From fb87875ba953729a7fb331f3fa2e978f0c4b6029 Mon Sep 17 00:00:00 2001 From: Swapna Johnny <68843997+swapna-johnny@users.noreply.github.com> Date: Thu, 17 Jul 2025 16:27:07 +0530 Subject: [PATCH 1/8] Update linux-install-manually.md Add documentation regarding custom path installation --- defender-endpoint/linux-install-manually.md | 45 +++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/defender-endpoint/linux-install-manually.md b/defender-endpoint/linux-install-manually.md index d77f2d5175..b21f6b0356 100644 --- a/defender-endpoint/linux-install-manually.md +++ b/defender-endpoint/linux-install-manually.md @@ -42,6 +42,7 @@ A successful deployment requires the completion of all of the following tasks: - [SLES and variants](#sles-and-variants-1) - [Ubuntu and Debian systems](#ubuntu-and-debian-systems) - [Mariner](#mariner) +- [Pre Install Setup for Custom Path Installation](#pre-install-setup-for-custom-path-installation) - [Application installation](#application-installation) - [RHEL and variants (CentOS, Fedora, Oracle Linux, Amazon Linux 2, Rocky, and Alma)](#rhel-and-variants-centos-fedora-oracle-linux-amazon-linux-2-rocky-and-alma) - [SLES and variants](#sles-and-variants) @@ -257,6 +258,50 @@ In order to preview new features and provide early feedback, it's recommended th sudo dnf config-manager --enable mariner-official-extras-preview ``` +## Pre Install Setup for Custom Path Installation + +These steps are applicable only if Defender is to be installed in a custom location. + +The custom installation path is denoted here as + +> [!NOTE] +> Only absolute custom installation path is supported + +1. Create the required directories for setup + ```bash + sudo mkdir -p + sudo mkdir -p /etc/opt/microsoft/mdatp + ``` + +2. Create the config json file `/etc/opt/microsoft/mdatp/mde_path.json`, specifying the custom installation path, in the mde config directory + + File Content: + ``` + {"path":""} + ``` + + For example, if the custom installation path is to be set as `/custom/microsoft_mdatp`, `/etc/opt/microsoft/mdatp/mde_path.json` will be created with the following content: + ``` + {"path":"/custom/microsoft_mdatp"} + ``` +3. Set required permissions + ``` + chmod 755 + chmod 644 /etc/opt/microsoft/mdatp + ``` + +4. Create a symlink to the installation location + ``` + mkdir -p /opt/microsoft + mkdir -p /opt/microsoft/mdatp + ln -sf /opt/microsoft/mdatp /opt/microsoft/mdatp + ``` + > [!NOTE] + > + > If you choose to skip creation of symlink, you can rely on the installer package to create the symlink for you, provided you have - + > 1. 1GB space in /opt or + > 2. You have managed the disk space check issue at your end + ## Application installation Use the commands in the following sections to install Defender for Endpoint on your Linux distribution. From 27bf69f57e9a14a33df4a42fdf2b50591b212e84 Mon Sep 17 00:00:00 2001 From: Swapna Johnny <68843997+swapna-johnny@users.noreply.github.com> Date: Mon, 21 Jul 2025 11:22:27 +0530 Subject: [PATCH 2/8] Update linux-installer-script.md --- defender-endpoint/linux-installer-script.md | 25 ++++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/defender-endpoint/linux-installer-script.md b/defender-endpoint/linux-installer-script.md index 31194a8105..24b6705cbc 100644 --- a/defender-endpoint/linux-installer-script.md +++ b/defender-endpoint/linux-installer-script.md @@ -80,11 +80,20 @@ Before you get started, see [Prerequisites for Defender for Endpoint on Linux](m 4. Execute the installer script and provide the onboarding package as a parameter to install the agent and onboard the device to the Defender portal. - ```bash - sudo ./mde_installer.sh --install --onboard ./MicrosoftDefenderATPOnboardingLinuxServer.py --channel prod --min_req - ``` - - This command deploys the latest agent version to the production channel, check for min system requisites and onboard the device to Defender Portal. + 1. Default Path Installation + + The default installation location is `/` + ```bash + sudo ./mde_installer.sh --install --onboard ./MicrosoftDefenderATPOnboardingLinuxServer.py --channel prod --min_req + ``` + 3. Custom Path Installation + + For installation at a custom location, provide the custom installation path - , as a parameter. + ```bash + sudo ./mde_installer.sh --install --onboard ./MicrosoftDefenderATPOnboardingLinuxServer.py --channel prod --min_req --install-path + ``` + + These commands deploy the latest agent version to the production channel, check for min system requisites and onboard the device to Defender Portal. Additionally you can pass more parameter based on your requirements to modify the installation. Check help for all the available options: @@ -116,6 +125,7 @@ Before you get started, see [Prerequisites for Defender for Endpoint on Linux](m --https-proxy set https proxy --ftp-proxy set ftp proxy --mdatp specific version of mde to be installed. will use the latest if not provided + -b|--install-path specify the installation and configuration path for MDE. Default: / -h|--help display help ``` @@ -128,7 +138,10 @@ Before you get started, see [Prerequisites for Defender for Endpoint on Linux](m |Uninstall agent | `sudo ./mde_installer.sh --remove` | > [!NOTE] - > Upgrading your operating system to a new major version after the product installation requires the product to be reinstalled. You need to uninstall the existing Defender for Endpoint on Linux, upgrade the operating system, and then reconfigure Defender for Endpoint on Linux. + > + > 1. Upgrading your operating system to a new major version after the product installation requires the product to be reinstalled. You need to uninstall the existing Defender for Endpoint on Linux, upgrade the operating system, and then reconfigure Defender for Endpoint on Linux. + > + > 2. Installation path cannot be changed during upgrade. If MDE is installed in the default path, upgrading to a custom path is not supported. This will be considered as "migration", which is not supported. For migration, either from default to custom path or custom to default path, uninstall MDE. ## Verify deployment status From bd14b68eb1c31ce30336eb07ae14f84b49b2ddb9 Mon Sep 17 00:00:00 2001 From: Swapna Johnny <68843997+swapna-johnny@users.noreply.github.com> Date: Tue, 22 Jul 2025 11:15:30 +0530 Subject: [PATCH 3/8] Update linux-deploy-defender-for-endpoint-with-chef.md --- .../linux-deploy-defender-for-endpoint-with-chef.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md index e88d02aedc..a9f10e58fe 100644 --- a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md +++ b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md @@ -121,6 +121,10 @@ A cookbook can be created through any of the following methods: EOS end ``` + - For installation at a custom location, provide the custom installation path - , as a parameter to the installer script + ```bash + #{mde_installer} --install --onboard #{onboarding_json} --install-path #{custom_path} + ``` > [!NOTE] > The installer script also supports other parameters such as channel, realtime protection, version, etc. To select from the list of available options, check help through the following command: From a7e3b5a74f10e34495217a3788b5692d36849da6 Mon Sep 17 00:00:00 2001 From: Swapna Johnny <68843997+swapna-johnny@users.noreply.github.com> Date: Tue, 22 Jul 2025 11:25:53 +0530 Subject: [PATCH 4/8] Update mde-linux-prerequisites.md --- defender-endpoint/mde-linux-prerequisites.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/defender-endpoint/mde-linux-prerequisites.md b/defender-endpoint/mde-linux-prerequisites.md index 1cf689f060..254dbef02b 100644 --- a/defender-endpoint/mde-linux-prerequisites.md +++ b/defender-endpoint/mde-linux-prerequisites.md @@ -51,6 +51,10 @@ For detailed licensing information, see [Product Terms: Microsoft Defender for E - **Disk Space**: 2 GB minimum. For high-performance workloads, more disk space might be needed. - **Memory**: 1 GB of RAM minimum. For high-performance workloads, more memory might be needed. +Additionally if installing MDE at a custom location +- **Permissions**: rwxr-xr-x minimum permissions for the entire custom installation directory tree +- **semanage**: For workloads with conflicting rules, SELinux equivalence rules might need to be set. + > [!NOTE] > Performance tuning might be needed based on workloads. For more information, see [Performance tuning for Microsoft Defender for Endpoint on Linux](/defender-endpoint/linux-support-perf) From 32b543c2d6590030ab6565cf5d0182e8bd7f73fb Mon Sep 17 00:00:00 2001 From: Swapna Johnny <68843997+swapna-johnny@users.noreply.github.com> Date: Tue, 22 Jul 2025 11:37:53 +0530 Subject: [PATCH 5/8] Update linux-install-with-ansible.md --- defender-endpoint/linux-install-with-ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/linux-install-with-ansible.md b/defender-endpoint/linux-install-with-ansible.md index 290419e0e8..ca1f220117 100644 --- a/defender-endpoint/linux-install-with-ansible.md +++ b/defender-endpoint/linux-install-with-ansible.md @@ -149,7 +149,7 @@ Create installation YAML file. You can also download the file directly from [Git ``` > [!NOTE] -> The installer script also supports other parameters such as channel, realtime protection, version, etc. To select from the list of available options, check help through the following command: `./mde_installer.sh --help` +> The installer script also supports other parameters such as channel, realtime protection, version, custom path installation etc. To select from the list of available options, check help through the following command: `./mde_installer.sh --help` ### Apply the playbook From a572b0371829625705c39255845969b5dbb993f4 Mon Sep 17 00:00:00 2001 From: Swapna Johnny <68843997+swapna-johnny@users.noreply.github.com> Date: Tue, 22 Jul 2025 11:40:16 +0530 Subject: [PATCH 6/8] Update linux-deploy-defender-for-endpoint-with-chef.md --- .../linux-deploy-defender-for-endpoint-with-chef.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md index a9f10e58fe..e3ab31e9c3 100644 --- a/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md +++ b/defender-endpoint/linux-deploy-defender-for-endpoint-with-chef.md @@ -121,13 +121,9 @@ A cookbook can be created through any of the following methods: EOS end ``` - - For installation at a custom location, provide the custom installation path - , as a parameter to the installer script - ```bash - #{mde_installer} --install --onboard #{onboarding_json} --install-path #{custom_path} - ``` > [!NOTE] -> The installer script also supports other parameters such as channel, realtime protection, version, etc. To select from the list of available options, check help through the following command: +> The installer script also supports other parameters such as channel, realtime protection, version, custom path installation etc. To select from the list of available options, check help through the following command: >```./mde_installer.sh --help``` ### Create a cookbook by manually configuring repositories From 8dd76be4dfec0eac2abf087a0b43410e20973f4e Mon Sep 17 00:00:00 2001 From: Swapna Johnny <68843997+swapna-johnny@users.noreply.github.com> Date: Tue, 22 Jul 2025 11:43:53 +0530 Subject: [PATCH 7/8] Update linux-install-with-puppet.md --- defender-endpoint/linux-install-with-puppet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/linux-install-with-puppet.md b/defender-endpoint/linux-install-with-puppet.md index d9ffe33be1..16efdfa432 100644 --- a/defender-endpoint/linux-install-with-puppet.md +++ b/defender-endpoint/linux-install-with-puppet.md @@ -154,7 +154,7 @@ There are two ways to create a manifest file: } ``` > [!NOTE] -> The installer script also supports other parameters such as channel, realtime protection, version, etc. To select from the list of available options, check help. +> The installer script also supports other parameters such as channel, realtime protection, version, custom path installation etc. To select from the list of available options, check help. >`./mde_installer.sh --help` #### Create a manifest to deploy Defender for Endpoint by configuring repositories manually From 24092cc38f567d179cc8563429f3d5cbcfd2be7a Mon Sep 17 00:00:00 2001 From: Swapna Johnny <68843997+swapna-johnny@users.noreply.github.com> Date: Tue, 22 Jul 2025 11:45:13 +0530 Subject: [PATCH 8/8] Update linux-install-with-saltack.md --- defender-endpoint/linux-install-with-saltack.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defender-endpoint/linux-install-with-saltack.md b/defender-endpoint/linux-install-with-saltack.md index 8d32005050..0e0384a0ae 100644 --- a/defender-endpoint/linux-install-with-saltack.md +++ b/defender-endpoint/linux-install-with-saltack.md @@ -99,7 +99,7 @@ There are two ways you can create the Saltstack state files: ``` > [!NOTE] -> The installer script also supports other parameters such as channel (insiders-fast, insiders-slow, prod (default)), real-time protection, version, etc. To select from the list of available options, check help through the following command: +> The installer script also supports other parameters such as channel (insiders-fast, insiders-slow, prod (default)), real-time protection, version, custom path installation etc. To select from the list of available options, check help through the following command: >```./mde_installer.sh --help``` ### Create Saltstack state files by manually configuring repositories