Linux

On Linux, install the agent with the one-line command from the dashboard's Install Agent page (see Agent Installation). The installer creates a dedicated sielum system user, places the binary at /usr/local/bin/sielum-agent, writes its configuration and certificates to /etc/sielum/, and installs an enabled systemd service.

This page covers Linux-specific service management and removal.

Managing the service

# Status and live logs
systemctl status sielum-agent
journalctl -u sielum-agent -f

# Stop / start / restart
sudo systemctl stop sielum-agent
sudo systemctl start sielum-agent
sudo systemctl restart sielum-agent

The endpoint appears in Dashboard → Endpoints within one heartbeat interval (~30 s) of the service starting.

Privileged vs. user mode

The systemd service runs in privileged mode so the agent can enforce firewall rules — it is granted exactly CAP_NET_ADMIN (AmbientCapabilities with a matching CapabilityBoundingSet). On workstations where firewall enforcement is not needed, the agent can run in user mode (monitoring only). See Agent Installation for the feature comparison.

Uninstall

# Stop and disable the systemd service
sudo systemctl stop sielum-agent
sudo systemctl disable sielum-agent

# Remove the unit file and reset systemd state
sudo rm /etc/systemd/system/sielum-agent.service
sudo systemctl daemon-reload
sudo systemctl reset-failed sielum-agent 2>/dev/null || true

# Remove the binary, certificates, and logs
sudo rm /usr/local/bin/sielum-agent
sudo rm -rf /etc/sielum
sudo rm -rf /var/log/sielum

# Remove the dedicated system user created by the installer
sudo userdel sielum

The agent remains visible in the dashboard as offline after a local uninstall. Revoke its registration from Dashboard → Endpoints if you do not intend to re-enroll the same machine.