In this article, we’ll go through the step-by-step process to install and configure the Host Monitor Agent on a Linux Database Server.
Prerequisites:
Before proceeding, confirm the following:
- You have administrator (root) or sudo access to both the Audit Vault Server and the target Database Server.
- The Audit Vault Server is already up and running.
- The Audit Vault Agent has been installed (if required for integration).
- Network connectivity between both servers is established and verified.
- Required directories such as /usr/local exist and have the appropriate permissions.
Step 1: Log in to the Audit Vault Server Console
Access the Audit Vault Server web console using your browser and log in with the ADMIN credentials.
This will allow you to download the Host Monitor Agent package and manage its registration.
Step 2: Download the Host Monitor Agent
Once logged in, navigate to: Agents → Downloads
- Click the Download button next to the file named “agent-linux-x86-64-hmon-one.zip”.
This package contains all necessary files for installing the Host Monitor Agent on a Linux-based Database Server.
Step 3: Transfer the Installation Package
- Transfer the downloaded “agent-linux-x86-64-hmon-one.zip” file from the Audit Vault Server to the target Database Server under the /usr/local directory.
- After transferring, unzip the file in the same location to extract its contents.
Step 4: Install the Host Monitor Agent
- Navigate to the agent’s home directory, typically located at: /usr/local/hm
- Execute the installation process from this directory.
- Once the process completes, you should see a confirmation indicating that the Host Monitor Agent has been successfully installed on the target Database Server.
Step 5: Transfer the CSR File
During installation, a certificate signing request file named “hmcsr.csr” is generated on the Database Server.
- Transfer the hmcsr.csr file to the Audit Vault Server.
- Place it initially in the /home/support directory.
- Then, move it to the following directory: /usr/local/dbfw/etc
This file is required to create a signed certificate for secure communication between the Host Monitor Agent and the Audit Vault Server.
Step 6: Generate a Signed Certificate on the Audit Vault Server
- On the Audit Vault Server, generate a signed certificate by running the certificate generation script:
- generate_casigned_hmcert.sh
- This command creates a signed certificate file named “hmcert.crt” that will authenticate the Host Monitor Agent.
Step 7: Transfer and Secure the Signed Certificate
- After generating the signed certificate (hmcert.crt) on the Audit Vault Server, transfer it to the target Database Server under the directory: /usr/local/hm
- Once the certificate is in place, ensure that its ownership and permissions are correctly configured for security.
Step 8: Configure the Database Firewall Server
Next, log in to the Database Firewall Server as the root user to complete the configuration process.
In this step, you will:
- Copy the signed certificate to the firewall’s trusted certificate directory.
- Adjust file ownership and permissions to align with the system’s security standards.
- Restart the monitor service to apply the new configuration.
- Verify that the monitor service is active and running successfully.
Once restarted, check the service status to confirm that the Database Firewall monitor is operating properly and recognizing the updated certificate configuration.
Step 9: Final Verification
After completing all configurations:
- Return to the Audit Vault Server console.
- Navigate to the Agents section.
- Confirm that the Host Monitor Agent displays as Active or Running.
This indicates successful communication between the Audit Vault Server, Database Firewall, and the Host Monitor Agent installed on the Database Server.
Final Notes
- Always ensure that both the Host Monitor Agent and monitor service start automatically after system reboot.
- Keep a secure backup of all generated certificate files.
- Use matching versions of the Host Monitor Agent and Audit Vault Server software for optimal compatibility.
Conclusion
You’ve successfully completed the full installation and configuration of the Host Monitor Agent on a Linux Database Server, including secure certificate setup and Database Firewall integration.
With this configuration, the Audit Vault and Database Firewall (AVDF) system can now collect and monitor both host-level and database-level audit information — providing a comprehensive, secure, and centralized auditing environment.