diff --git a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md index e88d02aedc..e3ab31e9c3 100644 --- a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md +++ b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md @@ -123,7 +123,7 @@ A cookbook can be created through any of the following methods: ``` > [!NOTE] -> The installer script also supports other parameters such as channel, realtime protection, version, etc. To select from the list of available options, check help through the following command: +> The installer script also supports other parameters such as channel, realtime protection, version, custom path installation etc. To select from the list of available options, check help through the following command: >```./mde_installer.sh --help``` ### Create a cookbook by manually configuring repositories diff --git a/defender-endpoint/linux-install-manually.md b/defender-endpoint/linux-install-manually.md index d77f2d5175..b21f6b0356 100644 --- a/defender-endpoint/linux-install-manually.md +++ b/defender-endpoint/linux-install-manually.md @@ -42,6 +42,7 @@ A successful deployment requires the completion of all of the following tasks: - [SLES and variants](#sles-and-variants-1) - [Ubuntu and Debian systems](#ubuntu-and-debian-systems) - [Mariner](#mariner) +- [Pre Install Setup for Custom Path Installation](#pre-install-setup-for-custom-path-installation) - [Application installation](#application-installation) - [RHEL and variants (CentOS, Fedora, Oracle Linux, Amazon Linux 2, Rocky, and Alma)](#rhel-and-variants-centos-fedora-oracle-linux-amazon-linux-2-rocky-and-alma) - [SLES and variants](#sles-and-variants) @@ -257,6 +258,50 @@ In order to preview new features and provide early feedback, it's recommended th sudo dnf config-manager --enable mariner-official-extras-preview ``` +## Pre Install Setup for Custom Path Installation + +These steps are applicable only if Defender is to be installed in a custom location. + +The custom installation path is denoted here as + +> [!NOTE] +> Only absolute custom installation path is supported + +1. Create the required directories for setup + ```bash + sudo mkdir -p + sudo mkdir -p /etc/opt/microsoft/mdatp + ``` + +2. Create the config json file `/etc/opt/microsoft/mdatp/mde_path.json`, specifying the custom installation path, in the mde config directory + + File Content: + ``` + {"path":""} + ``` + + For example, if the custom installation path is to be set as `/custom/microsoft_mdatp`, `/etc/opt/microsoft/mdatp/mde_path.json` will be created with the following content: + ``` + {"path":"/custom/microsoft_mdatp"} + ``` +3. Set required permissions + ``` + chmod 755 + chmod 644 /etc/opt/microsoft/mdatp + ``` + +4. Create a symlink to the installation location + ``` + mkdir -p /opt/microsoft + mkdir -p /opt/microsoft/mdatp + ln -sf /opt/microsoft/mdatp /opt/microsoft/mdatp + ``` + > [!NOTE] + > + > If you choose to skip creation of symlink, you can rely on the installer package to create the symlink for you, provided you have - + > 1. 1GB space in /opt or + > 2. You have managed the disk space check issue at your end + ## Application installation Use the commands in the following sections to install Defender for Endpoint on your Linux distribution. diff --git a/defender-endpoint/linux-install-with-ansible.md b/defender-endpoint/linux-install-with-ansible.md index 290419e0e8..ca1f220117 100644 --- a/defender-endpoint/linux-install-with-ansible.md +++ b/defender-endpoint/linux-install-with-ansible.md @@ -149,7 +149,7 @@ Create installation YAML file. You can also download the file directly from [Git ``` > [!NOTE] -> The installer script also supports other parameters such as channel, realtime protection, version, etc. To select from the list of available options, check help through the following command: `./mde_installer.sh --help` +> The installer script also supports other parameters such as channel, realtime protection, version, custom path installation etc. To select from the list of available options, check help through the following command: `./mde_installer.sh --help` ### Apply the playbook diff --git a/defender-endpoint/linux-install-with-puppet.md b/defender-endpoint/linux-install-with-puppet.md index d9ffe33be1..16efdfa432 100644 --- a/defender-endpoint/linux-install-with-puppet.md +++ b/defender-endpoint/linux-install-with-puppet.md @@ -154,7 +154,7 @@ There are two ways to create a manifest file: } ``` > [!NOTE] -> The installer script also supports other parameters such as channel, realtime protection, version, etc. To select from the list of available options, check help. +> The installer script also supports other parameters such as channel, realtime protection, version, custom path installation etc. To select from the list of available options, check help. >`./mde_installer.sh --help` #### Create a manifest to deploy Defender for Endpoint by configuring repositories manually diff --git a/defender-endpoint/linux-install-with-saltack.md b/defender-endpoint/linux-install-with-saltack.md index 8d32005050..0e0384a0ae 100644 --- a/defender-endpoint/linux-install-with-saltack.md +++ b/defender-endpoint/linux-install-with-saltack.md @@ -99,7 +99,7 @@ There are two ways you can create the Saltstack state files: ``` > [!NOTE] -> The installer script also supports other parameters such as channel (insiders-fast, insiders-slow, prod (default)), real-time protection, version, etc. To select from the list of available options, check help through the following command: +> The installer script also supports other parameters such as channel (insiders-fast, insiders-slow, prod (default)), real-time protection, version, custom path installation etc. To select from the list of available options, check help through the following command: >```./mde_installer.sh --help``` ### Create Saltstack state files by manually configuring repositories diff --git a/defender-endpoint/linux-installer-script.md b/defender-endpoint/linux-installer-script.md index 31194a8105..24b6705cbc 100644 --- a/defender-endpoint/linux-installer-script.md +++ b/defender-endpoint/linux-installer-script.md @@ -80,11 +80,20 @@ Before you get started, see [Prerequisites for Defender for Endpoint on Linux](m 4. Execute the installer script and provide the onboarding package as a parameter to install the agent and onboard the device to the Defender portal. - ```bash - sudo ./mde_installer.sh --install --onboard ./MicrosoftDefenderATPOnboardingLinuxServer.py --channel prod --min_req - ``` - - This command deploys the latest agent version to the production channel, check for min system requisites and onboard the device to Defender Portal. + 1. Default Path Installation + + The default installation location is `/` + ```bash + sudo ./mde_installer.sh --install --onboard ./MicrosoftDefenderATPOnboardingLinuxServer.py --channel prod --min_req + ``` + 3. Custom Path Installation + + For installation at a custom location, provide the custom installation path - , as a parameter. + ```bash + sudo ./mde_installer.sh --install --onboard ./MicrosoftDefenderATPOnboardingLinuxServer.py --channel prod --min_req --install-path + ``` + + These commands deploy the latest agent version to the production channel, check for min system requisites and onboard the device to Defender Portal. Additionally you can pass more parameter based on your requirements to modify the installation. Check help for all the available options: @@ -116,6 +125,7 @@ Before you get started, see [Prerequisites for Defender for Endpoint on Linux](m --https-proxy set https proxy --ftp-proxy set ftp proxy --mdatp specific version of mde to be installed. will use the latest if not provided + -b|--install-path specify the installation and configuration path for MDE. Default: / -h|--help display help ``` @@ -128,7 +138,10 @@ Before you get started, see [Prerequisites for Defender for Endpoint on Linux](m |Uninstall agent | `sudo ./mde_installer.sh --remove` | > [!NOTE] - > Upgrading your operating system to a new major version after the product installation requires the product to be reinstalled. You need to uninstall the existing Defender for Endpoint on Linux, upgrade the operating system, and then reconfigure Defender for Endpoint on Linux. + > + > 1. Upgrading your operating system to a new major version after the product installation requires the product to be reinstalled. You need to uninstall the existing Defender for Endpoint on Linux, upgrade the operating system, and then reconfigure Defender for Endpoint on Linux. + > + > 2. Installation path cannot be changed during upgrade. If MDE is installed in the default path, upgrading to a custom path is not supported. This will be considered as "migration", which is not supported. For migration, either from default to custom path or custom to default path, uninstall MDE. ## Verify deployment status diff --git a/defender-endpoint/mde-linux-prerequisites.md b/defender-endpoint/mde-linux-prerequisites.md index 1cf689f060..254dbef02b 100644 --- a/defender-endpoint/mde-linux-prerequisites.md +++ b/defender-endpoint/mde-linux-prerequisites.md @@ -51,6 +51,10 @@ For detailed licensing information, see [Product Terms: Microsoft Defender for E - **Disk Space**: 2 GB minimum. For high-performance workloads, more disk space might be needed. - **Memory**: 1 GB of RAM minimum. For high-performance workloads, more memory might be needed. +Additionally if installing MDE at a custom location +- **Permissions**: rwxr-xr-x minimum permissions for the entire custom installation directory tree +- **semanage**: For workloads with conflicting rules, SELinux equivalence rules might need to be set. + > [!NOTE] > Performance tuning might be needed based on workloads. For more information, see [Performance tuning for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-support-perf)