EIV Installation on a Live Linux System
This document explains the installation of EIV on a live system using the installer script.
Make sure to verify the linux system requirements before attempting to install EIV.
EIV Artifacts
The Linux EIV software package contains the EIV binary, libraries and configuration files required to install EIV in a Linux-based firmware. The key files are:
EIV Communication service: Responsible for communication with the Sternum Platform via a TLS encrypted communication channel.
- Requires root permissions.
EIV Security service: Responsible for deploying the cyber security runtime protection into the entire user-space.
- Requires unrestricted root permissions.
Configuration file.
List of files:
| File | Type | UID/GID | Permissions | Description |
|---|---|---|---|---|
| libsternum.so | Shared object | root | -r--r--r-- | EIV protection and monitoring |
| sternum_sec | Executable | root | -r-xr--r-- | EIV protection service |
| sternum_com | Executable | root | -r-xr--r-- | EIV communication service |
| configuration.json | Configuration file | root | -r--r--r-- | EIV configuration file |
| sternum_com.service, sternum_sec.service | Service files | root | -r--r--r-- | Systemd files for sternum_com and sternum_sec |
Installation Prerequisites
Please verify the following requirements before installing EIV on a new device:
- Verify that outgoing TLS network connections to remote port TCP:5001 are authorized.
EIV Monitoring and Protection Modes
EIV provides both protection and monitoring by default. It can also be configured to run in a monitoring-only mode, which provides reporting of detected attacks without prevention. Contact Sternum if you need to run EIV in that mode.
Install EIV
The installer script automatically installs and configure all files required by EIV.
To install EIV, run the installer:
./sternum_install.sh -f <eiv_package> <device_profile_id> <sternum_platform>
with the following parameters:
- eiv_package: The name of the EIV package to install
- device_profile_id: Each firmware release is identified by a Device Profile Identifier. New Device Profile Identifiers are obtained from the desired device profile on the Sternum Platform. See also Device Profile.
- sternum_platform: Sternum Platform's IP or server name.
The EIV package and Sternum Platform IP/server name are provided by Sternum.
Verify EIV installation
- (Re)Boot the device/firmware
- Verify that sternum_com service is running: Run:
pidof sternum_comorps | grep sternum_com- Or if using systemd, by running the systemctl status command:
systemctl status sternum_com.service
>sternum_com.service loaded active running Sternum communication service
Verify that sternum_sec is running: Run:
cat /proc/*/maps | grep sternum
and check for record(s) of libsternumConnect to your Sternum Platform account and navigate to your device profile from the Device profile View. See also Device Profile. On your device profile screen, click Show Data button on right-middle of the screen (shown in the red box below):
Then verify that some data is received from your device (you should see your device identifier in the Device Id column of the table), for example Process Exit, Execute or Fork events:
Uninstall EIV
To remove EIV, run:
sternum_install.sh -u
Then reboot your device to complete the removal of EIV.