This article explains how the Deep Security Agent (DSA) get a hostname in a Linux environment.
In Linux, DSA will get the hostname from system configuration or the local IP addresses and names mapping file, /etc/hosts.
There are three (3) varieties of hostnames which you can check from the hostnamectl command.
|Static||Provided by the kernel||hostnamectl set-hostname --static [hostname] or hostnamectl set-hostname [hostname]|
|Transient||Received from the network configuration||hostnamectl set-hostname --transient [hostname]|
|Pretty||Provided by the user||hostnamectl set-hostname --pretty [hostname]|
There are many ways to change the hostname in Linux, but we only listed one. The format of /etc/hosts is similar below, where users can configure multiple aliases.
[IP address] [name] [alias] [alias] ...
By default, the agent will get the hostname from the Linux kernel parameter and the system will return the "Static hostname" to the agent. However, there are some exceptions such as the following:
- If the "Static hostname" is localhost and "Transient hostname" is not localhost, the system will return the "Transient hostname" to DSA.
- If both "Static hostname" and "Transient hostname" are localhost, the system will return the [name] from /etc/hosts to DSA.
- If all of "Static hostname", "Transient hostname", and "Name of /etc/hosts" are localhost, the system will return the localhost to DSA even if the user configured alias in /etc/hosts.
Except when the hostname is configured as localhost or localhost.localdomain, the system will always return the hostname to DSA by the order of "Static hostname", "Transient hostname", and "Name of /etc/hosts".