Versions Compared

Version Old Version 19 New Version 20
Changes made by

Mark Zuk

Mark Zuk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Easy heading
linkText4
linkText10
linkText3
linkText6
linkText5
relatedLinksLabels
linkText2
linkText1
headingTagsH1,H2,H3
sidebarMaxHeight450
linkType2Page
linkType3Page
linkType1Page
linkType10Page
sidebarTitleON THIS PAGE
linkUrl3
linkUrl4
linkUrl1
linkUrl2
linkUrl10
includedPageModeDisable_Included_Pages
linkText8
linkText7
relatedLinksOrderLabels_First
sidebarModeOpened
headingNumberingModeDisable_Numbering
linkText9
sidebarMarginRight20
relatedLinksTargetNew_Window
relatedLinksTitleRELATED LINKS
linkUrl9
linkUrl7
linkUrl8
numberedHeadingTagsH1,H2,H3
linkUrl5
linkUrl6
linkType8Page
linkType9Page
linkType6Page
headingLinkTextModeWrap
linkType7Page
linkType4Page
linkType5Page
sidebarWidth240
sidebarTop160
headingLinkExpandModeCollapse_All_By_Default
headingLinkIndent10

...

Anchor
_Toc140072050
_Toc140072050
Supported Operating Systems

...

Microsoft

...

Endpoints: Windows 7 (x32/x64) and newer

Servers: Windows Server 2008 and newer

Microsoft OS support matrix

...

OS

Detection

Remediation / Revert

Windows 7

V

X

Windows 8 / 8.1

V

X

Windows 10 / 11

V

V

Windows Server 2008 / 2008 r2

V

X

Windows Server 2012 / 2012 r2

V

X

Windows Server 2016 / 2019 / 2022

V

V

Important Note: Remediation functionality is supported on older versions of Microsoft Windows and Servers as long as Powershell v5.1 and newer are installed.

image-20241017-092016.png

Linux

Linux distribution matrix, supporting both detection, remediation and revert:

Distribution

Supported Versions

ARM64 Architecture

Alibaba Cloud Linux

2 and newer

Not Supported

Alma

7 and newer

Not Supported

Amazon Linux

2 and 2023

Not Supported

CentOS

7 and newer

Not Supported

Debian

10 and newer

Not Supported

Red Hat Enterprise Linux (RHEL)

7 and newer

Not Supported

Rocky Linux

9 and newer

Not Supported

SUSE Linux Enterprise Server (SLES)

12 and newer

Not Supported

Ubuntu

16 and newer

Not Supported

...

macOS

macOS versions, supporting both detection, remediation and revert:

OS

Version

Architecture

macOS

10.15 (Catalina) and newer

Intel Chipset and Apple Silicon

Supported Network devices (coming soon):

...

OS

Version

Cisco IOS

IOS 12.x to 15.x

Cisco IOS XE

16.x and newer

Cisco IOS XR Routers

IOS XR 5.x to 7.x

Cisco NX-OS

6.x to 9.x

...

Anchor
_Toc140072051
_Toc140072051
Windows OS

Anchor
_Toc140072052
_Toc140072052
Pre-Installation

Ports to open:

...

GYTPOL Sensor to GYTPOL SaaS - port 443

Does the Endpoint or Server need to be a member of the domain?

No

Anchor
_Toc140072053
_Toc140072053
Installation

...

Anchor
_Toc140072054
_Toc140072054
Post-Installation

To verify the successful installation of the Sensor, follow these steps:

  1. Open Task Scheduler as an Administrator.

  2. Check for the gytpol folder under the main Library.

  3. Expand the folder, and you should observe three tasks, as exemplified below:

...

Where will I see the scanned machine?

Navigate to the System Health located in the "Settings" section.

Select Windows OS

Info

The initial report should be sent within 10-15 minutes after the first full scan. However, it may take up to an hour for the device to fully appear across all screens.

...

Where is the installation path?

C:\Program Files\WindowsPowerShell\Modules\gytpol

Where are the logs?

C:\Program Files\WindowsPowerShell\Modules\gytpol\log

Log retention policy

Every Windows Sensor is configured to retain up to 10 log files, with each file being 5MB in size. Once the 10-file limit is reached, the oldest log files are automatically deleted to make room for new ones, ensuring efficient log management.

This behavior can be observed in any installed Windows Sensor under the log directory C:\Program Files\WindowsPowerShell\Modules\gytpol\log.

...

How to check the sensor version

Open Control Panel > Programs > Programs and Features to see the gytpolClient version in a list.

...

Anchor
_Toc140072055
_Toc140072055
Uninstalling

To uninstall the GYTPOL Sensor:

  1. Open "Programs and Features"."

  2. Locate "gytpolClient" in the list of installed programs.

  3. Right-click on "gytpolClient" and select "Uninstall" or "Remove."

...

Anchor
_Toc140072056
_Toc140072056
Linux

Anchor
_Toc140072057
_Toc140072057
Pre-Installation

Ports to open:

...

GYTPOL Sensor to GYTPOL SaaS - port 443

Does the

...

device need to be a member of the domain?

No

Anchor
_Toc140072058
_Toc140072058
Installation

Command to run:

  • Debian (Ubuntu):

    Code Block
    languagebash
    sudo dpkg -i  <gytpol-Sensor-path>

  • RPM (RHEL, centOS, SUSE etc.):

    Code Block
    languagebash
    sudo rpm -ivh <gytpol-Sensor-path>

Anchor
_Toc140072059
_Toc140072059
Post-Installation

Where will I see the scanned machine?

Navigate to the System Health located in the "Settings" section.

Select Linux OS

...

How do I see and change the service status?

Code Block
languagebash
systemctl stop/start/status gytpol-client

Where is the installation path?

/opt/gytpol

Where are the logs?

/opt/gytpol/logs

Log retention policy

The Sensor is configured to retain logs for a period of 10 days. Each day may generate one or more log files, depending on the number of actions performed (e.g., scans, service logs, remediations). After 10 days, older log files are automatically deleted to maintain efficient log management.

This behavior can be observed in any installed Linux Sensor under the directory /opt/gytpol/log.

Where are the configuration folder?

Sensor version check

To check the Linux sensor version, run the following commands:

Code Block
languagebash
sudo /opt/gytpol/

...

gytlnx --version

The output should show the version number:

...

Where are the configuration folder?

/opt/gytpol/config

config.json file example:

Code Block
{
    "HttpVerifyCert": false,
    "HttpTimeout": 10000000000,
    "ServerAddress": "https://q1w2e3r4.execute-api.us-east-2.amazonaws.com/prod",
    "ArchivedFilePath": "archive",
    "ArchivedEncryptedReportName": "encrypted-report.json",
    "metricConfigPath": "configs/metrics.json",
    "cloudCfg": {
        "Region": "us-east-2",
        "AccessKeyID": "++AccessKeyID_String==",
        "SecretAccessKey": "++SecretAccessKey_String==",
        "ReportsBucket": {
            "scanner-report": "gytpol-CUSTOMER-us-analyzer-reports",
            "remediation-report": "gytpol-CUSTOMER-us-analyzer-reports",
            "log-report": "gytpol-CUSTOMER-us-analyzer-reports"
        }
    }
}

...

Uninstalling

Debian:

Code Block
languagebash
sudo dpkg -remove gytpol-client
Info

...

Use the

...

“-purge” instead of

...

“-remove” to also delete the logs, archive etc.

RPM:

Code Block
languagebash
sudo rpm -e gytpol-client

Both rpm and dpkg commands listed above may remove certain configuration files associated with GytpolGYTPOL. Deleting files that may result in loss is at your own risk, so ensure that no critical data is being removed before proceeding.

...

Enter the following command to create a configuration file with your organization's proxy server details:Copy

code
Code Block
language
bash
cat << EOF > /opt/gytpol/environ
HTTPS_PROXY=http://<internal-proxy-server>:port 
EOF

...

Anchor
_Toc140072062
_Toc140072062
Pre-Installation:

Ports to open:

GYTPOL Sensor to GYTPOL server on-Prem - port 9093 GYTPOL Sensor to GYTPOL SaaS - port 443

Does the Endpoint need to be a member of the domain?

No

Anchor
_Toc140072063
_Toc140072063
Installation:

...

Identify and choose the right package according to the table below:

Platform

Architecture

Terminal output

Package file

macOS

Intel chipset

i386

gytpol-client-<version>_amd64.pkg

macOS

Apple silicon

arm

gytpol-client-<version>_arm64.pkg

Command to run:

Code Block
languagebash
sudo /usr/sbin/installer -pkg <pkg_path> -target /

example:

Code Block
languagebash
sudo /usr/sbin/installer -pkg ~/Downloads/gytpol-client-0.5.1.0-0_arm64.pkg -target /

To check that the launch daemon is running run:sudo launchctl list | grep

Code Block
languagebash
sudo launchctl list | grep com.gytpol.gytmac

If the daemon is currently running, you can identify its process by checking the process ID (PID) on the left side of the output. The PID is typically highlighted in red for easy identification:

...

For further information run:

Code Block
languagebash
sudo launchctl list com.gytpol.gytmac

If you are using an Intel processor, ensure that you run the correct binary with the "_amd64" designation (e.g., gytpol-client-1.2.1.2-28_amd64.pkg).

Info

...

While an amd64 binary can run on an arm64 processor, it is not recommended and is not officially supported. It is advisable to use the binary that corresponds to your processor architecture for optimal performance and compatibility.

Your output should look like this:

...

Anchor
_Toc140072064
_Toc140072064
Post-Installation

Where will I see the scanned machine?

Navigate to the System Health located in the "Settings" section.

Select macOS

...

How do I see and change the service status?

Code Block
languagebash
sudo launchctl stop/start/list com.gytpol.gytmac

Where is the installation path?

/opt/gytpol/config/config.json (you may need to create the ‘config’ folder and the config.json file). See the file example below.

Where is the installation path?

/opt/gytpol

Where are the logs?

/opt/gytpol/logs

Where are the logs?

/opt/gytpol/logs

Log retention policy

The Sensor is configured to retain logs for a period of 10 days. Each day may generate one or more log files, depending on the number of actions performed (e.g., scans, service logs, remediations). After 10 days, older log files are automatically deleted to maintain efficient log management.

This behavior can be observed in any installed macOS Sensor under the directory /opt/gytpol/log.

Sensor version check

To check the macOS sensor version, run the following commands:

Code Block
languagebash
cd /opt

...

/gytmac
sudo ./gytmac-version

The output should show the version number:

...

Where are the configuration folder?

config.json ” for Sensor’s configuration to a dedicated server

...

This file contains Sensor’s configuration:

{

Code Block
languagejson
{
    "HttpVerifyCert" : false,

...


    "HttpTimeout" : 10000000000,

...


    "ServerAddress" : "_gytpol",

...


    "ArchiveFolderPath" : "archive"

...


}

Fields explanations:

HttpVerifyCert - Indicate whether to validate the server’s certificate when using HTTP requests.

HttpTimeout - Determine the timeout (in Nano Seconds) for HTTP requests.

ServerAddress - The address of the GYTPOL server.

ArchiveFolderPath - Folder (relative to /opt/gytpol) in which reports are being saved to before sending them to the server. Anchor_Toc140072065_Toc140072065

Uninstalling

  1. Stop the launch daemon.

sudo launchctl stop com.gytpol.gytmac

  1. Unload the launch daemon from launchctl.

sudo launchctl unload -w /Library/LaunchDaemons/com.gytpol.gytmac.plist

  1. Delete the lauanch daemon configuration plist file.

sudo rm -rf /Library/LaunchDaemons/com.gytpol.gytmac.plist

  1. Remove folder (including all sub-directories & sub-files).

sudo rm -rf /opt/gytpol

  1. Discard receipt data.

sudo pkgutil --forget com.gytpol.gytmac

Info

Deleting files that may lead to loss is at your own risk, please make sure that nothing important is being removed before deleting! It's always a good idea to take a backup of important data before making any changes to the system.