Linux Node

Once a Connection Manager has been set up, you can add nodes for Agentless scanning and monitoring. Cloudhouse Guardian (Guardian) supports multiple types of Linux nodes. For example, you can add Debian nodes, Ubuntu nodes, CentOS nodes, and more. The following topic describes how to add a Linux node to your instance for monitoring.

Note: For information on using the Linux Agent to add nodes, see Linux Agent.

Add a Linux Node

Adding a Linux node to your Guardian instance lets you monitor and track the configuration of a Linux system.

Warning: The following process assumes that you already have a Linux Connection Manager configured within your Guardian instance. For more information, see Linux Connection Manager.

To add a Linux node for Agentless scanning, complete the following steps:

  1. In the Guardian web application, navigate to the Add Nodes tab (Inventory > Add Nodes). The Add Nodes page is displayed.

  2. Type 'Linux' in the search bar.

  3. Select the 'Linux' node type you want to add and click the Go Agentless button to proceed. The Connect Agentlessly to [Node Type] page is displayed.

  4. Here, complete the following options:

    Option

    Description
    Connection Manager group drop-down list The Connection Manager group that is responsible for scanning your Linux node. Select a Connection Manager group from the drop-down list.
    Node Name field

    The name of the node. The value you enter here will be used as the display name in Guardian.
    Hostname / IP Address field

    The hostname or IP address of your node.

    Note: Typically, this is the fully qualified domain name (FQDN). However, it could also be the IP address.
    SSH Port (Optional) field

    The Secure Shell (SSH) port number that the Linux Connection Manager uses to communicate with the target nodes for scanning. If no value is provided, Guardian will default to port 22.

    Note: If you enter a port number that is different to the default (port 22), make sure that it matches the port number that the administrator of the target node is using to run their SSH server.
    Select credential type radio buttons

    The credentials to be used when authenticating Guardian's access to the node. The following options are available:

    • SSH Key – Option to use an SSH key to authenticate Guardian's access to the node. Enter the Username, then copy the displayed command and run it on the node to create the necessary files. For more information, see Key-Based Authentication.

    • Password – Option to use a stored credential. Select an option from the Credentials drop-down list. Additionally, you can select 'Add New Credential' to display the Create Credential dialog if you anticipate using these same credentials for other nodes or integrations. For more information, see Create Credential.

      Note: This option is only available if you have the Credentials feature enabled. If you don't, you'll be prompted to enter a Username and Password for authentication.

    • Microsoft Entra ID – Option to use the Azure CLI service principle credentials that are configured to use SSH. Enter the following information:

      • Username field – The username of the service principal configured to use SSH.

      • Azure CLI service principal password field – The password of the service principal configured to use SSH.

      • Azure CLI service principal tenant field – The tenant ID of the service principal configured to use SSH.

      • Azure CLI login command (Optional) field – The az login command for Azure CLI.

        Note: This option is only available if you have the Microsoft Entra ID feature enabled.

    • Service Account – Option to use the same credentials currently being used by the selected Connection Manager. No further input is needed.

  5. Once you've completed the above options click Scan Node to add the Linux node to your Guardian instance.

Now, Guardian performs an initial scan of the node. You can wait on this page for the scan to finish, at which point you will see a View Scan button. To view the results of this initial scan, click View Scan. However, you can also navigate elsewhere while Guardian performs its initial scan of the node. You can then view the status of the scan on the Job History page (Inventory > Job History). For more information on what to do next after adding a node, see below.

Next Steps

Once you've added nodes to Guardian, there are a few next steps you can take to get the most out of Guardian and the data it collects. Refer to the topics below for more information on where to go from here.

  • Node Scan Results – View and filter the data collected by Guardian every time a node is scanned.

  • Node Groups – Group nodes together based on similar properties like node type, location, and more.

  • Scan Options – Customize what is scanned on a given node during a node scan.

  • Configuration Differencing – View differences between two nodes, a group of nodes, two scans of the same node, and more.

  • Policies – Define expected configuration states and apply them to nodes or node groups.

  • Integrations – Bring together different systems, applications, or components to work as a unified view and perform different tasks.