If using Chef Infra for configuration management, Lacework maintains the following two Chef cookbooks that can be used to deploy the Lacework Datacollector Agent to supported Linux hosts:
Datacollector Cookbook - Simple cookbook used to install the latest 'GA' version of the datacollector agent using an embedded agent token. This cookbook is not idempotent, customizable, or specifically designed to be run using a Chef
Chef Lacework Cookbook - This cookbook is open source and is published to the Chef Supermarket. The cookbook is idempotent by design, customizable using Chef attributes, supports multiple installation methods (script, repo, package), provides the ability to install specific versions of the datacollector agent, and manage any supported configuration for the datacollector agent. This cookbook is suitable for customers that run Chef repeatedly on a schedule using a Chef
run_listusing a Chef Server. For more information see the Chef Lacework cookbook on Github, or on the Chef Supermarket.
Lacework Datacollector Cookbook
This simple Chef cookbook distributes the Lacework 'install.sh' script to your nodes. The script subsequently installs the latest 'GA' release of the Lacework agent.
This cookbook does not contain custom attribute files, resources, templates, providers, or library files. By design, this cookbook is not idempotent. After download, you can customize the cookbook for your environment, or alternatively you can consider the open source Chef Lacework Cookbook maintained by Lacework on the Chef Supermarket.
For an overview of the installation script, see Lacework for Workload Security.
The installation script, which can be found in the files directory, is also commented.
To trial this recipe:
- Unzip the .tar.gz.
- Review the datacollector cookbook, which contains the following directories:
- Move the datacollector cookbook to your repo on your Chef DK workstation.
- Upload the cookbook to your Chef server.
- Add the datacollector recipe to your test node or production nodes. As there are several syntax options, use your preferred Chef CLI commands.
- The install.sh script is periodically updated. You might want to download a current cookbook or install script before proceeding.
- The datacollector install script itself is idempotent.
Use Agent Server URL
In agent v3.8 and higher, you can (optionally) specify the endpoint that the agent communicates with. For more information, see Agent Server URL.
If you download chef.tar.gz from the Lacework Console, you do not need any additional configuration. In this case, the agent server URL is already included in the file.
If you download chef files from Lacework Agent GitHub repository, edit the chef recipe
default.rb to pass the serverurl as follows:
execute 'datacollector' do command 'sh /tmp/install.sh -U Your_API_Endpoint' end
Where Your_API_Endpoint is your agent server URL.