Installing and Configuring the CxEngine Server on Linux (v9.3.0)
Starting with CxSAST 9.3.0, CxEngine supports both Windows and Linux, thus becoming a cross-platform. These pages explain how to install CxEngine under Linux, transition to Linux and establish a secure connection between CxEngine and CxManager.
Before you start installing CxEngine, refer to Preparing the System for Cross-Platform Query Support for additional information.
Starting with CxSAST 9.3.0, CxEngine is supported by the following common Linux distributions:
CentOS
RHEL (Red Hat Enterprise Linux)
Ubuntu
Amazon Linux
Some Amazon Linux images are pre-configured with a limited number of file-descriptors, which may render the EngineService unstable. In these cases, the following message is returned: No file descriptors available
Required Prerequisites for Installing CxEngine
Linux host, equipped with either an x64 or arm64 processor.
Linux Docker engine, available from https://docs.docker.com/engine/install/
For Amazon Linux images: Increased limit of file descriptors as explained below.
Package Content
The CxEngine package for Linux contains the following files:
cx-engine-server.tar (CxEngine image)
readme.md
run.sh
server.env
The package is provided with the following directory structure:
Installation and Configuration
These instructions assume that the prerequisites are in place and you downloaded the installation package.
Installing CxEngine
Create a new directory.
Copy the three installation files into the new directory:
cx-engine-server.tar
server.env
run.sh
3. Retrieve the ActiveMQ (AMQ) Password and the URL. The AMQ is usually deployed as part of the CxManager component.
1. To retrieve the AMQ password, connect to the CxSAST database, and execute the following SQL query:
SELECT TOP (1000) [Id],
[Key],
[Value],
[Description]
FROM [CxDB].[dbo].[CxComponentConfiguration]
WHERE [Key] = 'MessageQueuePassword'
2. To retrieve the AMQ URL, connect to the CxSAST database and execute the following SQL query:
SELECT TOP (1000) [Id],
[Key],
[Value],
[Description]
FROM [CxDB].[dbo].[CxComponentConfiguration]
WHERE [Key] = 'ActiveMessageQueueURL'
4. Open server.env and update the following environment variables with the required data as follows:
ES_MESSAGE_QUEUE_PASSWORD={retrieve from database}
ES_MESSAGE_QUEUE_URL=tcp://{client host address as explained below}:{port}
CX_ES_ACCESS_CONTROL_URL=http://{client host address}/CxRestAPI/auth
CX_ES_END_POINT={cx-engine-server host address - example - http://x.x.x.x:8088}
If a proxy is used, add the following proxy environment variables:
HTTP_PROXY=http://<ip>:<port>
HTTPS_PROXY=https://<ip>:<port>
5. Enter “. ./run.sh” to install CxEngine. The image (cx-engine-server.tar) is extracted and loaded. The container is established.
run.sh uses port 8088 by default, which must be entered in the server.env variables as relevant. To use a different port, follow the instructions below and use that new port where entering the port is required.
Changing the Port for the Command run.sh
It is recommended to use the default port (port 8088). If you have to use a different port, for example port 8090, change the port as follows:
Run the “docker run” command 0.0.0.0:{exposed port}:8090
Save the new setting.
Verifying that the Server with CxEngine is Running
The syntax below assumes that you use the default port (port 8088).
Run the “docker ps” command. The following is returned, if the container is running:
1
* IMAGE: cx-engine-server
2
* PORTS: 0.0.0.0:8088->8088/tcp
Run the command "docker logs -f {container ID}”. The following is returned if the server is running.
1
* Now listening on: <http://[::]:8088> |Application started
Connecting the CxEngine to the Application
In the web portal, go to Settings > Application Settings > Engine Management and connect to the new engine as explained under Engine Management.