Install Linux forwarder (Manual & Mass Install)
These instructions cover the manual installation for the Stairwell Linux Forwarder.
🔧 Prerequisites
Before installing, ensure you have:
- Stairwell Environment ID
- Stairwell Forwarder Authentication Token - How to generate the token
- auditd daemon installed and enabled
📝 Note: Backscan
The initial scan (the backscan) performs a full physical disk scan and can be resource-intensive for a short period.
We recommend:
- Identify a non-critical system for the initial scan that can tolerate high resource utilization without impacting business operations.
- The machine will return to normal after scan has complete
- Do not install on critical assets early in deployment.
- Subsequent installations will be less intensive because the forwarder will only grab new/changed files
Step 1: Verify auditd is Enabled
auditd is EnabledThe Stairwell forwarder requires auditd to monitor system events.
On systemd distributions (RHEL 7+, Ubuntu, Debian):
sudo systemctl status auditd
sudo systemctl start auditd
sudo systemctl enable auditdOn RHEL 6:
sudo service auditd status
sudo service auditd start
sudo chkconfig auditd onStep 2: Download and Install the Forwarder
Download the package for your distribution (example version 2.4.5).
RHEL, Rocky, Alma (Versions 7, 8, 9)
# RHEL 9
curl -LO https://downloads.stairwell.com/linux/2.4.5/stairwell-2.4.5-1.el9.amd64.rpm
# RHEL 8
curl -LO https://downloads.stairwell.com/linux/2.4.5/stairwell-2.4.5-1.el8.amd64.rpm
# RHEL 7
curl -LO https://downloads.stairwell.com/linux/2.4.5/stairwell-2.4.5-1.el7.amd64.rpm
# Install or upgrade
sudo rpm -i stairwell-2.4.5-1.el8.amd64.rpm
sudo rpm -U stairwell-2.4.5-1.el8.amd64.rpmDebian / Ubuntu (20.04, 22.04)
curl -LO https://downloads.stairwell.com/linux/2.4.5/stairwell-2.4.5-1.amd64.deb
sudo apt install ./stairwell-2.4.5-1.amd64.debLegacy: RHEL 6 (EOL)
curl -LO https://downloads.stairwell.com/linux/2.4.5/stairwell-2.4.5-1.el6.amd64.rpm
sudo rpm -i stairwell-2.4.5-1.el6.amd64.rpm
sudo rpm -U stairwell-2.4.5-1.el6.amd64.rpmStep 3: Configure the Forwarder
Edit /etc/stairwell/config.json and update your credentials:
sudo vi /etc/stairwell/config.jsonExample configuration:
{
"logger": { "loglevel": "error" },
"asset": {
"EnvId": "ABCDEF-ABCDEF-123ABC-ABCD1234",
"Token": "ABCDEFG1234567HIJKLMNOP789012QRSTUVW345678XYZABCD901"
},
"interpreters": ["sh","bash","python3","go","ruby","perl","lua","Rscript"],
"ostype": "server",
"proxyURL": "https://your.proxy.url:1234",
"enableEvents": true
}Step 4: Activate the Stairwell Service
On systemd (RHEL 7+, Ubuntu, Debian)
sudo systemctl enable --now stairwell.serviceOn RHEL 6
sudo service stairwell start
sudo chkconfig stairwell onStep 5: Verify and View Logs
On systemd
journalctl -u stairwell.service -fOn RHEL 6
sudo tail -f /var/log/stairwell/fileshipper.log🚀 Deploying the Linux Forwarder to Multiple Machines
When managing large fleets, automate deployment for consistency and speed.
1. Supported Deployment Methods
| Method | Best For | Description |
|---|---|---|
| Ansible | Most flexible | Use playbooks to automate installation/configuration. |
| Puppet / Chef / SaltStack | Enterprise fleets | Manage configuration and ensure compliance. |
| Package repository | Internal mirrors | Host .deb and .rpm internally for controlled installs. |
| Cloud-init / user data | Cloud hosts | Add installation scripts to instance initialization. |
| Custom shell script | Simple environments | Run prepackaged script to install and configure. |
2. Example: Automated Deployment with Ansible
---
- name: Install Stairwell Forwarder
hosts: linux_hosts
become: yes
vars:
stairwell_version: "2.4.5"
stairwell_env_id: "ABCDEF-ABCDEF-123ABC-ABCD1234"
stairwell_token: "ABCDEFG1234567HIJKLMNOP789012QRSTUVW345678XYZABCD901"
tasks:
- name: Download RPM
get_url:
url: "https://downloads.stairwell.com/linux/{{ stairwell_version }}/stairwell-{{ stairwell_version }}-1.el8.amd64.rpm"
dest: "/tmp/stairwell.rpm"
when: ansible_os_family == "RedHat"
- name: Install RPM
yum:
name: "/tmp/stairwell.rpm"
state: present
when: ansible_os_family == "RedHat"
- name: Download DEB
get_url:
url: "https://downloads.stairwell.com/linux/{{ stairwell_version }}/stairwell-{{ stairwell_version }}-1.amd64.deb"
dest: "/tmp/stairwell.deb"
when: ansible_os_family == "Debian"
- name: Install DEB
apt:
deb: "/tmp/stairwell.deb"
state: present
when: ansible_os_family == "Debian"
- name: Configure Stairwell
copy:
dest: /etc/stairwell/config.json
content: |
{
"logger": { "loglevel": "error" },
"asset": {
"EnvId": "{{ stairwell_env_id }}",
"Token": "{{ stairwell_token }}"
},
"interpreters": ["sh","bash","python3","go","ruby","perl","lua","Rscript"],
"ostype": "server",
"enableEvents": true
}
- name: Enable and start service
systemd:
name: stairwell.service
enabled: yes
state: started3. Example: Bash Deployment Script
#!/bin/bash
set -e
VERSION="2.4.5"
ENV_ID="YOUR_ENV_ID"
TOKEN="YOUR_TOKEN"
if [ -f /etc/debian_version ]; then
curl -LO https://downloads.stairwell.com/linux/$VERSION/stairwell-$VERSION-1.amd64.deb
sudo apt install -y ./stairwell-$VERSION-1.amd64.deb
else
curl -LO https://downloads.stairwell.com/linux/$VERSION/stairwell-$VERSION-1.el8.amd64.rpm
sudo rpm -U stairwell-$VERSION-1.el8.amd64.rpm
fi
sudo tee /etc/stairwell/config.json > /dev/null <<EOF
{
"logger": { "loglevel": "error" },
"asset": {
"EnvId": "$ENV_ID",
"Token": "$TOKEN"
},
"interpreters": ["sh","bash","python3","go","ruby","perl","lua","Rscript"],
"ostype": "server",
"enableEvents": true
}
EOF
sudo systemctl enable --now stairwell.service4. Deployment Tips
- Test first on non-critical systems
- Use idempotent tools (like Ansible)
- Stagger rollouts to reduce load
- Protect tokens via secrets management
Updated about 8 hours ago