diff --git a/docs/kb/endpointprotector/0-images/221e2f00e49f44fffcf64957a74adf46.png b/docs/kb/endpointprotector/0-images/221e2f00e49f44fffcf64957a74adf46.png new file mode 100644 index 0000000000..cde2b78758 Binary files /dev/null and b/docs/kb/endpointprotector/0-images/221e2f00e49f44fffcf64957a74adf46.png differ diff --git a/docs/kb/endpointprotector/0-images/25e977352dd52f7cc1a0a099749039d7.png b/docs/kb/endpointprotector/0-images/25e977352dd52f7cc1a0a099749039d7.png new file mode 100644 index 0000000000..389dfad83b Binary files /dev/null and b/docs/kb/endpointprotector/0-images/25e977352dd52f7cc1a0a099749039d7.png differ diff --git a/docs/kb/endpointprotector/0-images/43258ddd17f53d209349a9757595552d.png b/docs/kb/endpointprotector/0-images/43258ddd17f53d209349a9757595552d.png new file mode 100644 index 0000000000..97892f8e23 Binary files /dev/null and b/docs/kb/endpointprotector/0-images/43258ddd17f53d209349a9757595552d.png differ diff --git a/docs/kb/endpointprotector/0-images/7aabf76b61247cd7022988b79a06e3e8.png b/docs/kb/endpointprotector/0-images/7aabf76b61247cd7022988b79a06e3e8.png new file mode 100644 index 0000000000..cd67c0c570 Binary files /dev/null and b/docs/kb/endpointprotector/0-images/7aabf76b61247cd7022988b79a06e3e8.png differ diff --git a/docs/kb/endpointprotector/0-images/866c775d49c0cbef0864bd4cf7b06015.png b/docs/kb/endpointprotector/0-images/866c775d49c0cbef0864bd4cf7b06015.png new file mode 100644 index 0000000000..c9833b95ab Binary files /dev/null and b/docs/kb/endpointprotector/0-images/866c775d49c0cbef0864bd4cf7b06015.png differ diff --git a/docs/kb/endpointprotector/0-images/91cd45f8016ad9a0a33eed482d054fbf.png b/docs/kb/endpointprotector/0-images/91cd45f8016ad9a0a33eed482d054fbf.png new file mode 100644 index 0000000000..042372df30 Binary files /dev/null and b/docs/kb/endpointprotector/0-images/91cd45f8016ad9a0a33eed482d054fbf.png differ diff --git a/docs/kb/endpointprotector/0-images/a05c59666d4d5d06b571009b1e7309e5.png b/docs/kb/endpointprotector/0-images/a05c59666d4d5d06b571009b1e7309e5.png new file mode 100644 index 0000000000..fd4d608a19 Binary files /dev/null and b/docs/kb/endpointprotector/0-images/a05c59666d4d5d06b571009b1e7309e5.png differ diff --git a/docs/kb/endpointprotector/0-images/b811ee14df77d6d8e87b48fcd284db80.png b/docs/kb/endpointprotector/0-images/b811ee14df77d6d8e87b48fcd284db80.png new file mode 100644 index 0000000000..ef07ba096a Binary files /dev/null and b/docs/kb/endpointprotector/0-images/b811ee14df77d6d8e87b48fcd284db80.png differ diff --git a/docs/kb/endpointprotector/0-images/cb6a560ea7bc3e35cd3c0a30978e4dc7.png b/docs/kb/endpointprotector/0-images/cb6a560ea7bc3e35cd3c0a30978e4dc7.png new file mode 100644 index 0000000000..04335b639e Binary files /dev/null and b/docs/kb/endpointprotector/0-images/cb6a560ea7bc3e35cd3c0a30978e4dc7.png differ diff --git a/docs/kb/endpointprotector/0-images/e82dd4c71e1388608816abea6c906ae2.png b/docs/kb/endpointprotector/0-images/e82dd4c71e1388608816abea6c906ae2.png new file mode 100644 index 0000000000..6f8ebbfae0 Binary files /dev/null and b/docs/kb/endpointprotector/0-images/e82dd4c71e1388608816abea6c906ae2.png differ diff --git a/docs/kb/endpointprotector/deployment-and-installation/how_to_change_root_password.md b/docs/kb/endpointprotector/deployment-and-installation/how_to_change_root_password.md new file mode 100644 index 0000000000..46771a68a4 --- /dev/null +++ b/docs/kb/endpointprotector/deployment-and-installation/how_to_change_root_password.md @@ -0,0 +1,212 @@ +--- +description: This article describes how to boot the Endpoint Protector On-Prem appliance into recovery mode to change the epproot user password and optimize the appliance configuration for Nginx, MySQL, and PHP-FPM. These steps apply only to on-premises deployments. +keywords: + - Endpoint Protector + - epproot password + - recovery mode + - GRUB + - appliance optimization + - Nginx + - MySQL + - PHP-FPM + - Ubuntu +sidebar_label: How to Change epproot Password and Optimize Endpoint Protector On-Prem Appliance +title: How to Change epproot Password and Optimize Endpoint Protector On-Prem Appliance +knowledge_article_id: kA0Qk000000XXXXKAA +products: + - endpoint-protector +--- + +| The procedures and instructions provided in this document are intended for use by experienced administrators. Proceeding with these steps is done entirely at your own risk. Netwrix is not responsible for any data loss, system instability, or other issues that may arise from following these instructions. Ensure that you have a complete backup of your system before making any changes. | +|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| + +## Overview + +This article outlines the steps to boot the Endpoint Protector (EPP) On-Prem appliance into single-user (recovery) mode to change the `epproot` user password and optimize appliance performance. These steps apply only to **on-premises** deployments. +They do **not** work for appliances hosted in cloud environments. + +--- + +## Instructions + +1. Go to your VM manager and **reboot** the EPP appliance. + While it reboots, press the `Esc` key on your keyboard to access the **GRUB** boot menu, and select **Advanced options for Ubuntu**. + + ![GRUB boot menu screenshot](./../0-images/43258ddd17f53d209349a9757595552d.png) + +2. Choose the first entry labeled **(recovery mode)**. + + ![Recovery mode selection screenshot](./../0-images/cb6a560ea7bc3e35cd3c0a30978e4dc7.png) + +3. Press **Enter** when prompted. + + ![Boot confirmation screenshot](./../0-images/221e2f00e49f44fffcf64957a74adf46.png) + +4. Change the password for the `epproot` user using the command: + + ```bash + passwd epproot + ``` + + > **NOTE:** When requested, input the new password. + +5. Reboot the appliance with the command: + + ```bash + reboot + ``` + +6. Once the system restarts, connect to the appliance via **SSH** using your preferred application. + +7. To reduce the number of password prompts, elevate privileges to root using: + + ```bash + sudo su + ``` + + > **NOTE:** When requested, use the password for the `epproot` user. + +8. Backup the **Nginx**, **MySQL**, and **PHP-FPM** configuration files: + + ```bash + cp -p /etc/nginx/nginx.conf{,.bkp} + cp -p /etc/mysql/mysql.conf.d/mysqld.cnf{,.bkp} + cp -p /opt/alt/php56/etc/php-fpm.conf{,.bkp} + ``` + + > **NOTE:** The `{,.bkp}` syntax creates a copy of each file in the same location with `.bkp` appended, preserving metadata (permissions, ownership, and timestamps). + +9. Run the following command and note down the number of CPU cores and the memory assigned to the VM: + + ```bash + htop + ``` + +10. Edit the Nginx configuration file: + + ```bash + vim /etc/nginx/nginx.conf + ``` + + - Press **Insert** to edit. + - Set `worker_processes` to the number of CPU cores. + - Change the values of `error_log` and `access_log` from `off` to `/dev/null`. + - To save and quit, press **Esc**, type `:wq`, and press **Enter**. + +11. Edit the MySQL configuration file: + + ```bash + vim /etc/mysql/mysql.conf.d/mysqld.cnf + ``` + + - Press **Insert** to edit. + - Ensure or update the following parameters: + + ```text + max_allowed_packet = 8M + thread_stack = 256K + read_buffer_size = 128K + read_rnd_buffer_size = 256K + join_buffer_size = 128K + key_buffer_size = 16M + tmp_table_size = 256M + sort_buffer_size = 2M + thread_cache_size = 64M + query_cache_type = 0 + query_cache_limit = 1M + query_cache_size = 0 + transaction_isolation = READ-COMMITTED + expire_logs_days = 5 + max_binlog_size = 128M + ``` + + - Adjust `max_connections` based on system memory: + + | **RAM** | **max_connections** | + |----------|---------------------| + | ≤4 GB | 75 | + | 8 GB | 100 | + | 16 GB | 150 | + | 32 GB | 250 | + | 64 GB | 500 | + | 128 GB | 1000 | + + - Set `innodb_buffer_pool_size` to ~60% of total memory. + Example (72 GB RAM): + + ```text + innodb_buffer_pool_size = 44236M + ``` + + - Set `innodb_log_file_size` to ~12.5% of the buffer pool size. + Example (72 GB RAM): + + ```text + innodb_log_file_size = 5G + ``` + + - Set `innodb_buffer_pool_instances` to the approximate number of gigabytes of buffer pool size. + Example: + + ```text + innodb_buffer_pool_instances = 43 + ``` + + - Set `innodb_thread_concurrency` to the number of CPU cores. + Example (8 cores): + + ```text + innodb_thread_concurrency = 8 + ``` + + - Ensure the following parameters exist or add them if missing: + + ```text + innodb_file_per_table = 1 + innodb_flush_log_at_trx_commit = 0 + innodb_log_buffer_size = 16M + innodb_lock_wait_timeout = 300 + innodb_flush_method = O_DIRECT + innodb_autoinc_lock_mode = 1 + innodb_fast_shutdown = 1 + innodb_max_purge_lag = 0 + innodb_max_dirty_pages_pct = 60 + ``` + + - To save and quit, press **Esc**, type `:wq`, and press **Enter**. + +12. Edit the PHP-FPM configuration file: + + ```bash + vim /opt/alt/php56/etc/php-fpm.conf + ``` + + - Press **Insert** to edit. + - Update the following parameters based on total RAM: + + | **Total RAM** | **pm.max_children** | **pm.start_servers** | **pm.min_spare_servers** | **pm.max_spare_servers** | + |---------------|--------------------|----------------------|--------------------------|--------------------------| + | ≤2 GB | 10 | 5 | 1 | 5 | + | ≤4 GB | 50 | 6 | 3 | 8 | + | ≤8 GB | 100 | 8 | 5 | 12 | + | ≤16 GB | 200 | 12 | 8 | 20 | + | ≤32 GB | 400 | 20 | 12 | 40 | + | ≤64 GB | 800 | 28 | 18 | 70 | + | ≤128 GB | 1600 | 40 | 28 | 100 | + | >128 GB | Scale using the formula, then round down ~10–15% | — | — | — | + + - To save and quit, press **Esc**, type `:wq`, and press **Enter**. + +13. Restart the services: + + ```bash + systemctl restart nginx + systemctl restart mysql + systemctl restart alt-php56-fpm + ``` + +14. If any of the services fail to start, review the relevant configuration files for errors. + + > **NOTE:** You can restore the backup files created in Step 8 if necessary. + +--- diff --git a/docs/kb/endpointprotector/deployment-and-installation/how_to_increase_disk_space.md b/docs/kb/endpointprotector/deployment-and-installation/how_to_increase_disk_space.md new file mode 100644 index 0000000000..0bc5b94828 --- /dev/null +++ b/docs/kb/endpointprotector/deployment-and-installation/how_to_increase_disk_space.md @@ -0,0 +1,157 @@ +--- +description: This article explains how to boot the Endpoint Protector On-Prem appliance into single-user (recovery) mode and safely expand disk space by resizing partitions and the file system after increasing virtual disk capacity. +keywords: + - Endpoint Protector + - disk expansion + - increase disk space + - recovery mode + - single-user mode + - GRUB + - fdisk + - parted + - resize2fs + - on-prem appliance +sidebar_label: How to Expand Disk Space on Endpoint Protector On-Prem Appliance +title: How to Expand Disk Space on Endpoint Protector On-Prem Appliance +knowledge_article_id: kA0Qk000000XXXXKAA +products: + - endpoint-protector +--- + +| The procedures and instructions provided in this document are intended for use by experienced administrators. Proceeding with these steps is done entirely at your own risk. Netwrix is not responsible for any data loss, system instability, or other issues that may arise from following these instructions. Ensure that you have a complete backup of your system before making any changes. | +|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| + +## Overview + +This article describes how to boot the Endpoint Protector (EPP) On-Prem appliance into **single-user (recovery) mode** and safely expand disk space after increasing the virtual disk size. + +These instructions apply only to **on-premises** EPP appliances. + +--- + +## Instructions + +1. **Shut down and increase the disk size**. + + - In your VM manager, shut down the EPP virtual machine. + - Increase the disk space (for example, from 100 GB to 200 GB). + - Reboot the EPP appliance. + - While it reboots, press the `Esc` key to open the **GRUB** boot menu, and select **Advanced options for Ubuntu**. + + ![GRUB boot menu screenshot](./../0-images/43258ddd17f53d209349a9757595552d.png) + +2. Choose the first entry labeled **(recovery mode)**. + + ![Recovery mode selection screenshot](./../0-images/cb6a560ea7bc3e35cd3c0a30978e4dc7.png) + +3. Press **Enter** when prompted. + + ![Boot confirmation screenshot](./../0-images/221e2f00e49f44fffcf64957a74adf46.png) + +4. **Identify the last partition**. + + Run the following command to list available partitions: + + ```bash + fdisk -l + ``` + + Review the output and identify the **last partition** (typically `/dev/sda3` or `/dev/sda5`, depending on the server version). + + ![Partition listing screenshot](./../0-images/a05c59666d4d5d06b571009b1e7309e5.png) + + > **NOTE:** The last partition may vary depending on your environment. + +5. **Stop Endpoint Protector services**. + + Stop all EPP-related services before resizing: + + ```bash + service nginx stop + service cron stop + service mysql stop + service php-fpm stop + service alt-php56-fpm stop + service eppcloudsync stop + service awslogs stop + service syslog-ng stop + pkill -f run_workers.php + ``` + + > **NOTE:** If a service is not running, proceed to the next command. + +6. **Unmount the identified partition**. + + ```bash + umount /dev/sda3 + ``` + or + ```bash + umount /dev/sda5 + ``` + +7. **Resize the partition**. + + Open the partition manager: + + ```bash + parted /dev/sda + ``` + + ![Parted utility screenshot](./../0-images/25e977352dd52f7cc1a0a099749039d7.png) + + - Type `p` to display the current partition table and sizes. + ![Partition table output](./../0-images/b811ee14df77d6d8e87b48fcd284db80.png) + - Resize the **last partition** to the maximum available space: + ```bash + resizepart 3 100% + ``` + > **NOTE:** If prompted about available space, type `fix` to continue. + - Run `p` again to verify the new partition size: + ```bash + p + ``` + ![New partition size screenshot](./../0-images/e82dd4c71e1388608816abea6c906ae2.png) + - Exit the partition manager: + ```bash + quit + ``` + - Refresh the kernel partition table: + ```bash + partprobe + ``` + +8. **Check the file system**. + + Run a forced file system check (replace `sda3` with your actual partition if needed): + + ```bash + e2fsck -f /dev/sda3 + ``` + + ![Filesystem check screenshot](./../0-images/91cd45f8016ad9a0a33eed482d054fbf.png) + +9. **Resize the file system**. + + ```bash + resize2fs /dev/sda3 + ``` + + ![Filesystem resize screenshot](./../0-images/7aabf76b61247cd7022988b79a06e3e8.png) + +10. **Remount and verify disk size**. + + ```bash + mount -a + df -h + ``` + + ![Disk usage check screenshot](./../0-images/866c775d49c0cbef0864bd4cf7b06015.png) + +11. **Restart the appliance**. + + ```bash + reboot + ``` + + After restart, verify that the disk space increase is reflected in your EPP appliance. diff --git a/docs/kb/endpointprotector/move_and_tag_files.py b/docs/kb/endpointprotector/move_and_tag_files.py index aeab929e30..0d124455ba 100644 --- a/docs/kb/endpointprotector/move_and_tag_files.py +++ b/docs/kb/endpointprotector/move_and_tag_files.py @@ -14,8 +14,10 @@ "deploy-the-client-on-macos-through-intune-with-full-disk-access.md", "download-the-intune-mdm-deployment-guide.md", "enable_full_disk_access_when_deploying_on_macos_using_kandji.md", + "how_to_change_root_password.md", "how_to_deploy_the_client_using_sccm_or_msiexec.md", "how_to_find_the_cososys_team_id_and_bundle_id_for_client_deployment_on_macos.md", + "how_to_increase_disk_space.md", "how_to_manually_uninstall_the_agent.md", "how_to_stage_the_endpoint_protector_server.md", "how-to-install-client-without-user-interaction.md",