The PII Scanner Agent is deployed on each machine whose file system you want to scan. Agents register with the PII Scanner Server, poll for queued scan jobs, execute scans against specified file paths, and forward detected PII matches to the configured target destination in real time. The agent must be installed individually on every machine in scope for scanning.
Prerequisites:
Before installing the agent, confirm the following:
- The PII Scanner Server is installed and running
- The PII Scanner Server web interface is accessible at https://<server-name>:52766
- If using the auto-generated self-signed certificate, the scanner.cer file has been copied from the PII Scanner Server and is available on the agent machine
- The agent machine has read access to all file system paths intended for scanning
- Appropriate privileges are available on the target machine for installation
Part 1 โ Linux Agent Installation:
Step 1 โ Obtain the installation package:
Obtain the Linux agent installation script:
Linux_install.sh
[Your administrator should confirm where to obtain the current agent installation package for your environment.]
Step 2 โ Extract and prepare:
If the agent is distributed as a zip file, extract it first:
unzip LTA_PII_Scanner_Agent.zip
cd LTA_PII_Scanner_Agent
Step 3 โ Configure the agent:
Before running the installer, update the config.json file with your PII Scanner Server connection details:
{
“LOG_LEVEL”: “INFO”,
“API_URL”: “https://<PII_Scanner_Server_IP>:52766/api”,
“Insecure_API”: true,
“API_CA”: “”,
“POLL_INTERVAL_MIN”: 1
}
Configuration settings:
| Setting | Description |
| LOG_LEVEL | Logging verbosity โ INFO, DEBUG, WARNING, or ERROR |
| API_URL | HTTPS URL of the PII Scanner Server API โ replace with your server’s IP or hostname |
| Insecure_API | Set to true when using the auto-generated self-signed certificate |
| API_CA | Path to a trusted CA certificate file โ leave blank when using Insecure_API: true |
| POLL_INTERVAL_MIN | How often in minutes the agent polls the server for new scan jobs |
If using a trusted CA certificate:
{
“Insecure_API”: false,
“API_CA”: “/opt/bluelance/scanner/scanner-ca.cer”
}
Step 4 โ Run the installer:
The installer installs the agent to /opt/bluelance/scanner:
chmod +x Linux_install.sh
sudo ./Linux_install.sh
The Linux installation process:
- Creates a Python virtual environment
- Installs required Python dependencies
- Configures the agent using the values in config.json
- Registers the agent with the PII Scanner Server
- Installs a systemd service for background operation
- Starts polling for scan jobs
Step 5 โ Verify the agent service:
Check the agent service status:
sudo systemctl status LTA-Scanner
Confirm the scanner log file is created:
ls /opt/bluelance/scanner/scanner.log
Step 6 โ Verify agent registration:
- Log in to the PII Scanner Server web interface at https://<server-name>:52766
- Navigate to Clients
- Confirm the agent appears in the client list with a status of Online
Part 2 โ Windows Agent Installation:
Step 1 โ Obtain the installation package:
Obtain the Windows agent installation script:
Install-LTAPiiAgentService.ps1
[Your administrator should confirm where to obtain the current Windows agent installation package for your environment.]
Step 2 โ Run the installation script:
- Open PowerShell as Administrator
- If not already done, allow PowerShell scripts to run:
Set-ExecutionPolicy Unrestricted
- Navigate to the directory containing the installation script
- Run the installer:
.\Install-LTAPiiAgentService.ps1
- Follow the on-screen prompts โ enter the PII Scanner Server connection details when requested
- Reset the PowerShell execution policy after installation:
Set-ExecutionPolicy Restricted
The Windows installation process:
- Configures the Python or packaged executable runtime
- Installs and registers the scanner agent as a Windows Service named LTA_PII_Scanner_Agent
- Prompts for server connection details
- Registers the agent with the PII Scanner Server
- Starts the agent service
Step 3 โ Verify the agent service:
Confirm the agent service is running:
sc query LTA_PII_Scanner_Agent
The service should show as Running.
Step 4 โ Verify agent registration:
- Log in to the PII Scanner Server web interface at https://<server-name>:52766
- Navigate to Clients
- Confirm the agent appears in the client list with a status of Online
TLS trust configuration:
If the PII Scanner Server is using the auto-generated self-signed certificate, agents may need to trust it before they can communicate with the server.
Option A โ Use Insecure_API (quick setup): Set Insecure_API: true in the agent config.json. This allows the agent to connect without validating the server certificate. Suitable for initial testing but not recommended for production.
Option B โ Distribute the CA certificate (recommended for production):
- Copy scanner.cer from the PII Scanner Server certs folder to the agent machine
- Configure the agent config.json:
{
“Insecure_API”: false,
“API_CA”: “<path-to-scanner.cer>”
}
- Restart the agent service to apply the change
For production deployments, use a CA-issued certificate on the PII Scanner Server and set Insecure_API: false on all agents.
Deploying agents across multiple machines:
The PII Scanner Agent must be installed individually on each machine you want to include in scanning. For large deployments consider using enterprise software deployment tools to automate agent installation across multiple machines simultaneously.
[Your administrator should document the deployment method used in your environment and maintain a list of all machines with the PII Scanner Agent installed.]
Reviewing agent logs:
If the agent does not appear in the PII Scanner Server client list or shows as Offline, review the agent logs:
Linux:
cat /opt/bluelance/scanner/scanner.log
Windows:
C:\Program Files\Blue Lance 2-0\LTA_PII_Scanner_Agent\logs\
Review logs for:
- TLS or certificate validation errors
- Connection timeouts to the PII Scanner Server
- Authentication failures
- API connectivity issues
- Job polling activity