Customize Unattended Acronis Cyber Agent Installation on Linux
Starting the agent for the Acronis Cyber Cloud 9.0, it's possible to customize the Acronis Cyber Agent installation using command line parameters. In this article, we'll navigate common customization scenarios for Linux systems.

Secure your workloads with the Acronis Cyber Protection
You can find more details on how to use API and the Management Console UI to generate the Agent registration tokens https://developer.acronis.com/blog/posts/automate-acronis-agent-installations-with-protection-plan-applying/.
Install the Agent on Linux
When you call the agent installer with the --help
parameter, you receive the full list of available setup program parameters.
sudo ./CyberProtect_AgentForLinux_x86_64.bin --help
Please, check that you meet all pre-requirements before installing the agent.
To add the Acronis Backup modules to Linux kernel, setup program needs the following Linux packages:
- the package with kernel headers or sources. The package version must match the kernel version;
- the GNU Compiler Collection (GCC) compiler system. The GCC version must be the one with which the kernel was compiled;
- the Make tool;
- the Perl interpreter;
- the libelf-dev, libelf-devel, or elfutils-libelf-devel libraries for building kernels starting with 4.15 and configured with CONFIG_UNWINDER_ORC=y. For some distributions, such as Fedora 28, they need to be installed separately from kernel headers
For your reference, we put the complete list of these parameters below. If you are interested in specific scenarios, please skip that table.
Parameter | Description |
---|---|
-v, --version |
show version information |
--product-info |
print product info |
--snapapi-list |
print binary snapapi versions |
--file-protector-list |
print binary file protector versions |
--components-list |
print installer components |
-a, --auto |
automatic (unattended) setup |
--skip-prereq-check |
skip prerequisites check |
--force-weak-snapapi |
force weak snapapi (do not try to build) |
--force-weak-file-protector |
force weak file_protector (do not try to build) |
--skip-svc-start |
skip services start |
-t, --strict |
make all warnings into errors |
-n, --nodeps |
ignore dependencies during unattended setup |
-u, --uninstall |
uninstall |
-u, --uninstall |
uninstall |
--purge |
deprecated, equivalent to --uninstall |
--no-purge |
do not remove logs and configuration settings during uninstallation, requires --uninstall |
-s, --disable-native-shared |
Use own redistributable libraries even if they are already present in the system |
-d, --debug |
verbose log information |
--tmp-dir=STRING |
specifies a directory used for storing temporary files during the installation (the default is /var/tmp/) |
-i, --id=STRING |
specifies component to be installed (only for unattended installation) For the time of this article written, there are three components available: BackupAndRecoveryAgent -- Agent for Linux AgentForPCS -- Agent for Virtuozzo OracleAgentFeature -- Agent for Oracle |
-e, --ssl=STRING |
use ssl |
-p, --port=STRING |
port address |
--skip-registration |
skip registration on rain/ams |
-C, --rain=STRING |
Cyber Protection service URL |
-g, --login=STRING |
The login of an account under which the agent will be registered in the Cyber Protection service |
-w, --password=STRING |
The password of an account under which the agent will be registered in the Cyber Protection service |
--token=STRING |
Registration token |
--tenant=STRING |
The organization ID where the agent will be registered |
--register-with-credentials |
Force registration with credentials |
--reg-transport=STRING |
Type of transport that will be used for agent registration. To register via https without certificate verification, specify https . To register via https with certificate verification using system CA, specify https-ca-system . To register via https with certificate verification using CA bundle delivered with the product, specify https-ca-bundle . To register via https with certificate verification using pinned public key, specify https-pinned-public-key . In this case parameter reg-transport-pinned-public-key must be specified. |
--reg-transport-pinned-public-key=STRING |
Pinned public key. If this parameter is specified, parameter reg-transport must be equal to reg-transport-pinned-public-key or be omitted. |
--http-proxy-host=STRING |
IP/name of HTTP proxy server |
--http-proxy-port=INT |
Port of HTTP proxy server |
--http-proxy-login=STRING |
Login for HTTP proxy server |
--http-proxy-password=STRING |
Password for HTTP proxy server |
-B, --packages-bundle=STRING |
bundle with packages file name |
--language=STRING |
force language, available languages:en,bg,cs,da,de,es,fr,ko,id,it,hu,ms,nl,ja,nb,pl,pt,pt_BR,ru,fi,sr,sv,tr,zh,zh_TW |
--options-file=STRING |
options file, use it to hide sensitive info from ps |
--allow-experimental-file-protector |
Use less restrictive file protector supported OS limitations |
--force-file-protector |
Always install file protector kernel module |
--disable-file-protector |
Disable file protector kernel module |
-?, --help |
Show help message |
--usage |
Display brief usage message |
A lot of customization can be realized using those parameters. However, there are common ones that we explain in detail below.
Unattended Installation
The classic customization of the agent installation is an unattended installation. The simplest way to do it is just specified -a
parameter. However, it's not enough as the agent should be registered to the Acronis Cyber Cloud to work. The simplest option is an automated registration using either a user name and password or a registration token. If, for some reason, you need to register the agent lately, use --skip-registration
parameter during the installation and then register the agent using the registration utility command-line tool.
To only install the Agent for Linux only with the no-UI show and skip the registration
sudo ./CyberProtect_AgentForLinux_x86_64.bin -a --skip-registration --id=BackupAndRecoveryAgent
To register the agent using account and password after the installation
/usr/lib/Acronis/RegisterAgentTool/RegisterAgent -o register -t cloud -a {dc-url} -u {login} -p {password}
An example
/usr/lib/Acronis/RegisterAgentTool/RegisterAgent -o register -t cloud -a https://dev-cloud.acronis.com -u stas.pavlov@nowhere.com -p ItisaVeryStrongPassword1991?
To register the agent using a token after the installation
/usr/lib/Acronis/RegisterAgentTool/RegisterAgent -o register -t cloud -a {dc-url} --token {token}
An example
/usr/lib/Acronis/RegisterAgentTool/RegisterAgent -o register -t cloud -a https://dev-cloud.acronis.com --token 0454-BAA1-4A1F
To install the Agent for Linux only and register with login and password
sudo ./CyberProtect_AgentForLinux_x86_64.bin -a --id=BackupAndRecoveryAgent --login={login} --password={password} -C {dc-url}
An example
sudo ./CyberProtect_AgentForLinux_x86_64.bin -a --id=BackupAndRecoveryAgent --login=stas.pavlov@nowhere.com --password=ItisaVeryStrongPassword1991? -C https://dev-cloud.acronis.com
To install the Agent for Linux only and register with a token
sudo ./CyberProtect_AgentForLinux_x86_64.bin -a --id=BackupAndRecoveryAgent --token={token} -C {dc-url}
An example
sudo ./CyberProtect_AgentForLinux_x86_64.bin -a --id=BackupAndRecoveryAgent --token=0454-BAA1-4A1F -C https://dev-cloud.acronis.com
The token can be generated either from the Management Console Add device form or using Acronis Cyber Platform API. It can be either only with user information or as well with protection plan information. Please, see details here https://developer.acronis.com/blog/posts/automate-acronis-agent-installations-with-protection-plan-applying/.
Hide the Agent System Tray Appearance
As the Acronis Cyber Protect expects to protect Linux servers, there is no try component and UI.
Register the Agent and Apply a Protection Plan
After the agent is registered in the Acronis Cyber Cloud, a protection plan should be applied to a device protected. It can be done with different approaches. However, when any endpoint-centric RMM is already in use, it might raise a demand to not only install and register the agent but apply a plan as well from a device.
To implement that approach you need to use a token registration process with the token included a protection plan.
This is a two-step process. The first step is the unattended agent installation and registration with a token which is included a protection plan. The second step is using that token and a bash script to apply the included in the token protection plan to the device.
The unattended installation is covered above, so we only focus on the second scripting part.
During the agent registration, a new resource is registered in the Acronis Cyber Cloud. After that, it's possible to apply a protection plan to that resource. Below you can find an example without error handling. As well, you need somehow to know that the agent installer is finished their tasks. It might be done in many ways, for example, you can pull a resource id from the config file until you have it.
################################################
# Variables
################################################
_reg_token={put_the_agent_registratio_toke_with_a_protection_plan_included_here|example:0454-BAA1-4A1F}
_base_url={put_your_DC_Url_here_ending_with_backslash|example:https://dev-cloud.acronis.com/}
################################################
# Helper functions
################################################
# XML config file needs to be parsed to find resource id
# We will use a simple example from https://stackoverflow.com/questions/893585/how-to-parse-xml-in-bash
# As it's well documented in that post
_read_dom () {
local IFS=\>
read -d \< ENTITY CONTENT
local RET=$?
TAG_NAME=${ENTITY%% *}
ATTRIBUTES=${ENTITY#* }
return $RET
}
# Read config file, find value tag with name InstanceID and echo CONTENT
_parse_dom () {
if [[ $TAG_NAME = "value" ]] ; then
eval local $ATTRIBUTES
if [[ $name = "InstanceID" ]] ; then
echo $CONTENT
exit
fi
fi
}
# Below you can find some helper functions to call Acronis REST API
# Print errors info to STDERR and exit execution
_die() { printf ":: %s\n\n" "$*" >&2; exit 1; }
# Pipe JSON from file, extract JSON property, remove quotas from the property's value
_get_access_token_from_file(){ jq '.access_token' < "${1}" | sed -e 's/^"//' -e 's/"$//'; }
# POST API call with Bearer Authentication
# $1 - an API endpoint to call
# $2 - Content-Type
# $3 - urlencoded data 1st param
# $4 - urlencoded data 2st param
_post_api_call_bearer_urlencoded () {
local _response_body
local _response_code
curl -s \
-X POST \
--url "${_base_url}${1}" \
-H "Authorization: Bearer ${_access_token}" \
-H "Accept: application/json" \
-H "Content-type: ${2}" \
--data-urlencode "${3}" \
--data-urlencode "${4}" \
-w "\n%{http_code}" | {
read -r _response_body
read -r _response_code
_response "${_response_body}"
if [[ $_response_code = 20* ]] ; then
echo "${_response_body}"
else
_die "The POST API Call with the endpoint ${1} is unsuccessful with response code: ${_response_code}." "${_response_body}"
fi
}
}
# POST API call with Bearer Authentication
# $1 - an API endpoint to call
# $2 - Content-Type
# $3 - POST data
_post_api_call_bearer () {
local _response_body
local _response_code
curl -s \
-X POST \
--url "${_base_url}${1}" \
-H "Authorization: Bearer ${_access_token}" \
-H "Accept: application/json" \
-H "Content-type: ${2}" \
--data-raw "${3}" \
-w "\n%{http_code}" | {
read -r _response_body
read -r _response_code
_response "${_response_body}"
if [[ $_response_code = 20* ]] ; then
echo "${_response_body}"
else
_die "The POST API Call with the endpoint ${1} is unsuccessful with response code: ${_response_code}." "${_response_body}"
fi
}
}
################################################
# Actual flow for applying a protection plan
################################################
# You need appropriate right to read /etc/Acronis/BackupAndRecovery.config file
# Put resource id to the file for the script debug simplicity
while _read_dom; do
_parse_dom
done < /etc/Acronis/BackupAndRecovery.config > ~/resourceId.txt
# Remove quotas and put resource id into the variable
_resource_id=$(cat ~/resourceId.txt | sed -e 's/^"//' -e 's/"$//';)
# Exchange registration token to authorization token
_post_api_call_bearer_urlencoded "idp/token" \
"application/x-www-form-urlencoded" \
"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
"assertion=${_reg_token}" \
> ~/access_token.json
# Get access_token from file
_access_token=$(_get_access_token_from_file "~/access_token.json")
# Construct JSON to apply a protection plan
_json='{
"context": {
"items": [
"'$_resource_id'"
]
}
}'
# To apply a protection plan
# POST API call using function defined in basis_functions.sh
# with following parameters
# $1 - an API endpoint to call
# $2 - Content-Type
# $3 - POST data
# The result is stored in results.json file
_post_api_call_bearer "api/policy_management/v4/applications" \
"application/json" \
"${_json}" > "~/results.json"
There is a dedicated article for that topic with more details explained. Please, see details here https://developer.acronis.com/blog/posts/automate-acronis-agent-installations-with-protection-plan-applying/.
Summary
Now you know how to customize the Acronis Cyber Agent installation on Linux. In the following article, we'll discuss the same topics for macOS; the Windows article can be found here https://developer.acronis.com/blog/posts/customize-unattended-acronis-cyber-agent-installation-on-windows/.
For further API learning, register at our Platform Program or Developer Network on https://developer.acronis.com site.
Find our public Postman API collection for standard automation and integration tasks https://explore.postman.com/grey-rocket-585331 or use our GitHub examples https://github.com/acronis.