Linux Installation (Basic Edition)
Basic Edition Features: GDPR, CCPA, and custom TOML policies. Community support.
This guide covers installing Aquilon DLP Basic Edition on Linux using DEB or RPM packages.
Prerequisites
Before installing Aquilon DLP, ensure you have:
- Supported Linux Distribution:
- Ubuntu 22.04 LTS or later
- Debian 11 or later
- CentOS Stream 9 or later
- RHEL 9 or later
- Fedora 38 or later
- osquery 5.0.1 or later
- Administrator (root) privileges
Install osquery
Ubuntu/Debian:
# Download osquery DEB package
wget https://pkg.osquery.io/deb/osquery_5.10.2-1.linux_amd64.deb
# Install osquery
sudo apt install ./osquery_5.10.2-1.linux_amd64.deb
CentOS/RHEL:
# Download osquery RPM package
wget https://pkg.osquery.io/rpm/osquery-5.10.2-1.linux.x86_64.rpm
# Install osquery
sudo dnf install ./osquery-5.10.2-1.linux.x86_64.rpm
Verify the installation:
osqueryd --version
# Expected: osqueryd version 5.10.2 (or later)
Installation
Ubuntu/Debian
Step 1: Download the Package
Download the Basic Edition DEB package from the Aquilon Security portal:
- File:
aquilon-dlp-basic_VERSION_amd64.deb
Step 2: Install
sudo apt install ./aquilon-dlp-basic_VERSION_amd64.deb
Expected output:
Reading package lists... Done
Building dependency tree... Done
[INFO] Validating osquery installation...
[INFO] osquery validation passed
[INFO] Creating application directories...
[INFO] Extension binary permissions set: /usr/lib/osquery/extensions/aquilon-dlp-basic.ext
[INFO] Added extension to /etc/osquery/extensions.load
[INFO] Installation completed successfully
Step 3: Verify Installation
# Check binary location
ls -lh /usr/lib/osquery/extensions/aquilon-dlp-basic.ext
# Expected: -rwxr-xr-x 1 root root 9.3M ... aquilon-dlp-basic.ext
# Check osquery configuration
cat /etc/osquery/extensions.load
# Expected: /usr/lib/osquery/extensions/aquilon-dlp-basic.ext
# Restart osqueryd
sudo systemctl restart osqueryd
sudo systemctl status osqueryd
# Expected: active (running)
# Verify extension loaded
osqueryi --json "SELECT * FROM aquilon_dlp_alerts LIMIT 1;"
CentOS/RHEL
Step 1: Download the Package
Download the Basic Edition RPM package from the Aquilon Security portal:
- File:
aquilon-dlp-basic-VERSION.x86_64.rpm
Step 2: Install
sudo dnf install ./aquilon-dlp-basic-VERSION.x86_64.rpm
Expected output:
Last metadata expiration check: ...
Dependencies resolved.
Installing:
aquilon-dlp-basic x86_64 VERSION @commandline 9.3 M
[INFO] Validating osquery installation...
[INFO] osquery validation passed
[INFO] Creating application directories...
[INFO] Extension binary permissions set: /usr/lib/osquery/extensions/aquilon-dlp-basic.ext
[INFO] Added extension to /etc/osquery/extensions.load
[INFO] Installation completed successfully
Step 3: Verify Installation
# Check binary location
ls -lh /usr/lib/osquery/extensions/aquilon-dlp-basic.ext
# Check osquery configuration
cat /etc/osquery/extensions.load
# Restart osqueryd
sudo systemctl restart osqueryd
sudo systemctl status osqueryd
# Verify extension loaded
osqueryi --json "SELECT * FROM aquilon_dlp_alerts LIMIT 1;"
SELinux Considerations (RHEL/CentOS)
On systems with SELinux enabled, the installation script automatically restores security contexts. If issues occur:
# Check SELinux status
getenforce
# Manually restore contexts if needed
sudo restorecon -Rv /usr/lib/osquery/extensions/
sudo restorecon -Rv /etc/aquilon/
Post-Installation
Configuration
Copy the default configuration and customize:
sudo cp /etc/aquilon/config.toml.default /etc/aquilon/config.toml
sudo nano /etc/aquilon/config.toml
Basic Edition Policies:
The Basic Edition includes these compliance policies:
- GDPR - EU General Data Protection Regulation
- CCPA - California Consumer Privacy Act
- Custom TOML Policies - Define your own detection rules
Example configuration:
watch_paths = ["/home/%%", "/var/data/%%", "/srv/%%"]
[policies]
enabled_policies = ["gdpr", "ccpa"]
See the Configuration Guide for complete options.
Verify DLP is Working
Test that Aquilon DLP is detecting files:
# Create a test file with sensitive data
echo "SSN: 223-41-6711" > /tmp/test-sensitive.txt
# Wait a moment for scanning, then query alerts
osqueryi --connect /var/osquery/osquery.sock 'SELECT * FROM aquilon_dlp_alerts;'
Upgrading
Ubuntu/Debian:
# Stop osqueryd (optional)
sudo systemctl stop osqueryd
# Install new package
sudo apt install ./aquilon-dlp-basic_NEW_VERSION_amd64.deb
# Start osqueryd
sudo systemctl start osqueryd
CentOS/RHEL:
# Stop osqueryd (optional)
sudo systemctl stop osqueryd
# Upgrade package
sudo dnf upgrade ./aquilon-dlp-basic-NEW_VERSION.x86_64.rpm
# Start osqueryd
sudo systemctl start osqueryd
Your configuration in /etc/aquilon/config.toml is preserved during upgrades.
Uninstalling
Ubuntu/Debian:
# Remove package
sudo apt remove aquilon-dlp-basic
# Clean up configuration (optional)
sudo rm -rf /etc/aquilon /var/lib/aquilon /var/log/aquilon
CentOS/RHEL:
# Remove package
sudo dnf remove aquilon-dlp-basic
# Clean up configuration (optional)
sudo rm -rf /etc/aquilon /var/lib/aquilon /var/log/aquilon
Upgrading to Enterprise Edition
Need HIPAA, PCI DSS, SOX, or ISO 27001 compliance? Upgrade to the Enterprise Edition:
- Uninstall the Basic Edition
- Install the Enterprise Edition
- Your configuration is preserved
Contact sales@aquilonsecurity.com for Enterprise Edition access.
Troubleshooting
Common Issues
“osquery not found” during installation
Install osquery before installing Aquilon DLP:
# Ubuntu/Debian
sudo apt install ./osquery_5.10.2-1.linux_amd64.deb
# CentOS/RHEL
sudo dnf install ./osquery-5.10.2-1.linux.x86_64.rpm
Extension not loading
-
Check extension is registered:
cat /etc/osquery/extensions.load -
Restart osqueryd:
sudo systemctl restart osqueryd -
Check logs:
journalctl -u osqueryd -f
Permission denied errors
Verify the extension has correct permissions:
ls -la /usr/lib/osquery/extensions/aquilon-dlp-basic.ext
# Should be: -rwxr-xr-x root root
Getting Help
- Documentation: Troubleshooting Guide
- Community Support: GitHub Issues