Installing and Configuring the CxEngine Server on Linux (v9.3.0)

Starting with CxSAST 9.3.0, CxEngine supports both Windows and Linux, thus becoming a cross-platform. These pages explain how to install CxEngine under Linux, transition to Linux and establish a secure connection between CxEngine and CxManager.

Before you start installing CxEngine, refer to Preparing the System for Cross-Platform Query Support for additional information.

Starting with CxSAST 9.3.0, CxEngine is supported by the following common Linux distributions:

  • CentOS

  • RHEL (Red Hat Enterprise Linux)

  • Ubuntu

  • Amazon Linux

Some Amazon Linux images are pre-configured with a limited number of file-descriptors, which may render the EngineService unstable. In these cases, the following message is returned: No file descriptors available

Required Prerequisites for Installing CxEngine

  • Linux host, equipped with either an x64 or arm64 processor.

  • Linux Docker engine, available from https://docs.docker.com/engine/install/

  • For Amazon Linux images: Increased limit of file descriptors as explained below.

In the console, enter the following:

  1. Run: ulimit
    Verify that there is no limit to max number of files

  2. Run: ps ~A
    Find the process number of dotnet (proc#)

  3. Run: cat /proc/proc#/limits
    Check the Max open files (soft/hard) - it should be 4096/65535 at least

  4. If the current limit is below the expected values, edit /etc/security/limits.conf,
    Add these lines:
    1 * soft nofile 4096
    2 * hard nofile 65535

  5. Restart the machine for the changes to take effect

  6. Repeat steps 1-3 and verify the limits have changed.
    If the problem persists - edit run.sh
    Add this parameter to the docker run command:
    --ulimit nofile=4096:65535
    1 docker run --ulimit nofile=4096:65535

Package Content

The CxEngine package for Linux contains the following files:

  • cx-engine-server.tar (CxEngine image)

  • readme.md

  • run.sh

  • server.env

The package is provided with the following directory structure:

Installation and Configuration

These instructions assume that the prerequisites are in place and you downloaded the installation package.

Installing CxEngine

  1. Create a new directory.

  2. Copy the three installation files into the new directory:
    cx-engine-server.tar
    server.env
    run.sh

3. Retrieve the ActiveMQ (AMQ) Password and the URL. The AMQ is usually deployed as part of the CxManager component.

1. To retrieve the AMQ password, connect to the CxSAST database, and execute the following SQL query:

SELECT TOP (1000) [Id],

[Key],
[Value],
[Description]

FROM [CxDB].[dbo].[CxComponentConfiguration]
WHERE [Key] = 'MessageQueuePassword'

2. To retrieve the AMQ URL, connect to the CxSAST database and execute the following SQL query:

SELECT TOP (1000) [Id],

[Key],
[Value],
[Description]

FROM [CxDB].[dbo].[CxComponentConfiguration]
WHERE [Key] = 'ActiveMessageQueueURL'

4. Open server.env and update the following environment variables with the required data as follows:
ES_MESSAGE_QUEUE_PASSWORD={retrieve from database}
ES_MESSAGE_QUEUE_URL=tcp://{client host address as explained below}:{port}
CX_ES_ACCESS_CONTROL_URL=http://{client host address}/CxRestAPI/auth
CX_ES_END_POINT={cx-server host address - example - http://x.x.x.x:8088}

If a proxy is used, add the following proxy environment variables:
HTTP_PROXY=http://<ip>:<port>
HTTPS_PROXY=https://<ip>:<port>

5. Enter “. ./run.sh” to install CxEngine. The image (cx-engine-server.tar) is extracted and loaded. The container is established.

run.sh uses port 8088 by default, which must be entered in the server.env variables as relevant. To use a different port, follow the instructions below and use that new port where entering the port is required.

Unlike Windows services, the CxSAST Linux container does not restart automatically by default.
To configure the CxSAST Linux Engine containers to restart automatically, open run.sh with your text editor and, in the “docker_run_args=” section, add or uncomment “- - restart=always” (as needed).

Changing the Port for the Command run.sh

It is recommended to use the default port (port 8088). If you have to use a different port, for example port 8090, change the port as follows:

  1. Run the “docker run” command 0.0.0.0:{exposed port}:8090

  2. Save the new setting.

Verifying that the Server with CxEngine is Running

The syntax below assumes that you use the default port (port 8088).

  1. Run the “docker ps” command. The following is returned, if the container is running:
    1 * IMAGE: cx-engine-server
    2 * PORTS: 0.0.0.0:8088->8088/tcp

  2. Run the command "docker logs -f {container ID}”. The following is returned if the server is running.
    1 * Now listening on: <http://[::]:8088> |Application started

Connecting the CxEngine to the Application

  • In the web portal, go to Settings > Application Settings > Engine Management and connect to the new engine as explained under Engine Management.