Tiger Client Installation on CentOS/RHEL 7

Detailed list of the before, during, and after installation steps, required for installing the Tiger Client on CenstOS or RHEL 7.

Before installation

Completely disable components that might cause confusion.

Disabling the firewalld

Execute the following commands in the terminal:

  1. sudo systemctl disable firewalld
  2. sudo systemctl mask firewalld
  3. sudo systemctl status firewalld

#You should see “Loaded: masked ” as status result.


Disabling iptables service module


Execute the following commands in the terminal:

  1. sudo systemctl disable iptables
  2. sudo systemctl mask iptables
  3. sudo systemctl status iptables

#You should see “Loaded: masked ” as status result.


Removing iptables automated routing/filter rules loadout

Execute the following commands in the terminal:

  1. sudo mv /sbin/xtables-multi /sbin/xtables-multi.bak
  2. sudo ln -s /dev/null /sbin/xtables-multi

Setting SELinux to disabled

Edit the configuration file by entering the command line in the terminal:

  • sudo nano /etc/selinux/config

Edit the value of the SELINUX to look like this:

  • SELINUX=disabled

Save and exit.

Disabling the Kernel hardened copy functionality

Important note: Before installing the Tiger Store client on any of the supported Linux kernel versions for Red Hat Enterprise Linux 7.x and derivatives, in case the kernel version is above the RHEL 7.5 release, as a mandatory prerequisite you must disable the hardened usercopy kernel parameter or the machine could experience a kernel panic cycle on boot.

In case newer kernels no longer allow disabling the hardened usercopy kernel parameter via a single command, this is usually done by editing the kernel's command-line parameters and regenerating the grub config in accordance with the OS documentation, after which you could reboot the machine and verify that hardened usercopy is indeed off, prior to proceeding with the installation of the Tiger Store client.

Important note: Before you install the latest Tiger Store client (version 2.9.4.x), you must disable the hardened copy or the machine could panic - this is a mandatory prerequisite for the more recent centOS kernels.

There used to be a single line command that could change all of that - hardened_usercopy=off , but since on the latest kernels the command no longer works, so this is done by editing /etc/default/grub (GRUB_CMDLINE_LINUX line) and then regenerating the grub config:

grub2-mkconfig -o /boot/grub2/grub.cfg

You can use this article as a reference on how to edit the said line with different parameters, or you can look up another article to your liking:

https://www.thegeekdiary.com/centos-rhel-7-how-to-modify-the-kernel-command-line/

Reboot the machine after the steps above.

Verify that that hardened_usercopy is indeed off. You can verify the kernel command line with the below command:

cat /proc/cmdline

Double check that the output contains: hardened_usercopy=off

Example: BOOT_IMAGE=/vmlinuz-3.10.0-1160.90.1.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto hardened_usercopy=off rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet


Installation

Here, we have listed the most important steps in the installation process.

Making sure that the kernel you're running is supported

Check you exact kernel version with this terminal command:

  • uname -a

Cross check the received value with the list of supported kernels in the Tiger Store
documentation.

Downloading the appropriate Tiger Client package from the MDC list
of available installers


Once you have confirmed that your kernel is supported download the installation package, run the installer as a superuser. Once it completes successfully, reboot the system.

All of the firewall/selinux/binfmt changes will take effect after the reboot.

Failing to execute the commands successfully might result in a system not being able to boot. 
In this case you have to be ready to start it in a single user mode in order to finish with the
required settings.


After Installation

Before running a system update

Keep in mind that updating your kernel version will result in the Tiger Client software not
working properly.

There might be updates that change the status of the disabled components hence compromise
the system reliability due to introducing conflicts.

We highly recommend you to check the list of supported kernels for the latest Tiger Technology
software release prior updating.


After a system update


1. Unsupported kernel

  • Using the depmod option

Once you've updated your system kernel with a more modern minor release, you will have to
force the Tiger Client modules to load on this yet unsupported kernel.

This has to be done by adjusting the module dependency list via the linux depmod option in
command line. Keep in mind that “depmod” might affect other installed modules alongside the
Tiger Client related ones.

# sudo su

# depmod

# depmod $(uname -r) $(sed "s@\(.*\):.*@/lib/modules/$(uname -r)/\1@" /lib/modules/$(uname
-r)/modules.dep) /lib/modules/3.10.0-862.9.1.el7.x86_64/tbox/sane*

Where 3.10.0-862.9.1.el7.x86_64 is the closest supported kernel

  • Modifying the tboxd starting script

After the modules are successfully forced and loaded you have to edit the init file
/etc/init.d/tboxd

Leave this as it is by default:

KERNEL_VERSION='uname -r'

This is our default way of loading linux modules and it should be commented and
replaced by:

#insmod /lib/modules/${KERNEL_VERSION}/tbox/sanefs.o >/dev/null 2>/dev/null
modprobe --force --set-version ${KERNEL_VERSION} sanefs

#insmod /lib/modules/${KERNEL_VERSION}/tbox/sanebd.o >/dev/null 2>/dev/null
modprobe --force --set-version ${KERNEL_VERSION} sanebd

#insmod /lib/modules/${KERNEL_VERSION}/tbox/sanevda.o >/dev/null 2>/dev/null
modprobe --force --set-version ${KERNEL_VERSION} sanevda

  • Save and exit
  • Restart the System.


2. Supported kernel

If the updated kernel is supported in the Tiger Client version you’re running, just keep working.

If the updated kernel is supported in a newer Tiger Client version, you will have to update your MDC Tiger Store version to the one supporting the new kernel following these steps:

  • Remove the Tiger Client
  • Download the new Tiger Client
  • Install the new Tiger Client
  • Check the required modules status
  • Reboot the system