Anchor
_Toc140072049 _Toc140072049

Introduction

This document aims to furnish detailed instructions on installing the GYTPOL Validator client Sensor across different operating systems, including Windows, Linux, and macOS.

GYTPOL

...

Sensor location

1. Navigate to the System Health located in the "Settings" section:

...

2. Download the GYTPOL client Sensor for your respective operating system using the download icon.

Anchor
_Toc140072050 _Toc140072050

Supported Operating Systems

...

Microsoft

...

Endpoints: Windows 7 (x32/x64) and newer

Servers: Windows Server 2008 and newer

Microsoft

...

OS support matrix

...

OS	Detection	Remediation / Revert
Windows 7	V	X
Windows 8 / 8.1	V	X
Windows 10 / 11	V	V
Windows Server 2008 / 2008 r2	V	X
Windows Server 2012 / 2012 r2	V	X
Windows Server 2016 / 2019 / 2022	V	V

Important Note: Remediation functionality is supported on older versions of Microsoft Windows and Servers as long as Powershell v5.1 and newer are installed.

Image Added

Linux

Linux distribution

...

matrix, supporting both detection, remediation and revert:

macOS:

...

...

macOS

macOS versions, supporting both detection, remediation and revert:

Supported Network devices (coming soon):

...

Anchor
_Toc140072051 _Toc140072051

Windows OS

Anchor
_Toc140072052 _Toc140072052

Pre-Installation

Ports

...

GYTPOL Client to GYTPOL server on-Prem - port 9093

...

to open:

GYTPOL Sensor to GYTPOL SaaS - port 443

Does the Endpoint or Server need to be a member of the domain?

No

Anchor
_Toc140072053 _Toc140072053

Installation

Open elevated CMD (r. click on CMD > Run as Administrator).

...

Once finished, the progress window will be disappeared.

Anchor
_Toc140072054 _Toc140072054

Post-Installation

To verify the successful installation of the

...

Sensor, follow these steps:

1. Open Task Scheduler as an Administrator.

2. Check for the gytpol folder under the main Library.

3. Expand the folder, and you should observe three tasks, as exemplified below:he example below:

...

Where will I see the scanned machine?

Navigate to the System Health located in the "Settings" section.

Select Windows OS

...

System Health located in the "Settings" section.

Select Windows OS

...

Where is the installation path?

C:\Program Files\WindowsPowerShell\Modules\gytpol

Where are the logs?

C:\Program Files\WindowsPowerShell\Modules\gytpol\log

Log retention policy

Every Windows client Sensor is configured to retain up to 10 log files, with each file being 5MB in size. Once the 10-file limit is reached, the oldest log files are automatically deleted to make room for new ones, ensuring efficient log management.

This behavior can be observed in any installed Windows client Sensor under the log directory C:\Program Files\WindowsPowerShell\Modules\gytpol\log.

How to check the sensor version

Open Control Panel > Programs > Programs and Features to see the gytpolClient version in a list.

...

Anchor
_Toc140072055 _Toc140072055

Uninstalling

To uninstall the GYTPOL Client:Sensor

1. Open "Programs and Features"."

2. Locate "gytpolClient" in the list of installed programs.

3. Right-click on "gytpolClient" and select "Uninstall" or "Remove."

...

Anchor
_Toc140072056 _Toc140072056

Linux

Anchor
_Toc140072057 _Toc140072057

Pre-Installation

Ports to open:

GYTPOL Client Sensor to GYTPOL server on-Prem - port 9093GYTPOL Client to GYTPOL SaaS - port 443

Does the

...

device need to be a member of the domain?

No

Anchor
_Toc140072058 _Toc140072058

Installation

Command to run:

• Debian (Ubuntu):

  Code Block
  language bash
  sudo dpkg -i <gytpol-

  client

  Sensor-path>

• RPM (RHEL, centOS, SUSE etc.):

  Code Block
  language bash
  sudo rpm -ivh <gytpol-

  client

  Sensor-path>

Anchor
_Toc140072059 _Toc140072059

Post-Installation

Where will I see the scanned machine?

Navigate to the System Health located in the "Settings" section.

Select Linux OS

...

How do I see and change the service

...

status?

systemctl stop/start/status gytpol-client

Where is the installation path?

/opt/gytpol

Where are the logs?

/opt/gytpol/logs

Log retention policy

The client Sensor is configured to retain logs for a period of 10 days. Each day may generate one or more log files, depending on the number of actions performed (e.g., scans, service logs, remediations). After 10 days, older log files are automatically deleted to maintain efficient log management.

This behavior can be observed in any installed Linux client Sensor under the directory /opt/gytpol/log.

Sensor version check

To check the Linux sensor version, run the following commands:

sudo /opt/gytpol/gytlnx --version

The output should show the version number:

...

Where are the configuration folder?

/opt/gytpol/config

config.json file example:

{
    "HttpVerifyCert": false,
    "HttpTimeout": 10000000000,
    "ServerAddress": "https://q1w2e3r4.execute-api.us-east-2.amazonaws.com/prod",
    "ArchivedFilePath": "archive",
    "ArchivedEncryptedReportName": "encrypted-report.json",
    "metricConfigPath": "configs/metrics.json",
    "cloudCfg": {
        "Region": "us-east-2",
        "AccessKeyID": "++AccessKeyID_String==",
        "SecretAccessKey": "++SecretAccessKey_String==",
        "ReportsBucket": {
            "scanner-report": "gytpol-CUSTOMER-us-analyzer-reports",
            "remediation-report": "gytpol-CUSTOMER-us-analyzer-reports",
            "log-report": "gytpol-CUSTOMER-us-analyzer-reports"
        }
    }
}

Uninstalling

anchorDebian: _Toc140072060

...

...

...

sudo dpkg

...

 --remove gytpol-client

...

...

...

RPM:

sudo rpm -e gytpol-client

Both rpm and dpkg commands listed above may remove certain configuration files associated with GytpolGYTPOL. Deleting files that may result in loss is at your own risk, so ensure that no critical data is being removed before proceeding.

It is highly recommended to take a backup of important data before making any changes to the system to mitigate any potential data loss. Always exercise caution when executing commands that may impact system configurations.

Configuring an Internal Proxy Server for a Linux

...

Sensor

To set up an internal proxy server for a Linux clientSensor, follow these steps.

On the Linux Operating System:

1. Open Terminal

Access the terminal on your Linux clientSensor.

2. Run the Command

Enter the following command to create a configuration file with your organization's proxy server details:Copy

cat << EOF > /opt/gytpol/environ
HTTPS_PROXY=http://<internal-proxy-server>:port 
EOF

...

Anchor
_Toc140072061 _Toc140072061

macOS

Anchor
_Toc140072062 _Toc140072062

Pre-Installation:

Ports to open:

GYTPOL Client Sensor to GYTPOL server on-Prem - port 9093GYTPOL Client to GYTPOL SaaS - port 443

Does the Endpoint need to be a member of the domain?

No

Anchor
_Toc140072063 _Toc140072063

Installation:

Before proceeding with the installation, determine the platform architecture by checking the "About this Mac." This information will help ensure that the correct version of the software is installed for your system.

...

Identify and choose the right package according to the table below:

Command to run:

sudo /usr/sbin/installer -pkg <pkg_path> -target / 

example:

sudo /usr/sbin/installer -pkg ~/Downloads/gytpol-client-0.5.1.0-0_arm64.pkg -target /

To check that the launch daemon is running run:

sudo launchctl list | grep com.gytpol.gytmac

If the daemon is currently running, you can identify its process by checking the process ID (PID) on the left side of the output. The PID is typically highlighted in red for easy identification:

...

For further information run:run:

sudo launchctl list com.gytpol.gytmac

If you are using an Intel processor, ensure that you run the correct binary with the "_amd64" designation (e.g., gytpol-client-1.2.1.2-28_amd64.pkg).Note:

Your output should look like this:

...

Anchor
_Toc140072064 _Toc140072064

Post-Installation

Where will I see the scanned machine?

Navigate to the System Health located in the "Settings" section.

Select macOS

...

How do I see and change the service status?

sudo launchctl stop/start/list com

...

.gytpol.gytmac

Where is the installation path?

/opt/gytpol

Where are the logs?

/opt/gytpol/logs

Log retention policy

The client Sensor is configured to retain logs for a period of 10 days. Each day may generate one or more log files, depending on the number of actions performed (e.g., scans, service logs, remediations). After 10 days, older log files are automatically deleted to maintain efficient log management.

This behavior can be observed in any installed macOS client Sensor under the directory /opt/gytpol/log.log.

Sensor version check

To check the macOS sensor version, run the following commands:

cd /opt/gytmac
sudo ./gytmac-version

The output should show the version number:

...

Where are the configuration folder?

“config.json ” for client’s Sensor’s configuration to a dedicated server

...

config.json

This file contains client’s Sensor’s configuration:

{

{
    "HttpVerifyCert" : false,

...

    "HttpTimeout" : 10000000000,

...

    "ServerAddress" : "_gytpol",

...

    "ArchiveFolderPath" : "archive"

...

}

Fields explanations:

HttpVerifyCert - Indicate whether to validate the server’s certificate when using HTTP requests.

HttpTimeout - Determine the timeout (in Nano Seconds) for HTTP requests.

ServerAddress - The address of the GYTPOL server.

ArchiveFolderPath - Folder (relative to /opt/gytpol) in which reports are being saved to before sending them to the server. Anchor_Toc140072065_Toc140072065

Uninstalling

1. Stop the launch daemon.

sudo launchctl stop com.gytpol.gytmac

2. Unload the launch daemon from launchctl.

sudo launchctl unload -w /Library/LaunchDaemons/com.gytpol.gytmac.plist

3. Delete the lauanch daemon configuration plist file.

sudo rm -rf /Library/LaunchDaemons/com.gytpol.gytmac.plist

4. Remove folder (including all sub-directories & sub-files).

sudo rm -rf /opt/gytpol

5. Discard receipt data.

sudo pkgutil --forget com.gytpol.gytmac