Skip to main content
Skip table of contents

Linux Agent Security Flagging

Overview

The Cloudamize Linux Agent gathers high-fidelity performance metrics and network connection data. Because the agent executes automated collection scripts and monitors active network sockets, security tools (such as CrowdStrike Falcon, SentinelOne, or Carbon Black) or built-in kernel security modules (like SELinux) may flag or kill the process.

Visible Symptoms

  • The installation script completes, but the cloudamized service fails to start.

  • The agent is listed as "Inactive" in the Cloudamize Portal.

  • Log files at /usr/local/cloudamize/log/ show "Permission Denied" or sudden execution breaks.

  • System logs (/var/log/messages or journalctl) show the CCAgent process being terminated by an external signal.

Required Exclusions (Whitelisting)

To ensure the agent functions correctly, the following paths and binaries must be excluded from active scanning and behavioral blocking:

  • Primary Directory: /usr/local/cloudamize/

  • Agent Binaries: * /usr/local/cloudamize/bin/CCAgent

    • /usr/local/cloudamize/bin/CCWatchdog

  • Support Scripts:

    • /usr/local/cloudamize/bin/check_cloudamized.sh

  • Network Utility: * The agent may use the local curl or wget binary for data transmission.

Troubleshooting Steps

Step 1: Check SELinux Status

SELinux is a common cause for the agent being unable to bind to sockets or read system files.

  1. Check for denials: ```bash
    ausearch -m avc -ts recent

  2. Temporary Test: Set SELinux to permissive mode to see if the agent starts:

    CODE 
    setenforce 0
systemctl restart cloudamized

  3. Permanent Fix: If the agent works in permissive mode, you must create a custom SELinux policy module to allow Cloudamize operations or keep the directory labeled correctly.

Step 2: Verify EDR Interference

If you use an EDR like CrowdStrike, check the management console for "Sensor Visibility" alerts.

  • Ensure the /usr/local/cloudamize/ path is added to the Global Exclusion List.

Step 3: Network Security (Egress)

If the process is running but data isn't reaching the portal, your security tool may be blocking the outbound connection.

  • Test Port 443 Connectivity:

    CODE 
    curl -v https://am.cloudamize.com/cxf/test

    (Use am-de.cloudamize.com if you are on the EU infrastructure).

Step 4: Script Execution Permissions

The agent relies on shell scripts for health checks. Ensure the filesystem containing /usr/local/ is not mounted with the noexec flag.

  • Check mount options: mount | grep /usr/local

Note: If security policies strictly prohibit agent installation, please contact your Cloudamize representative to discuss alternative data collection methods.

If you have applied these exclusions and the Linux Agent still fails to report data, our support team can help review your logs. Please email the support team at helpdesk@cloudamize.com.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close