Golden Image
Golden Image is for customers who want to use the same Operating System Images to start new machines. As we use the computer name/hostname of the machine/asset as a unique identifier for the machine/asset, customers cannot use the same image in which AIR responder is already installed without newly introduced golden image support.
It basically cleans some configuration options set during registration and then disables and stops the AIR responder service before the image of the operating system is taken. To do this, we use --prepare-golden-image
flag that is explained below. This must be called before the imaging process takes place.
After the image is prepared, the user must use --init-golden-image
flag, which is explained below before the image is used to create a new instance.
--prepare-golden-image
--prepare-golden-image
The user must use this flag before creating a golden image.
Windows:
"C:\Program Files (x86)\Binalyze\AIR\responder\AIR.exe" configure --prepare-golden-image
Linux/macOS:
/opt/binalyze/air/responder/air configure --prepare-golden-image
This flag does the following:
Stops the service.
Disables the service.
Cleans the RegisteredTo, SecurityToken, and EndpointID fields in the config.yml.
Uninstalls the watchdog (if tamper detection was enabled)
--init-golden-image
--init-golden-image
This flag activates the responder again after the golden image is up and after the hostname is changed.
Windows:
"C:\Program Files (x86)\Binalyze\AIR\responder\AIR.exe" configure --init-golden-image --deployment-token 769aca0ff45a433a --console-address air-qa.binalyze.com --organization-id 0
Linux/macOS:
/opt/binalyze/air/responder/air configure --init-golden-image --deployment-token 769aca0ff45a433a --console-address air-qa.binalyze.com --organization-id 0
Note: The use of --deployment-token
is required. Because the deployment token is clean after the registration of the AIR responder. The use of --console-address
and --organization-id
is optional. They are used to overwrite the console address and organization ID, which are already set in the configuration file at the first installation before the image was taken.
This flag does the following:
Updates the DeploymentToken, ConsoleAddress, and OrganizationID values entered as a command in the config.yml.
Starts the service.
Enables the service.
Watchdog is installed automatically after registration if it is enabled by AIR Console.
Troubleshooting
Exit code other than 0 (zero) means an error occurred while executing commands. The terminal will print the error messages, and also log file will contain the error messages.
If something goes wrong, the first option is to re-run the same command.
If a re-run of the command doesn’t succeed, the user should perform the same steps manually.
Last updated