Install (Script)
š§ Prerequisites
Before installing, ensure you have:
- Stairwell Environment ID
- Stairwell Forwarder Authentication Token - How to generate the token
- auditd daemon installed and enabled
š Note: Backscan
The initial scan (the backscan) performs a full physical disk scan and can be resource-intensive for a short period.
We recommend:
- Identify a non-critical system for the initial scan that can tolerate high resource utilization without impacting business operations.
- The machine will return to normal after scan has complete
- Do not install on critical assets early in deployment.
- Subsequent installations will be less intensive because the forwarder will only grab new/changed files
š Deploying the Linux Forwarder to Multiple Machines
When managing large fleets, automate deployment for consistency and speed.
1. Supported Deployment Methods
| Method | Best For | Description |
|---|---|---|
| Ansible | Most flexible | Use playbooks to automate installation/configuration. |
| Puppet / Chef / SaltStack | Enterprise fleets | Manage configuration and ensure compliance. |
| Package repository | Internal mirrors | Host .deb and .rpm internally for controlled installs. |
| Cloud-init / user data | Cloud hosts | Add installation scripts to instance initialization. |
| Custom shell script | Simple environments | Run prepackaged script to install and configure. |
2. Example: Automated Deployment with Ansible
---
- name: Install Stairwell Forwarder
hosts: linux_hosts
become: yes
vars:
stairwell_version: "2.4.5"
stairwell_env_id: "ABCDEF-ABCDEF-123ABC-ABCD1234"
stairwell_token: "ABCDEFG1234567HIJKLMNOP789012QRSTUVW345678XYZABCD901"
tasks:
- name: Download RPM
get_url:
url: "https://downloads.stairwell.com/linux/{{ stairwell_version }}/stairwell-{{ stairwell_version }}-1.el8.amd64.rpm"
dest: "/tmp/stairwell.rpm"
when: ansible_os_family == "RedHat"
- name: Install RPM
yum:
name: "/tmp/stairwell.rpm"
state: present
when: ansible_os_family == "RedHat"
- name: Download DEB
get_url:
url: "https://downloads.stairwell.com/linux/{{ stairwell_version }}/stairwell-{{ stairwell_version }}-1.amd64.deb"
dest: "/tmp/stairwell.deb"
when: ansible_os_family == "Debian"
- name: Install DEB
apt:
deb: "/tmp/stairwell.deb"
state: present
when: ansible_os_family == "Debian"
- name: Configure Stairwell
copy:
dest: /etc/stairwell/config.json
content: |
{
"logger": { "loglevel": "error" },
"asset": {
"EnvId": "{{ stairwell_env_id }}",
"Token": "{{ stairwell_token }}"
},
"interpreters": ["sh","bash","python3","go","ruby","perl","lua","Rscript"],
"ostype": "server",
"enableEvents": true
}
- name: Enable and start service
systemd:
name: stairwell.service
enabled: yes
state: started3. Example: Bash Deployment Script
#!/bin/bash
set -e
VERSION="2.4.5"
ENV_ID="YOUR_ENV_ID"
TOKEN="YOUR_TOKEN"
if [ -f /etc/debian_version ]; then
curl -LO https://downloads.stairwell.com/linux/$VERSION/stairwell-$VERSION-1.amd64.deb
sudo apt install -y ./stairwell-$VERSION-1.amd64.deb
else
curl -LO https://downloads.stairwell.com/linux/$VERSION/stairwell-$VERSION-1.el8.amd64.rpm
sudo rpm -U stairwell-$VERSION-1.el8.amd64.rpm
fi
sudo tee /etc/stairwell/config.json > /dev/null <<EOF
{
"logger": { "loglevel": "error" },
"asset": {
"EnvId": "$ENV_ID",
"Token": "$TOKEN"
},
"interpreters": ["sh","bash","python3","go","ruby","perl","lua","Rscript"],
"ostype": "server",
"enableEvents": true
}
EOF
sudo systemctl enable --now stairwell.service4. Deployment Tips
- Test first on non-critical systems
- Use idempotent tools (like Ansible)
- Stagger rollouts to reduce load
- Protect tokens via secrets management
Updated 9 days ago