NetApp Cloud Insights – Cloud Secureを使ってみた(導入編)

2022.05.20

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

こんにちは。たかやまです。

突然ですが、ウイルス対策していますか?

ウイルス対策ソフトを入れているから大丈夫という声が聞こえてきそうですが、そのソフトが従来型の「パターンマッチング」方式の場合、パターンを変えて進化し続ける新種のマルウェアに対応できない可能性があります。

最近でパターンではなく実際のウイルスの動きに注目する User Behavior Analysis(ユーザー⾏動分析:UBA)という検知方法が注目されています。

そこで、今回はNetAppが提供しているUBAサービス Cloud Secure を使ってみたいと思います。

UBAとは

UBAは通常状態のユーザ動作とマルウェア感染時の異常な動作を比較し検知する方法です。
機械学習で動作の異常判定をするため従来のウイルス対策ソフトでは検出できなかった内部脅威の検知も可能にします。

傾向分析 : 普段ユーザがどのような振る舞いをしているかをログ収集し分析
異常検知 : 通常時・異常時それぞれの行動を学習し、定義する
内部脅威 : マルウェアの動作だけでなく、ユーザの不正行為(大量ファイル削除/ファイル持ち出し)を検知

Cloud Secureとは

Cloud SecureはNetAppが提供する監視SaaS Cloud Insightsの機能の一部になります。
Cloud Secureがユーザ認証情報(Active Directory/LDAP)とNetApp ONTAPで行われるデータ操作情報を結びつけることでユーザーの振る舞いを監視します。

主な特徴は以下のとおりです。

  • 異常な振る舞いを検知し、管理者へ通知
  • 異常検知時、ONTAPスナップショットを取得
  • アクセス元を遮断しリアルタイムに攻撃をSTOP
  • 監査ログで攻撃元、影響範囲の特定

導入してみる

全体構成

今回の構成は以下のとおりです。

エージェントインストール

Cloud Secure Agent Installation

はじめにCloud Secure AgentをEC2にインストールします。
以下の要件にあったEC2インスタンスを用意してください。

エージェントインストール要件

機能 要件
OS ・RedHat Enterprise Linux 7.x/8.x 64ビット
・CentOS 7.x/ 8 Stream 64ビット
CPU/メモリ 4cpu/16GB
ディスクスペース /optに25-30GB
ネットワーク ・ 100Mbps〜1Gbps
・ インバウンドポート35000-55000
・アウトバウンドポート7/389/443/636/35000-55000

Agent Requirements

OSは今回CentOS 8 Streamを使用しています。
小ネタですが、以下のCLIコマンドで最新のCentos 8 StreamのAMIを確認できます。

aws ec2 describe-images \
--owners 125523088429 \
--region ap-northeast-1 \
--filters Name=name,Values="CentOS Stream 8*" Name=architecture,Values=x86_64 \
--query 'reverse(sort_by(Images, &CreationDate))[:1].ImageId' \
--output text

https://wiki.centos.org/Cloud/AWS

EC2の作成が完了したら、Cloud Secure AgentをインストールするためにCloud Insightsにログインします。
Cloud Insightsへログインするためには、Cloud Central/Cloud Insightsのアカウント登録が必要となります。

まだの方はNetApp公式Youtubeの登録方法が非常にわかりやすいのでぜひご覧ください!

アカウント登録後、NetAppの統合データ管理サイトのCloud Centralにログインします。
https://services.cloud.netapp.com/

Cloud Centralログイン後、Cloud Insightsにログインします。

Cloud Insightsログイン後、左ペインのCloud Secureを選択します。

Cloud Secureの機能が展開されたら、ADMIN -> Data Collectors -> Agents -> + Agentを選択します。

Agentをインストールするためのトークンが付与されたコマンドが発行されます。
今回はCentOS 8 Streamを利用しているのでCentOSを選択し、インストールコマンドをコピーします。
※プロキシを利用している場合は、1.のプロキシ設定を行ってください。

root権限で出力されたコマンドを実行します。
インストールコマンド内でunzipを実行するので、unzipモジュールが入っていない場合はここでインストールします。

sudo su -
yum install -y unzip
token='xxxxx' installerName=cloudsecure-linux-agent-installer-1.507.0.zip && curl -H "Authorization: Bearer $token" -o $installerName https://tn5499.cs01-ap-1.cloudinsights.netapp.com/rest/v1/agents/installers/linux/1.507.0 && unzip $installerName -d . && chmod 755 -Rf . && sudo /bin/bash -c "TOKEN=$token HTTPS_PROXY='$https_proxy' ./cloudsecure-agent-install.sh"
実行ログ(展開)
$ sudo su -
最終ログイン: 2022/05/18 (水) 05:01:43 UTC日時 pts/1

# yum install -y unzip
CentOS Stream 8 - AppStream                                                                                                                        16 MB/s |  22 MB     00:01
CentOS Stream 8 - BaseOS                                                                                                                           27 MB/s |  22 MB     00:00
CentOS Stream 8 - Extras                                                                                                                           36 kB/s |  18 kB     00:00
Dependencies resolved.
==================================================================================================================================================================================
 Package                                  Architecture                              Version                                       Repository                                 Size
==================================================================================================================================================================================
Installing:
 unzip                                    x86_64                                    6.0-46.el8                                    baseos                                    196 k

Transaction Summary
==================================================================================================================================================================================
Install  1 Package

Total download size: 196 k
Installed size: 414 k
Downloading Packages:
unzip-6.0-46.el8.x86_64.rpm                                                                                                                       1.7 MB/s | 196 kB     00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                             340 kB/s | 196 kB     00:00
warning: /var/cache/dnf/baseos-5d5072979dfa6055/packages/unzip-6.0-46.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
CentOS Stream 8 - BaseOS                                                                                                                          1.6 MB/s | 1.6 kB     00:00
Importing GPG key 0x8483C65D:
 Userid     : "CentOS (CentOS Official Signing Key) <security@centos.org>"
 Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                          1/1
  Installing       : unzip-6.0-46.el8.x86_64                                                                                                                                  1/1
  Running scriptlet: unzip-6.0-46.el8.x86_64                                                                                                                                  1/1
  Verifying        : unzip-6.0-46.el8.x86_64                                                                                                                                  1/1

Installed:
  unzip-6.0-46.el8.x86_64

Complete!
# token='xxxxx' installerName=cloudsecure-linux-agent-installer-1.507.0.zip && curl -H "Authorization: Bearer $token" -o $installerName https://tn5499.cs01-ap-1.cloudinsights.netapp.com/rest/v1/agents/installers/linux/1.507.0 && unzip $installerName -d . && chmod 755 -Rf . && sudo /bin/bash -c "TOKEN=$token HTTPS_PROXY='$https_proxy' ./cloudsecure-agent-install.sh"
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 70.4M  100 70.4M    0     0  12.2M      0  0:00:05  0:00:05 --:--:-- 14.9M
Archive:  cloudsecure-linux-agent-installer-1.507.0.zip
  inflating: ./cloudsecure-agent-upgrade.sh
  inflating: ./cloudsecure-agent-install.sh
  inflating: ./cloudsecure-agent-image.zip
Checking root user or not.
Checking for supported linux distribution.
CentOS is a supported linux distribution, proceeding with the installation.
Checking available disk space for /opt/netapp.
Checking for hostname.
Checking for existing installation
Checking for tmp directory permissions.
tmp directory permissions present, proceeding with the installation.
Setting up cssys user and group.
Creating cssys group.
Creating cssys user.
Installing NetApp CloudSecure Agent.
Unzipping the CloudSecure Agent at tmp folder.
Archive:  /root/cloudsecure-agent-image.zip
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/conf/application.ini
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.netapp.df.uba.cloudsecure-agent-1.507.0.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.scala-library-2.12.6.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-http_2.12-10.1.8.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-http-xml_2.12-10.1.8.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-http-spray-json_2.12-10.1.8.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-stream_2.12-2.5.19.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-slf4j_2.12-2.5.19.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.config-1.3.3.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.scala-logging.scala-logging_2.12-3.8.0.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.logging.log4j.log4j-api-2.17.1.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.logging.log4j.log4j-core-2.17.1.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.logging.log4j.log4j-slf4j-impl-2.17.1.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.commons.commons-lang3-3.1.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.commons.commons-exec-1.3.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.googlecode.json-simple.json-simple-1.1.1.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/io.spray.spray-json_2.12-1.3.5.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/commons-io.commons-io-2.5.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.httpcomponents.httpclient-4.5.10.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.fasterxml.jackson.module.jackson-module-scala_2.12-2.13.2.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.projectlombok.lombok-1.18.2.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-http-core_2.12-10.1.8.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.modules.scala-xml_2.12-1.1.1.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-actor_2.12-2.5.19.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-protobuf_2.12-2.5.19.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.reactivestreams.reactive-streams-1.0.2.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.ssl-config-core_2.12-0.3.6.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.slf4j.slf4j-api-1.7.25.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.scala-reflect-2.12.6.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/junit.junit-4.12.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.apache.httpcomponents.httpcore-4.4.12.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/commons-logging.commons-logging-1.2.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/commons-codec.commons-codec-1.11.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.fasterxml.jackson.core.jackson-core-2.13.2.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.fasterxml.jackson.core.jackson-annotations-2.13.2.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.fasterxml.jackson.core.jackson-databind-2.13.2.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.thoughtworks.paranamer.paranamer-2.8.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/com.typesafe.akka.akka-parsing_2.12-10.1.8.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.modules.scala-java8-compat_2.12-0.8.0.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.scala-lang.modules.scala-parser-combinators_2.12-1.1.1.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/lib/org.hamcrest.hamcrest-core-1.3.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/bin/cloudsecure-agent
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/conf/version
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/bin/cloudsecure-agent-symptom-collector.sh
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/conf/log4j2.xml
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/cloudsecure-agent-uninstall.sh
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/cloudsecure-agent-upgrade.sh
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/cloudsecure-agent.service
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/ransomware_simulator.sh
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/install/svm_event_rate_checker.sh
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/vault/VAULT.dat
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/vault/vault.jceks
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/vault/vault.passwd
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/SectigoRSADomainValidationSecureServerCA.crt
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/USERTrustRSAAddTrustCA.crt
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/cs-wildcard-prod.crt
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/cs-wildcard-qa-old.crt
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/cs-wildcard-qa.crt
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/cs-certs/cs-wildcard.crt
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/keytool
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/pack200
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/rmid
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/java
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/jfr
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/jjs
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/rmiregistry
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/jrunscript
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/jaotc
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/bin/unpack200
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/rmid.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/unpack200.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/keytool.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/java.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/rmiregistry.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/pack200.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja_JP.UTF-8/man1/jjs.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/rmid.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/unpack200.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/keytool.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/java.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/rmiregistry.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/pack200.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/man1/jjs.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/rmid.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/unpack200.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/keytool.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/java.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/rmiregistry.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/pack200.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/man/ja/man1/jjs.1
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.rmi/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.rmi/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.rmi/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jsobject/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jsobject/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jsobject/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.sasl/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.sasl/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.sasl/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.smartcardio/pcsclite.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.smartcardio/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.smartcardio/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.smartcardio/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.accessibility/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.accessibility/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.accessibility/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/pkcs11cryptotoken.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/pkcs11wrapper.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.cryptoki/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/lcms.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/colorimaging.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/jpeg.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/mesa3d.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/harfbuzz.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/xwd.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/giflib.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/libpng.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.desktop/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.auth/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.auth/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.auth/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.jfr/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.jfr/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.jfr/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/thaidict.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/cldr.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.localedata/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.ci/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.ci/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.ci/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/joni.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/double-conversion.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management.rmi/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management.rmi/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.management.rmi/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jdwp.agent/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jdwp.agent/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jdwp.agent/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.dns/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.dns/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.dns/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.compiler/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.compiler/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.compiler/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.logging/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.logging/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.logging/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.instrument/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.instrument/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.instrument/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.aot/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.aot/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.aot/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.datatransfer/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.datatransfer/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.datatransfer/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml.crypto/santuario.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml.crypto/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml.crypto/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml.crypto/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.prefs/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.prefs/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.prefs/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql.rowset/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql.rowset/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql.rowset/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.sql/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.scripting/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.scripting/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.scripting/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.dynalink/dynalink.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.dynalink/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.dynalink/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.dynalink/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/public_suffix.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/icu.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/aes.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/cldr.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/unicode.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/asm.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.base/c-libutl.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.charsets/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.charsets/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.charsets/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.naming/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.naming/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.naming/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jfr/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jfr/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.jfr/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.ed/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.ed/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.ed/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.pack/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.pack/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.pack/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.transaction.xa/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.transaction.xa/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.transaction.xa/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.agent/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.agent/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management.agent/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.jgss/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.jgss/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.security.jgss/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.jgss/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.jgss/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.security.jgss/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.zipfs/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.zipfs/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.zipfs/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.se/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.se/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.se/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.ec/ecc.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.ec/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.ec/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.crypto.ec/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.sctp/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.sctp/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.sctp/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.net/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.net/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.net/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.httpserver/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.httpserver/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.httpserver/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.le/jline.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.le/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.le/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.le/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/bcel.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/dom.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/jcup.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/xerces.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/xalan.md
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.xml/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.unsupported/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.unsupported/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.unsupported/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.rmi/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.rmi/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.rmi/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.ldap/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.ldap/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.naming.ldap/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler.management/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler.management/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.internal.vm.compiler.management/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.net.http/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.net.http/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/java.net.http/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn.shell/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn.shell/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.scripting.nashorn.shell/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.xml.dom/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.xml.dom/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.xml.dom/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management/LICENSE
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management/ASSEMBLY_EXCEPTION
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/legal/jdk.management/ADDITIONAL_LICENSE_INFO
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/management/jmxremote.access
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/management/jmxremote.password.template
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/management/management.properties
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/unlimited/default_local.policy
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/unlimited/default_US_export.policy
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/limited/default_local.policy
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/limited/default_US_export.policy
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/limited/exempt_local.policy
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/policy/README.txt
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/java.security
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/security/java.policy
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/logging.properties
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/sound.properties
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/conf/net.properties
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/server/libjsig.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/server/libjvm.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/server/Xusage.txt
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/security/cacerts
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/security/blacklisted.certs
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/security/public_suffix_list.dat
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/security/default.policy
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jfr/profile.jfc
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jfr/default.jfc
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jli/libjli.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libnio.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjdwp.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjawt.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjavajpeg.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/psfontj2d.properties
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjsig.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jexec
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libj2gss.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libmanagement_agent.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libdt_socket.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libawt.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjsound.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libmlib_image.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libverify.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/classlist
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libfontmanager.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libawt_xawt.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjimage.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjava.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libinstrument.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libj2pkcs11.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libextnet.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libawt_headless.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/modules
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libj2pcsc.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libjaas.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/liblcms.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libmanagement.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libnet.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libsplashscreen.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libzip.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libunpack.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libmanagement_ext.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jspawnhelper
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jrt-fs.jar
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libprefs.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/librmi.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/psfont.properties.ja
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/tzdb.dat
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libsctp.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/libsunec.so
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/lib/jvm.cfg
  inflating: /tmp/cloudsecure-agent/cloudsecure-agent-1.507.0/java64/release
setup cloud secure agent directory ownership
setting 700 permission to /opt/netapp/cloudsecure recursively
setting 755 permission to /var/log/netapp/
Copying service file to /usr/lib/systemd/system/cloudsecure-agent.service
Setting systemd services for cloudsecure-agent.
Taking backup of the VM default rmem values to /opt/netapp/cloudsecure/sysctl.conf.bkp
Setting default and max rmem values
Starting CloudSecure Agent services.
                      Welcome to CloudSecure (R) 1.507.0
                      Agent

                        ____    _____
                       / ___|  |  ___|
                      | |      |_|___
                      | |___    ___| |
                       \____|  |_____|
  NetApp (R)

  Installation:       /opt/netapp/cloudsecure/agent
  Installation logs:  /var/log/netapp//cloudsecure/install
  Agent Logs:         /opt/netapp/cloudsecure/agent/logs

  To uninstall:
    sudo cloudsecure-agent-uninstall.sh --help

インストールに成功すると下にNew agent detected!と表示されます。簡単!

Cloud Insightsコンソールに戻るとEC2のプライベートIPが記載されたAgentが出力されます。

Agent名はあとから変更できるので管理しやすい名前に変更することもできます。

ユーザディレクトリコレクタ設定

AgentとActive Directory/LDAPを紐付けるユーザディレクトリコレクタ設定を行います。
今回はActive Directoryを対象に設定していきたいと思います。

Active Directory

Configuring an Active Directory (AD) User Directory Collector

User Directory Collectors -> + User Directory Collectorを選択します。

Active Directoryを選択します。

連携に必要なActive Directory情報を登録していきます。
他の項目は特に指定がなければそのままで大丈夫です。

Data Collectorが追加され、問題がなければStatusがRunningになります。

データコレクター設定

Configuring the ONTAP SVM Data Collector

AgentとONTAP製品を紐付けるデータコレクタ設定を行います。
Data Collectors -> + Data Collectorを選択します。

今回はFSx for ONTAPを使用するので以下のアイコンを選択します。

FSx for ONTAPの連携に必要な情報を入力していきます。
他の項目で監視対象のボリュームの細かい選択などもできます。

トラブルシューティング

ONTAP SVM Troubleshooting

このエラーはAD連携していないSVMのプロトコル監視対象にSMB/CIFSを選択したためのエラーです。対応としてNSF対応のSVMではここのチェックをはずして登録します。

Connector is in error state. Service name: audit. Reason for failure: Failed to configure fpolicy on SVM xxx. Reason: Missing value for zapi field: events.

このエラーはAgentサーバがFSx for ONTAPからのインバウンドポートが空いていない場合に通知されます。対応としてはFSx for ONTAPのセキュリティグループをソースにポート35000-55000のインバウンドを追加しました。

Error Message: "Connector is in error state. Service.name: audit. Reason for failure: External fpolicy server terminated."

動作確認

設定が済むと、以下のようにCloud Secureでユーザの状態やユーザのアクティビティを確認することができます。

料金

Cloud Secureの利用には1MUあたり月額9ドルで利用可能です。

NetApp Cloud Insights - ハイブリッド インフラの監視、最適化(エディションと価格)

Managed Unit(MU)とは?
コンピューティング:1MU = 2つのホスト(仮想または物理)
ストレージ:1MU = 4TiBの未フォーマットの外付けストレージ(物理または仮想)、またはNetApp StorageGRID、Dell EMC ECS、Hitachi Content Platform、IBM Cleversafeの40TiBの未フォーマット ストレージ(コンピューティング用のローカル ストレージは考慮しない)
例:
ホストが100個でストレージが100TiBの場合、(100/2) + (100/4) = 75MUを購入
NetApp StorageGRIDが200TiB、それ以外のストレージが200TiBの場合、(200/40) + (200/4) = 55MUを購入

Cloud Secureは30日間の無料Traialがあるので、ぜひTraialを試して使用感を試していただければと思います。

再掲になりますが無料Traialの有効化手順はこちらの動画がおすすめです!

まとめ

ところどころネットワーク周りでトラブルシューティングしましたが、慣れさえすれば設定項目も少なくサクッと設定できると思います。

次回はCloud SecureのUBAを使って異常検出と対策を試していきたいと思います。

以上、たかやまでした。