Linux - Data Collection & Auditing - Automox Agent Diagnostics

What the Automox Agent Diagnostics Worklet does

This Automox Worklet™ performs comprehensive diagnostics of the Automox Agent on Linux endpoints, including service status, network connectivity, DNS resolution, and TLS version compatibility. The Worklet generates a detailed CSV report with all findings and saves it to the endpoint for troubleshooting purposes.

The Worklet evaluates critical agent components including whether the amagent service is installed, running, and enabled at system startup. It performs network routing evaluations to verify that endpoints can reach Automox infrastructure and validates that all required external resources are accessible.

During execution, the Worklet automatically installs missing prerequisites such as dig (bind-utils) and ncat (nmap) if they are not present on the system. This ensures that all diagnostic checks can complete successfully without manual intervention.

Why validate Automox Agent connectivity

Network issues, firewall misconfigurations, or routing problems can prevent the agent from functioning, leaving your endpoints unmanaged and vulnerable to security gaps. The Automox Agent must maintain continuous connectivity to Automox infrastructure to execute Worklets, report endpoint status, and deliver security updates.

By running this diagnostic Worklet, you identify connectivity issues before they impact your security posture. You can verify that DNS resolution works correctly for critical Automox domains (api.automox.com, app.launchdarkly.com, cdn.digicertcdn.com, and others), confirm that required ports are reachable, and validate that your endpoints support TLS 1.2 or newer for secure communication.

The CSV report generated by this Worklet provides the exact information that Automox support needs to diagnose connectivity problems quickly, reducing troubleshooting time and minimizing agent downtime.

How Automox Agent diagnostics work

1. Evaluation phase: The Worklet checks agent service status (installed, running, enabled), evaluates network routing to Automox infrastructure, verifies DNS resolution for all required domains (automox.com, api.automox.com, launchdarkly.com, digicert.com, and AWS S3 bucket), tests port reachability on HTTPS (443) and HTTP (80) for each external resource, confirms TLS 1.2 or 1.3 support, and captures the last 15 lines of the agent log file.

2. Remediation phase: The Worklet installs any missing diagnostic utilities (dig and ncat), executes all diagnostic checks, compiles results into a structured CSV report, creates the /var/lib/amagent/diagnostic_worklet_results directory if it does not exist, saves the timestamped CSV file, and outputs the final results with pass/fail status for all checks.

Automox Agent diagnostics requirements

• Linux endpoints (any distribution) with systemd service manager

• Automox Agent (amagent service) already installed on the endpoint

• OpenSSL installed for TLS version verification

• Package manager (yum for RHEL/CentOS or apt for Debian/Ubuntu) for installing missing utilities

• Network access to all Automox required domains (referenced in Automox Firewall Allowlisting documentation)

• RunNow execution capability (this Worklet is optimized for on-demand execution, not scheduled runs)

• Write permissions to /var/lib/amagent/ directory for storing diagnostic results

Expected agent diagnostics results

After running this Worklet, you will see a comprehensive report with service status checks (amagent installed, running, enabled), network routing verification results, TLS version compatibility status, DNS resolution outcomes for all critical domains, and port reachability results for each external service. The Worklet also outputs the last lines of the agent log for troubleshooting any connectivity or behavior anomalies. This detailed diagnostic output identifies the exact source of connectivity failures.

A timestamped CSV file is created at /var/lib/amagent/diagnostic_worklet_results/automox_diagnostics.{YYYY.MM.DD-HH.MM.SS}.csv containing all diagnostic data. You can download this file from the endpoint to share with support or analyze offline. If all checks pass, the summary indicates 'All checks have passed.' If any checks fail, they are flagged for investigation, helping you identify and resolve connectivity issues quickly. This structured diagnostic data reduces troubleshooting time and minimizes agent downtime.

How to validate automox agent diagnostics changes

1. Run this Worklet on a pilot Linux endpoint and review evaluation output for automox agent diagnostics.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit.

4. Validate remediation effects from script operations such as declare, function, local, then rerun evaluation for compliance.