AGENT_DIRECTORY_PATH]

ExecStart = ./[Your Agent Directory path]/Netsparker.Cloud.Agent

[Install]

WantedBy=multi-user.target


INFORMATION:

The [YOUR_USER] in the unit file must be the same as [YOUR_USER] that you entered while installing the verifier agent.

  1. Save and close the document.

Configure Sudoers for an Acunetix 360 Agent

  1. sudo cd /etc/sudoers.d
  2. sudo touch [YOUR_AGENT_NAME]-systemctl
  3. sudo visudo -f [YOUR_AGENT_NAME]-systemctl
  4. Add the following script into [YOUR_AGENT_NAME]-systemctl
  1. [YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl start [YOUR_AGENT_NAME].service
  2. [YOUR_USER] ALL=(ALL:ALL) NOPASSWD: /usr/bin/systemctl stop [YOUR_AGENT_NAME].service
  1. Save and close the document.

Start Acunetix 360 Agent as a Linux Service

  1. sudo systemctl daemon-reload
  2. sudo systemctl start [YOUR_AGENT_NAME].service

You can now check the status of the connection between Acunetix 360 and the authentication verifier agent. From the Agents menu, select Manage Verifiers.

Updating authentication verifier agents

There are three methods to update your authentication verifier agent.

  • When a new verifier agent version has been published, you can update your Agents manually using installation files on the machines on which agents are installed.
  • You can update agents manually by selecting Update Agent (visible only when the Enable Auto Update is not configured and the new version of the Agent is available). While the update is in progress, the State field will display 'Updating'.
  • You can enable the auto update feature. The target verifier agent updates itself as soon as possible when it’s idle.

How to enable automatic Authentication Verifier Agent updates

  1. From the main menu, select Agents > Manage Verifiers.
  2. Next to the relevant agent, select the Command drop-down, then Enable Auto Update.

How to install multiple authentication verifier agents on Linux

You can install more than one agent in Linux.

NOTE:
Make sure that you enter a different name for the new agent.

  1. Open a terminal window.
  2. Create a new folder for the new agent.
  3. Copy the TAR file into the new folder, and extract the TAR file
  4. Follow the instructions in Step 2. Installing authentication verifier agent and Step 3. Setting authentication verifier agent as a Linux Service.

How to uninstall the authentication verifier agent

You may uninstall verifier agents by following these steps:

  1. Open a terminal window.
  2. Run sudo systemctl stop {your-agent-name}.service
  3. Run cd /etc/systemd/system
  4. Run sudo rm {your-agent-name}.service
  5. Run systemctl daemon-reload

Running these commands will stop and delete the verifier agent service. If required, you can delete the related folder as well.


 
« Back to the Acunetix Support Page