Articles in this section

See more

Install from APT and YUM Repositories

 

Lacework provides repositories for Debian-based (APT) or RPM-based (YUM) distributions. When installing via the repositories, each host requires a config.json file for the agent to be able to communicate with Lacework. config.json can be created locally or copied from a centralized server using your orchestration tool of choice.

APT Installation

  1. Download and install the public signing key. 
    $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 18E76630
  2. Extract the Linux distribution. 
    $ lsb_distro=$(lsb_release -i | cut -f2 | tr '[:upper:]' '[:lower:]')
  3. Extract the version number, which is dependent on your distribution. If you don't know your distribution, you can display it using the echo command. 
    $ echo $lsb_distro
  4. If your distribution is 'debian', omit the trailing 0 from the version. If your distribution is anything else,  use the entire version number.
    debian
    $ lsb_ver=$(lsb_release -r | cut -f2 | cut -d. -f1)
    other distributions  
    $ lsb_ver=$(lsb_release -r | cut -f2)
  5. If automating the installation, you can omit the manual echo $lsb_distro check described above and add a conditional. 
    $ if [ "$lsb_distro" = "debian" ]; then lsb_ver=$(lsb_release -r | cut -f2 | cut -d. -f1); else lsb_ver=$(lsb_release -r | cut -f2); fi
    You can also use the above in the shell in place of the manual check, but the manual check provides visual validation.
  6. Extract the release name. 
    $ lsb_rel=$(lsb_release -c | cut -f2)
  7. Add the repository to sources.list. 
    $ sudo add-apt-repository 'deb [arch=amd64] https://packages.lacework.net/DEB/'"$lsb_distro"'/'"$lsb_ver"' '"$lsb_rel"' main'
  8. [Optional] Check if the repository was added to sources.list.  
    $ less /etc/apt/sources.list
    ...
    $ deb [arch=amd64] https://packages.lacework.net/DEB/debian/8 jessie main
    ...
    The above is an example - distribution, release, and version is specific to your host
  9. Update the cache. 
    $ sudo apt-get update
  10. Install the Lacework agent. 
    $ sudo apt-get install lacework
  11. You should now have a running Lacework agent, which you can check using the ps command. 
    $ ps aux | grep lacework
    root 8873 0.0 0.0 4328 752 ? Ss 21:38 0:00 /bin/sh -c /var/lib/lacework/datacollector
    root 8874 0.0 2.3 241468 23960 ? Sl 21:38 0:00 /var/lib/lacework/datacollector
    root 8884 0.1 4.6 710656 47964 ? Sl 21:38 0:03 /var/lib/lacework/datacollector -r=collector
    admin 9007 0.0 0.2 12720 2172 pts/0 S+ 22:15 0:00 grep lacework
  12. After installing the agent, you must add config.json to each host using your preferred method. This example uses vi and creates the file directly on the host. 
    $ sudo vi /var/lib/lacework/config/config.json
  13. Get an agent access token. For more information, see Download Agent Installers and Get the Agent Access Token. Minimally, substitute your agent access token into the configuration below, paste into vi and save: 
    {
      "tokens" : { "AccessToken" : "YourAccessToken" }
    }
  14. After 10 minutes, verify that the Lacework Console's Monitor > Agents page displays the new host.

YUM Installation

  1. Download the YUM repository configuration file. 
    $ curl -O -sSL https://packages.lacework.net/RPMS/x86_64/lacework-prod.repo
  2. Move the file into the yum.repos.d directory. 
    $ sudo mv lacework-prod.repo /etc/yum.repos.d
  3. Install Lacework. 
    $ sudo yum install -y lacework
  4. In rare cases, a bug in the epel repos could cause Lacework installation to fail. If this occurs, run the installation with the epel repos disabled. 
    $ sudo yum --disablerepo=epel,epel-testing -y install lacework
    NOTE: If you want to be prompted to complete the installation, omit -y from the yum install command.
  5.  You should now have a running Lacework agent, which you can check using the ps command. 
    $ ps aux | grep lacework
    root 4947 0.0 2.3 316196 24124 ? Ssl 05:51 0:01 /var/lib/lacework/datacollector
    root 4955 0.1 4.9 713764 50136 ? Sl 05:51 1:08 /var/lib/lacework/datacollector -r=collector
    ec2-user 8071 0.0 0.0 110516 768 pts/0 R+ 17:02 0:00 grep --color=auto lacework
  6. After installing the agent, you must add config.json to each host using your preferred method. This example uses vi and creates the file directly on the host. 
    $ sudo vi /var/lib/lacework/config/config.json
  7. Get the Agent access token. Minimally, paste the following text and save the file. Replace Your_Agent_Access_Token with your agent access token. For more information, see Download Agent Installers and Get the Agent Access Token. 
    {
     "tokens" : { "AccessToken" : "Your_Agent_Access_Token" }
    }
  8. After 10 minutes, verify that the Lacework Console's Monitor > Agents page displays the new host.