Linux Installation (Enterprise Edition)
Enterprise Edition Features: All compliance policies (HIPAA, PCI DSS, SOX, ISO 27001, GDPR, CCPA), unlimited servers, enterprise SLA support.
This guide covers installing Aquilon DLP Enterprise Edition on Linux using DEB or RPM packages.
Prerequisites
Before installing Aquilon DLP, ensure you have:
- Supported Linux Distribution:
- Ubuntu 22.04 LTS or later
- Debian 11 or later
- CentOS Stream 9 or later
- RHEL 9 or later
- Fedora 38 or later
- osquery 5.0.1 or later
- Administrator (root) privileges
Install osquery
Ubuntu/Debian:
# Download osquery DEB package
wget https://pkg.osquery.io/deb/osquery_5.10.2-1.linux_amd64.deb
# Install osquery
sudo apt install ./osquery_5.10.2-1.linux_amd64.deb
CentOS/RHEL:
# Download osquery RPM package
wget https://pkg.osquery.io/rpm/osquery-5.10.2-1.linux.x86_64.rpm
# Install osquery
sudo dnf install ./osquery-5.10.2-1.linux.x86_64.rpm
Verify the installation:
osqueryd --version
# Expected: osqueryd version 5.10.2 (or later)
Installation
Ubuntu/Debian
Step 1: Download the Package
Download the Enterprise Edition DEB package from the Aquilon Security portal:
- File:
aquilon-dlp-enterprise_VERSION_amd64.deb
Step 2: Install
sudo apt install ./aquilon-dlp-enterprise_VERSION_amd64.deb
Expected output:
Reading package lists... Done
Building dependency tree... Done
[INFO] Validating osquery installation...
[INFO] osquery validation passed
[INFO] Creating application directories...
[INFO] Extension binary permissions set: /usr/lib/osquery/extensions/aquilon-dlp-enterprise.ext
[INFO] Added extension to /etc/osquery/extensions.load
[INFO] Installation completed successfully
Step 3: Verify Installation
# Check binary location
ls -lh /usr/lib/osquery/extensions/aquilon-dlp-enterprise.ext
# Expected: -rwxr-xr-x 1 root root 9.3M ... aquilon-dlp-enterprise.ext
# Check osquery configuration
cat /etc/osquery/extensions.load
# Expected: /usr/lib/osquery/extensions/aquilon-dlp-enterprise.ext
# Restart osqueryd
sudo systemctl restart osqueryd
sudo systemctl status osqueryd
# Expected: active (running)
# Verify extension loaded
osqueryi --json "SELECT * FROM aquilon_dlp_alerts LIMIT 1;"
CentOS/RHEL
Step 1: Download the Package
Download the Enterprise Edition RPM package from the Aquilon Security portal:
- File:
aquilon-dlp-enterprise-VERSION.x86_64.rpm
Step 2: Install
sudo dnf install ./aquilon-dlp-enterprise-VERSION.x86_64.rpm
Expected output:
Last metadata expiration check: ...
Dependencies resolved.
Installing:
aquilon-dlp-enterprise x86_64 VERSION @commandline 9.3 M
[INFO] Validating osquery installation...
[INFO] osquery validation passed
[INFO] Creating application directories...
[INFO] Extension binary permissions set: /usr/lib/osquery/extensions/aquilon-dlp-enterprise.ext
[INFO] Added extension to /etc/osquery/extensions.load
[INFO] Installation completed successfully
Step 3: Verify Installation
# Check binary location
ls -lh /usr/lib/osquery/extensions/aquilon-dlp-enterprise.ext
# Check osquery configuration
cat /etc/osquery/extensions.load
# Restart osqueryd
sudo systemctl restart osqueryd
sudo systemctl status osqueryd
# Verify extension loaded
osqueryi --json "SELECT * FROM aquilon_dlp_alerts LIMIT 1;"
SELinux Considerations (RHEL/CentOS)
On systems with SELinux enabled, the installation script automatically restores security contexts. If issues occur:
# Check SELinux status
getenforce
# Verify extension details
ls -Z /usr/lib/osquery/extensions/aquilon-dlp-enterprise.ext
# Manually restore contexts if needed
sudo restorecon -Rv /usr/lib/osquery/extensions/
sudo restorecon -Rv /etc/aquilon/
Post-Installation
Configuration
Copy the default configuration and customize:
sudo cp /etc/aquilon/config.toml.default /etc/aquilon/config.toml
sudo nano /etc/aquilon/config.toml
Enterprise Edition Policies:
The Enterprise Edition includes all compliance policies:
- GDPR - EU General Data Protection Regulation
- CCPA - California Consumer Privacy Act
- HIPAA - Health Insurance Portability and Accountability Act
- PCI DSS - Payment Card Industry Data Security Standard
- SOX - Sarbanes-Oxley Act
- ISO 27001 - Information Security Management
- Custom TOML Policies - Define your own detection rules
Example configuration for healthcare organization:
watch_paths = ["/home/%%", "/var/data/%%", "/srv/%%", "/mnt/medical-records/%%"]
[policies]
enabled_policies = ["hipaa", "gdpr", "pci_dss"]
[policies.policy_configs.hipaa]
enabled = true
settings = { confidence_threshold = "0.8" }
Example configuration for financial services:
watch_paths = ["/home/%%", "/var/data/%%", "/srv/transactions/%%"]
[policies]
enabled_policies = ["pci_dss", "sox", "gdpr", "ccpa"]
[policies.policy_configs.pci_dss]
enabled = true
settings = { alert_on_test_data = "false" }
See the Configuration Guide for complete options and the Compliance Documentation for policy context.
Verify DLP is Working
Test that Aquilon DLP is detecting files:
# Create a test file with sensitive data
echo "SSN: 223-41-6729" > /tmp/test-sensitive.txt
# Wait a moment for scanning, then query alerts
osqueryi --connect /var/osquery/osquery.sock 'SELECT * FROM aquilon_dlp_alerts;'
Enterprise Features
Unlimited Server Deployment
The Enterprise Edition supports unlimited servers. For large-scale deployments:
- Use configuration management (Ansible, Puppet, Chef) for consistent deployment
- Consider centralized logging aggregation
- Use osquery fleet management tools like Fleet or Kolide
Enterprise Support
Enterprise customers receive:
- Priority support with SLA guarantees
- Direct access to engineering team
- Custom policy development assistance
- Deployment and integration consulting
Contact your account representative for support.
Upgrading
Ubuntu/Debian:
# Stop osqueryd (optional)
sudo systemctl stop osqueryd
# Install new package
sudo apt install ./aquilon-dlp-enterprise_NEW_VERSION_amd64.deb
# Start osqueryd
sudo systemctl start osqueryd
CentOS/RHEL:
# Stop osqueryd (optional)
sudo systemctl stop osqueryd
# Upgrade package
sudo dnf upgrade ./aquilon-dlp-enterprise-NEW_VERSION.x86_64.rpm
# Start osqueryd
sudo systemctl start osqueryd
Your configuration in /etc/aquilon/config.toml is preserved during upgrades. The RPM package uses %config(noreplace) to ensure this.
Uninstalling
Ubuntu/Debian:
# Remove package
sudo apt remove aquilon-dlp-enterprise
# Clean up configuration (optional)
sudo rm -rf /etc/aquilon /var/lib/aquilon /var/log/aquilon
CentOS/RHEL:
# Remove package
sudo dnf remove aquilon-dlp-enterprise
# Clean up configuration (optional)
sudo rm -rf /etc/aquilon /var/lib/aquilon /var/log/aquilon
Troubleshooting
Common Issues
“osquery not found” during installation
Install osquery before installing Aquilon DLP:
# Ubuntu/Debian
sudo apt install ./osquery_5.10.2-1.linux_amd64.deb
# CentOS/RHEL
sudo dnf install ./osquery-5.10.2-1.linux.x86_64.rpm
Extension not loading
-
Check extension is registered:
cat /etc/osquery/extensions.load -
Restart osqueryd:
sudo systemctl restart osqueryd -
Check logs:
journalctl -u osqueryd -f
SELinux blocking access
On RHEL/CentOS with SELinux enforcing:
# Check for denials
sudo ausearch -m avc -ts recent
# Restore contexts
sudo restorecon -Rv /usr/lib/osquery/extensions/
sudo restorecon -Rv /etc/aquilon/
Permission denied errors
Verify the extension has correct permissions:
ls -la /usr/lib/osquery/extensions/aquilon-dlp-enterprise.ext
# Should be: -rwxr-xr-x root root
Getting Help
- Documentation: Troubleshooting Guide
- Enterprise Support: Contact your account representative
- GitHub Issues: github.com/aquilonsecurity/aquilon-dlp/issues