Uninstall the Lacework Agent from a Host Machine
Lacework agents are installed as deb or rpm packages named Lacework. To uninstall a Lacework agent, package specific Linux tools like dpkg (Ubuntu-based) or yum (Redhat-based) can be used to uninstall the agent using the following commands:
$dpkg --remove lacework
$yum remove lacework
Lacework supports the ‘purge’ or ‘erase’ option to remove all files, including configuration and logs if necessary.
Uninstall the Lacework Agent on CoreOS
To uninstall on CoreOS, remove all Docker images related to Lacework agents, then manually remove directories and saved configuration files with sudo privileges using the following commands:
rm /etc/systemd/system/datacollector.service
rm –rf /var/log/lacework/
rm –rf /var/lib/lacework/
Uninstall the Lacework Agent from Kubernetes
To uninstall the agent from Kubernetes, you must remove the agent daemonset and the configmap (local config) associated with the agent.
Note: This removes all configuration and logs related to the agent.
Use the following commands to remove the agent:
kubectl delete lacework-agent [-n namespace_name]
kubectl delete lacework-config
Use the following commands to verify that the agent daemonset was removed:
kubectl get pods --all-namespaces | grep lacework-agent
kubectl get configmap --all-namespaces | grep lacework-config
Uninstall the Lacework Agent from Docker
If you installed the agent using systemd, follow these steps to uninstall the agent:
- List all containers:
docker ps -aThe status should show that the datacollector container is up. - Stop the service:
systemctl stop datacollector - Verify that the Lacework datacollector container has stopped:
docker ps -a | grep "lacework/datacollector"The status should show that it has exited. - Disable the service:
systemctl disable datacollector - Remove the service in systemd:
rm /etc/systemd/system/datacollector
rm /etc/systemd/system/datacollector/[related symlinks]