Cisco
Login
Search
Software Secure Workload
Activity Configure

Deploy Software Agents on Workloads Deploy Software Agents Install AIX Agents for Deep Visibility and Enforcement Install AIX Agent using the Agent Script Installer Method

Last updated: Jun 09, 2025

Install AIX Agent using the Agent Script Installer Method

Deep visibility and enforcement AIX agents can only be installed using the Agent Script Installation method.


 

  • The installed AIX agent supports both deep visibility and enforcement.

  • Process Visibility and Forensics are supported on AIX 7.2 and POWER8 or later.

  • By default, enforcement is disabled. To enable enforcement, see Create an Agent Configuration Profile.

To install an AIX agent:

Procedure

1

Navigate to Agent Installation Methods:

  • If you are a first-time user, launch the Quick Start wizard and click Install Agents.

  • From the navigation pane, choose Manage > Agents, and select the Installer tab.
2

Click Agent Script Installer.
3

From the Select Platform drop-down menu, choose AIX.

To view the supported AIX platforms, click Show Supported Platforms.
4

Choose the tenant to install the agents.


 

Selecting a tenant is not required for Secure Workload SaaS clusters.
5

If you want to assign labels to the workload, choose the label keys and enter label values.

When the installed agent reports IP addresses on the host, the installer CMDB labels selected here, along with other uploaded CMDB labels that have been assigned to IPs reported by this host, would be automatically assigned to the new IP address. If there are conflicts between uploaded CMDB labels and installer CMDB labels:

  • Labels assigned to an exact IP address take precedence over labels assigned to the subnet.

  • Existing labels assigned to an exact IP address take precedence over installer CMDB labels.
6

If HTTP proxy is required to communicate with Secure Workload, choose Yes, and then enter a valid proxy URL.
7

Under the Installer expiration section, select one from the available options:

  • No expiration: The installer script can be used multiple times.

  • One time: The installer script can be used only once.

  • Time bound: You can set the number of days for which the installer script can be used.

  • Number of deployments: You can set the number of times the installer script can be used.
8

Click Download and save the file to the local disk.
9

Copy the installer shell script to all the AIX hosts for deployment.
10

To grant execute permission to the script, run the command: chmod u+x tetration_installer_default_sensor_aix.sh


 

The script name may differ depending on the agent type and scope.
11

To install the agent, run the following command with root privileges: ./tetration_installer_default_sensor_aix.sh


 

If an agent is already installed on the host, you cannot proceed with the installation. If you wish to re-install the agent, use the --new option, as explained later in this chapter.

We recommend running the pre-check, as specified in the script usage details.

AIX installer script usage details:

ksh tetration_installer_default_enforcer_aix.sh [--pre-check] [--pre-check-user] [--skip-pre-check=<option>] [--no-install] [--logfile=<filename>] [--proxy=<proxy_string>] [--no-proxy] [--help] [--version] [--sensor-version=<version_info>] [--ls] [--file=<filename>] [--osversion=<osversion>] [--save=<filename>] [--new] [--reinstall] [--unpriv-user] [--libs=<libs.zip|tar.Z>] [--force-upgrade] [--upgrade-local] [--upgrade-by-uuid=<filename>] [--logbasedir=<logbdir>] [--tmpdir=<tmp_dir>] [--visibility] [--golden-image]
  --pre-check: run pre-check only
  --pre-check-user: provide alternative to nobody user for pre-check su support
  --skip-pre-check=<option>: skip pre-installation check by given option; Valid options include 'all', 'ipv6' and 'enforcement'; e.g.: '--skip-pre-check=all' will skip all pre-installation checks; All pre-checks will be performed by default
  --no-install: will not download and install sensor package onto the system
  --logfile=<filename>: write the log to the file specified by <filename>
  --proxy=<proxy_string>: set the value of HTTPS_PROXY, the string should be formatted as http://<proxy>:<port>
  --no-proxy: bypass system wide proxy; this flag will be ignored if --proxy flag was provided
  --help: print this usage
  --version: print current script's version
  --sensor-version=<version_info>: select sensor's version; e.g.: '--sensor-version=3.4.1.0'; will download the latest version by default if this flag was not provided
  --ls: list all available sensor versions for your system (will not list pre-3.3 packages); will not download any package
  --file=<filename>: provide local zip file to install sensor instead of downloading it from cluster
  --osversion=<osversion>: specify osversion for --save flag;
  --save=<filename>: download and save zip file as <filename>; will download package for osversion given by --osversion flag; e.g.: '--save=myimage.aix72.tar.Z --osversion=7.2'
  --new: remove any previous installed sensor;
  --reinstall: reinstall sensor and retain the same identity with cluster; this flag has higher priority than --new
  --unpriv-user=<username>: use <username> for unpriv processes instead of tet-snsr
  --libs=<libs.zip|tar.Z>: install provided libs to be used by agents
  --force-upgrade: force sensor upgrade to version given by --sensor-version flag; e.g.: '--sensor-version=3.4.1.0 --force-upgrade'; apply the latest version by default if --sensor-version flag was not provided
  --upgrade-local: trigger local sensor upgrade to version given by --sensor-version flag: e.g.: '--sensor-version=3.4.1.0 --upgrade-local'; apply the latest version by default if --sensor-version flag was not provided
  --upgrade-by-uuid=<filename>: trigger sensor whose uuid is listed in <filename> upgrade to version given by --sensor-version flag; e.g.: '--sensor-version=3.4.1.0 --upgrade-by-uuid=/usr/local/tet/sensor_id'; apply the latest version by default if --sensor-version flag was not provided
  --logbasedir=<log_base_dir>: instead of logging to /opt/cisco/tetration/log use <log_base_dir>. The full path will be <log_base_dir>/tetration
  --tmpdir=<tmp_dir>: instead of using /tmp use <tmp_dir> as temp directory
  --visibility: install deep visibility agent only; --reinstall would overwrite this flag if previous installed agent type was enforcer
  --golden-image: install Cisco Secure Workload Agent but do not start the Cisco Secure Workload Services; use to install Cisco Secure Workload Agent on Golden Images in VDI environment or Template VM. On VDI/VM instance created from golden image with different host name, Cisco Secure Workload Services will work normally
Previous topic Requirements and Prerequisites for Installing AIX Agents Next topic Verify AIX Agent Installation