1.6.1 Install and Patch AHF Fleet Insights

Learn to install and patch AHF Fleet Insights on various supported platforms.

Note:

  • Any Linux non-root user can install AHF Fleet Insights.
  • A self-signed SSL certificate (Key type: RSA, key length: 4096) is dynamically created during install time for securing HTTPS connection.

    You have an option to substitute the default certificate with your own through the command-line interface. For more information, see ahffi.

  • The default port for installation is 5005, unless specified by the user. The valid port range is 1024 to 49151. If the specified port is not available, the AHF Fleet Insights application will fail to install.
  1. Download AHF Fleet Insights binary AHFFI-LINUX_v25.1.0.zip from My Oracle Support note 3043060.1.
  2. Unzip AHFFI-LINUX_v25.1.0.zip.
    unzip AHFFI-LINUX_v25.1.0.zip
    Find the following files in the unzipped directory.
    • README.txt: Contains commands to validate the binary, setup prerequisites, and install Fleet Insights application.
    • ahf_fleet_setup_onprem.dat, oracle-ahffi.pub: Files to verify the digital signature of the binary.
    • ahf_fleet_setup_onprem.zip: Installer zip.
  3. Validate the installer binary using the command mentioned in the README.txt file.
  4. Unzip ahf_fleet_setup_onprem.zip.
    Find the following files in the unzipped directory.
    • ahf_fleet_setup: Installer binary.
    • connectstring.txt: A template for the database connection string. You can modify this file as needed and pass it as an argument during installation.
    • create_db_user.sql: This SQL script creates a new database user (with a default username of AHFFI) and grants the necessary privileges. The user is required to replace the password placeholder with a secure password.
    • properties.txt: A template for configuration properties. You can modify this file and pass it as an argument during installation when using the -quiet mode.
    • version.json: Contains version info. DO NOT edit this file.
    • installer_utils.sh: Utility file for the installer. DO NOT edit this file.
  5. During installation, you will be prompted to enable or disable ClamAV, open-source antivirus engine used for detecting trojans, viruses, malware, and other malicious threats to sanitize collections. Download ClamAV from https://www.clamav.net/ and set it up.

    Caution:

    Enabling ClamAV is optional, but doing so will result in increased processing time.
  6. To install AHF Fleet Insights, run:
    ./ahf_fleet_setup -loc <install loc>

    Note:

    By default, the AHFFI installer uses /tmp as the staging location during installation. If you prefer to use a different location, you can set the AHFFI_TMP_DIR environment variable to the desired path before running the installer.
  7. To install AHF Fleet Insights in quiet mode with the property file, run:
    ./ahf_fleet_setup -quiet <properties file>
  8. To patch AHF Fleet Insights, run:
    ./ahf_fleet_setup

For more information about install options, see ahf_fleet_setup.

Properties

Mandatory properties
  • INSTALL_DIR/<install loc>: Installation directory must be present and accessible by the install user.
  • DB_HOST: Database hostname.
  • DB_PORT: Database port.
  • DB_SERVICE: Database service name.
  • DB_USER: Database username.
  • DB_PASSWORD: Database password.
  • INSTANT_CLIENT: Path to instant client.
  • JAVA_HOME: Path to Java home.
Optional properties
  • WEBAPP_PORT: The port on which the application will run (must be within the range of 1024 - 49151). This port must be open to allow the AHF Client to register successfully.
  • DB_WALLET: DB wallet path if the connection requires it.
  • GENERIC_REGISTRATION_USER: The API admin username (can be created from the unified command-line interface as well).
  • GENERIC_REGISTRATION_PASSWORD: The API admin user password. The API admin user password. It must be at least 8 characters long and include at least one numeric digit, one special character, and one uppercase letter.
  • CLAMSCAN: Path to clamscan. If mentioned, collections will be scanned for infected files. Note that scanning for infected files would increase the collection processing time.

Note:

  • If both GENERIC_REGISTRATION_USER and GENERIC_REGISTRATION_PASSWORD are provided, the generic registration user will be created automatically at the end of a successful installation.
  • Sensitive data like passwords are removed from the properties file and other files once installation is successfully completed.

Example 1-1 Property file

# Mandatory
INSTALL_DIR=/scratch/ahfs_local/install_test
DB_HOST=<your hostname.domainname>
DB_PORT=1555
DB_SERVICE=<your DB service URL>
DB_USER=ahffi_testuser
DB_PASSWORD=*******
INSTANT_CLIENT=/usr/lib/oracle/23/client64
JAVA_HOME=/usr/lib/jvm/jdk-23.0.2-oracle-x64
 
# Optional
WEBAPP_PORT=5000
DB_WALLET=
GENERIC_REGISTRATION_USER=
GENERIC_REGISTRATION_PASSWORD=

Parent topic: Deploy AHF Fleet Insights