Intent of this process:
You want to install the ThreatLocker agent on a Linux server that lacks direct outside Internet access; however, you do have access to proxy.med.ad.fsu.edu this is very typical on servers in the 10.0.0.0/8 IP address range.
However, there is a catch to this: while the ThreatLocker "stub" install script has a command-line switch to specify a proxy server, the script accomplishes this with export http_proxy, which sets a proxy server for 100% of network connections. The install script also reaches out to our RHN satellite (rhn01.its.fsu.edu), which is not on our proxy server's allow list, creating a catch-22. We are going to modify the install script to specify that the proxy will not be used for the RHN.
What you will need before starting this process:
- Your target Linux server, lacking the outbound Internet access to install ThreatLocker. This can be proven when the install script fails in this manner:
[mhohmeister@fsucom265 ~]$ sudo ./ThreatlockerStub_e0674d6caf25187ed646e60b_H --proxy-setting http://proxy.med.ad.fsu.edu:3128
[sudo] password for mhohmeister:
ThreatlockerStub version: 2.2.0-1252
Using proxy: http://proxy.med.ad.fsu.edu:3128
Downloading installers 3.0 version...
Download finished
Installing modules /tmp/threatlocker/packages/threatlocker_3.0.0-1328_modules.rpm
Errors during downloading metadata for repository 'Medicine_EPEL_8Server_x86_64':
- Curl error (56): Failure when receiving data from the peer for https://rhn01.its.fsu.edu/pulp/content/Medicine/Library/custom/EPEL/8Server_x86_64/repodata/repomd.xml [Received HTTP code 403 from proxy after CONNECT]
Error: Failed to download metadata for repo 'Medicine_EPEL_8Server_x86_64': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Success for this process is measured by:
- Ultimately, your ThreatLocker installer will be successful, indicated by an installer running like this:
[fsucomadmin@medbfs-t4a-804 ~]$ sudo ./ThreatlockerStub_e0674d6caf25187ed646e60b_H --proxy-setting http://proxy.med.ad.fsu.edu:3128
[sudo] password for fsucomadmin:
ThreatlockerStub version: 2.2.0-1252
Using proxy: http://proxy.med.ad.fsu.edu:3128
Downloading installers 3.0 version...
Download finished
Installing modules /tmp/threatlocker/packages/threatlocker_3.0.0-1328_modules.rpm
Installing agent /tmp/threatlocker/packages/3.0.0-1328_rhel_9.x86_64.rpm
Installation finished
Server response: 0 Success
Server response: 0 Success
Server response: 0 5e66827a-5073-4888-9117-bcfce8c65806
The Process:
- Open the installer script with your favorite text editor:
nano ThreatlockerStub_e0674d6caf25187ed646e60b_H
- Use Ctrl+W to search for the phrase
export http_proxy; you'll get to the following section of code:
export http_proxy=$proxy
export https_proxy=$proxy
export HTTP_PROXY=$proxy
export HTTPS_PROXY=$proxy
- Add the following two lines immediately after these four lines:
export no_proxy="rhn01.its.fsu.edu"
export NO_PROXY="rhn01.its.fsu.edu"
- Use Ctrl+X to exit nano and save your changes.
- Run the install script as you normally would:
sudo ./ThreatlockerStub_e0674d6caf25187ed646e60b_H --proxy-setting http://proxy.med.ad.fsu.edu:3128
Frequently Asked Questions:
Why not just allow the proxy server to access rhn01.its.fsu.edu?
Our goal is to minimize the use of the proxy server to when strictly necessary; in this case, there's an easy workaround, thanks to ThreatLocker's install script leveraging Linux's built-in proxy capability.
Despite a server lacking outbound Internet access (even if it's in 10.0.0.0/8), rhn01.its.fsu.edu will successfully resolve to its (current) IP address of 128.186.172.164.
What about Linux distributions that are not RHEL?
If you're using a Linux distribution other than RHEL and the ThreatLocker installer fails due to the off-campus repo server, you will have to file a changelist and make a change to the proxy server ( Squid proxy server - Setup information). When your installer fails as shown above, you'll see the DNS names you'll have to allow on the proxy server. In the below example, we'd have to allow rhn01.its.fsu.edu.
- Curl error (56): Failure when receiving data from the peer for https://rhn01.its.fsu.edu/pulp/content/Medicine/Library/custom/EPEL/8Server_x86_64/repodata/repomd.xml [Received HTTP code 403 from proxy after CONNECT]