ZotDefend Compliance

ZotDefend Compliance Instructions for End-Users (School of Physical Sciences ONLY)

ZotDefend Apple Instructions

This page contains instructions to install software to ensure an Apple computer is UCI ZotDefend compliant. School of Physical Sciences ONLY

1. Install Jamf Client (Instructions below)
https://tools.ps.uci.edu/downloads/download/enrollmentProfile.mobileconfig

After you log in with your UCInetID and password, it will automatically download a file. 

Then go to your Downloads, and click on "enrollmentProfile.mobileconfig" 

image.png




image.png

2. Double click on the profile and enroll the computer. Wait 5-10 minutes for Jamf to install the required software. You will need to leave your computer on and connected to the internet for this step.

3. Check for the Duo Desktop icon in the notification area. Once you see it, click on it to open Duo Desktop.

image.png

4. Duo Desktop will check for compliance, and will show you green check-marks for each requirement. If you do not have encryption enabled yet, reboot and you should be prompted for a password to enable encryption.

image.png

5. After a reboot if your device did not have all green checkmarks, you may see the following screens, please click "Enable Now" and enter your password if prompted. This will turn on encryption:

image.pngimage.png


ZotDefend Windows Instructions

This page contains instructions to install software to ensure a Windows computer is UCI ZotDefend compliant. School of Physical Sciences ONLY

1. Install BigFix (Instructions below)
https://tools.ps.uci.edu/downloads/download/PS-BigFix-Win.zip

image.png




image.png



image.png



image.png




image.png



image.png


image.png

image.png

image.png


image.png

    2. Wait 5-10 minutes for BigFix to install the required software. You will need to leave your computer on and connected to the internet for this step.

    3. Check for the Duo Desktop icon in the task tray area. Once you see it, click on it to open Duo Desktop.

    image.png

    4. Duo Desktop will check for compliance, and will show you green check-marks for each requirement.

    image.png

    6. If you do not see a green check box for encryption, click on the message in Duo Desktop to go to Bitlocker Settings, and turn it on. Choose "Let BitLocker automatically unlock my drive"

    image.png

    image.png

    NOTE: If you need to manually encrypt with BitLocker, choose "Save to AD account":

    image.png

    7. If any step is not green, click on it for for instructions to remediate it, and if you are unable to remediate it on your own, please send an email to pshelpdesk@uci.edu to open a help ticket.

    ZotDefend Linux Instructions

    ZotDefend Linux Installation (School of Physical Sciences ONLY)


    Trellix HX Agent 

    Trellix Installation Instructions

    The .tgz package (Linux) includes the following files:
    HX Client Software (tgz bundle)

    1. Agent .rpm files.
    2. Agent .deb files.
    3. Agent .run file ( xagtSetup_xx.x.x.run ).
    4. Agent configuration file ( agent_config.json ). It is critical that you import the configuration file following install to insure that the agent
      properly communicates with the server.

       

      image.png

       

      Example: Installing on Ubuntu OS using .deb file
      Open a Terminal session on the Linux endpoint that has the agent installation .tgz package.
username@localhost:~/Desktop/FireEyeInstallDirectory$
Use the ls command to verify that the IMAGE_HX_AGENT_LINUX_33.46.0.tgz file has been exists in the install directory.
Use the tar zxf command to unzip and extract the files from the Linux agent
Use the dpkg , medium-level package manager for Debian and the -i option to run the .deb script and install the agent software on your Linux
endpoint. You must have sudo access.
username@localhost:~/Desktop/FireEye$ sudo dpkg -i xagt- .ubuntu12_amd64.deb33.46.0
After the .deb installation script is complete, use the i option to import the agent configuration file from the /opt/fireeye/bin/xagt binary path:
username@localhost:~/Desktop/FireEyeInstallDirectory$ sudo /opt/fireeye/bin/xagt -i agent_config.json
Start the agent services on your Linux endpoint using the following command:
username@localhost:~/Desktop/ FireEyeInstallDirectory$ sudo systemctl enable --now xagt

    Nessus Tenable Agents

    Nessus Tenable Agent Installation Instructions
    1. Make sure outbound traffic from port 443 to https://nessus.oit.uci.edu is allowed through your firewall.
    2. Install the Tenable agent with your package manager from the link above.
    3. Contact pscsg@uci.edu to get the tenable key.
    4. Run nessuscli agent link --host=nessus.oit.uci.edu --port=443 --key=KEY_PROVIDED_BY_PSCSG

    Duo Desktop Downloads:

    Duo Desktop Agent Installation Instructions
    1. Download the appropriate package for your distribution from the above link.
    2. Install the package.
    3. Enable the service. Eg on systemd distributions, run
      sudo systemctl enable --now duo-desktop
    4. Check to make sure the duo-desktop service is running. Eg. on systemd distributions, run  
      sudo systemctl status duo-desktop

    5. If you get SELinux erros relating to .NET services, it's most likely Duo Desktop. Create an exception via: 
      ausearch -c '.NET TP Worker' --raw | audit2allow -M my-NETTPWorker
semodule -X 300 -i my-NETTPWorker.pp