Installing the AP Java Protector

Steps to setup AP Java on Linux

Extracting the Setup Scripts and Package

To extract the setup scripts and package:

  1. Download the ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.tgz file to any location on the machine where you want to install the protector.
  2. Extract the AP Java installation package using the following command.
    tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.tgz
    The following setup files are extracted:
    • ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.tgz
    • signatures/ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.sig
  3. Verify the digital signature of the signed AP Java build.
    For more information about verifying the signed AP Java build, refer to Verification of Signed Protector Build.
  4. Extract the AP Java installation package again using the following command.
    tar –xvf ApplicationProtector_Linux-ALL-64_x86-64_JRE-1.8-64_<version>.tgz
    The following setup files are extracted:
    • LogforwarderSetup_Linux_x64_<version>.sh
    • RPAgentSetup_Linux_x64_<version>.sh
    • APJavaSetup_Linux_x64_<version>.sh

Installing Log Forwarder on Linux

The steps to install the Log Forwarder on a Linux platform using the Interactive mode or through the Silent mode are described in this section.

Note: To preserve all the configurations while upgrading the Log Forwarder, ensure that you backup all the files present under the /opt/protegrity/logforwarder/data/config.d directory.

Using Interactive Mode

To install the Log Forwarder on a Linux platform using the Interactive mode:

  1. Run the Log Forwarder installer using the following command.

    ./LogforwarderSetup_Linux_x64_<version>.sh

    The prompt to enter the Audit Store endpoint appears.

    Enter the audit store endpoint (host),
alternative (host:port) to use another port than the default port 9200 :

  2. Enter the Audit Store endpoint that is the Audit Store IP address and the Audit Store port number where the Log Forwarder sends the logs.

    Note: The default port number is 9200. If you are using the default port, then do not specify the port number.

  3. Press ENTER.

    The added Audit Store endpoint appears on the screen.

    The prompt to enter an additional Audit Store appears.

    Do you want to add another audit store endpoint? [y/n]:

  4. If you want to add more than one Audit Store endpoint, then type y otherwise type n.
    If you need to add additional Audit Store endpoints, then repeat both Step 2 and Step 3 for each additional endpoint to add.

  5. Type the y key to install into the destination directory.

    The Log Forwarder is installed in the /opt/protegrity/logforwarder/ directory.

  6. Start the Protegrity Log Forwarder service by using the following command.

    /opt/protegrity/logforwarder/bin/logforwarderctrl start

    The Log Forwarder is successfully installed.

Using Silent Mode

You can also execute the Log Forwarder installer without any manual intervention, which is also known as the Silent mode of installation. The following parameters must be provided to execute the installer in the Silent mode.

ParameterDescription
-e or --endpointIP and port of Audit Store. Use multiple -e or --endpoint for multiple endpoints.
Default port: 9200
-d or --dirOptional installation directory
Default: /opt/protegrity

At the command prompt, type the following command from the installer directory.

./LogforwarderSetup_Linux_x64_<version>.sh -e <ip address:port number> [-e <ip address:port number>]

To install the Log Forwarder in a custom directory, add the -d or --dir argument to the command to specify the Log Forwarder installation directory.

The following snippet displays a sample command.

./LogforwarderSetup_Linux_x64_<version>.sh -e <ip address:port number> [-e <ip address:port number>] -d <Log Forwarder installation directory>

Installing RP Agent on Linux

The steps to install the RP Agent on a Linux platform using the Interactive mode or through the Silent mode of installation are described in this section.

Using Interactive Mode

To install the RP Agent on a Linux platform using the Interactive mode:

  1. Run the RP Agent installer using the following command.

    ./RPAgentSetup_Linux_x64_<version>.sh

    The prompt to enter the upstream hostname or IP address appears.

    Please enter upstream host name or IP address
[]:

  2. Enter the ESA Host Name or IP Address.

  3. Press ENTER.

    The prompt to enter the username for downloading certificates appears.

    Please enter the user name for downloading certificates
[]:

  4. Enter the username for downloading the certificates.

  5. Press ENTER.

    The prompt to enter the password for downloading the certificates appears.

    Please enter the password for downloading certificates
[]:

  6. Enter ESA password.

  7. Press ENTER to install into the destination directory.

    Directories are created under /opt/protegrity/rpagent by default, and the required installation files are installed in these directories.

    Ensure that the ESA is up and running with the HubController service in running status to enable automatic downloading of certificates.

  8. If you have installed the RP Agent using the --nocert parameter, then the ESA certificates are not downloaded during the installation. To manually install the certificates to the /opt/protegrity/rpagent/data directory of the RP Agent, perform the following steps.

    i. Navigate to the /opt/protegrity/rpagent/bin directory and run the following command.

    ./GetCertificates -u <ESA User with the Export Certificates role and can create JWT token> [-h <ESA host name or IP address>] [--port <port no.>] [-d directory]

    This initiates a secure communication between the RP Agent and the ESA.

    ii. Enter the password for the ESA user.

    iii. Verify that the following files have been copied to the /opt/protegrity/rpagent/data directory:

    • CA.pem
    • cert.key
    • cert.pem
    • rpagent.cfg
    • secret.txt

  9. Start the RP Agent by using the following command.

    /opt/protegrity/rpagent/bin/rpagentctrl start

    The RP Agent is successfully installed.

Using Silent Mode

You can also execute the RP Agent installer without any manual intervention, which is also known as the Silent mode of installation. The following parameters must be provided to execute the installer in the Silent mode.

ParameterDescription
-h or --hostThe host or IP address of the upstream server that is providing the resilient packages.
-u or --userThe name of the ESA user with the Export Certificates role.
-p or --passwordThe password of the ESA user with the Export Certificates role.
--portThe port number of the upstream server that is providing the resilient packages. The default port number is 25400.
-d or --dirThe installation directory, which is an optional parameter. If the installation directory is not specified, then the installation path is the default directory, which is /opt/protegrity.

At the command prompt, type the following command from the installer directory.

./RPAgentSetup_Linux_x64_<version>.sh (-u <user> -p <password>) [-h <host>] [--port <port>]

If you want to install the RP Agent in a custom directory, then you can add the -d parameter to the command to specify the directory.

The following command displays a sample snippet.

./RPAgentSetup_Linux_x64_<version>.sh (-u <user> -p <password>) [-h <host>] [--port <port>] [-d <dir>]

Installing Application Protector Java on Linux

The steps to install the AP Java on a Linux platform using the Linux installer or through the Silent mode of installation, are described in this section.

Using Linux Installer

To install the AP Java on the Linux platform using the Linux installer:

  1. Run the AP Java installer using the following command.

    ./APJavaSetup_Linux_x64_<version>.sh

    The prompt to continue the installation appears.

    *****************************************************
Welcome to the AP Java SDK Setup Wizard
*****************************************************

This will install AP Java SDK on your computer.

Do you want to continue? [yes or no]

  2. If you want to continue with the installation of the AP Java SDK, then type yes else type no.

    If you type yes, then the prompt to enter the installation directory appears.

    Please enter installation directory
[/opt/protegrity]:

    If you type no, then the installation of the AP Java aborts.

The AP Java is installed successfully.

The default installation directory for the AP Java on a Linux platform is /opt/protegrity/sdk/java.

Ensure that the following folder structure is maintained:

  • /lib and /data directories are located at the same directory level
  • ApplicationProtectorJava.jar and jcorelite.plm are located inside the /lib directory
  • config.ini file is located in the /data directory

AP Java folder structure

Using Silent Mode

You can also execute the AP Java installer without any manual intervention, which is also known as the Silent mode of installation. The following parameter must be provided to execute the installer in the Silent mode.

ParameterDescription
-dirOptional install directory
Default: /opt/protegrity
./APJavaSetup_Linux_x64_<version>.sh [-dir <directory>]

Last modified : January 19, 2026