Articles in this section

See more

Install from APT and YUM Repositories

Lacework provides repositories for Debian-based (APT) or RPM-based (YUM) distributions. When installing via the repositories, each host requires a config.json file for the agent to be able to communicate with Lacework. You can create config.json locally or copy it from a centralized server using your orchestration tool of choice.

APT Installation

  1. Download and install the public signing key. 

      $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EE0CC692

  2. Extract the Linux distribution. 

      $ lsb_distro=$(lsb_release -i | cut -f2 | tr '[:upper:]' '[:lower:]')

  3. Extract the version number, which is dependent on your distribution. If you don't know your distribution, you can display it using the echo command. 

      $ echo $lsb_distro

  4. If your distribution is 'debian', omit the trailing 0 from the version and use the following command. 

      $ lsb_ver=$(lsb_release -r | cut -f2 | cut -d. -f1)

  5. If your distribution is anything else, use the entire version number and enter the following command. 

      $ lsb_ver=$(lsb_release -r | cut -f2)

  6. If automating the installation, you can omit the manual echo $lsb_distro check shown above and add a conditional. Note: You can also execute the command directly in the shell in place of the manual check, but the manual check provides visual validation. 

      $ if [ "$lsb_distro" = "debian" ]; then lsb_ver=$(lsb_release -r | cut -f2 | cut -d. -f1); else lsb_ver=$(lsb_release -r | cut -f2); fi

  7. Extract the release name. 

      $ lsb_rel=$(lsb_release -c | cut -f2)

  8. Add the repository to sources.list. 

      $ sudo add-apt-repository 'deb [arch=amd64] https://packages.lacework.net/DEB/'"$lsb_distro"'/'"$lsb_ver"' '"$lsb_rel"' main'

  9. [Optional] Check if the repository was added to sources.list. Below is an example - distribution, release, and version is specific to your host. 

      $ less /etc/apt/sources.list
  ...
  $ deb [arch=amd64] https://packages.lacework.net/DEB/debian/8 jessie main
  ...

  10. Update the cache. 

      $ sudo apt-get update

  11. Install the Lacework agent. 

      $ sudo apt-get install lacework

  12. You should now have a running Lacework agent, which you can check using the ps command. 

      $ ps aux | grep lacework 
    
  root 8873 0.0 0.0 4328 752 ? Ss 21:38 0:00 /bin/sh -c /var/lib/lacework/datacollector 
    
  root 8874 0.0 2.3 241468 23960 ? Sl 21:38 0:00 /var/lib/lacework/datacollector 
    
  root 8884 0.1 4.6 710656 47964 ? Sl 21:38 0:03 /var/lib/lacework/datacollector -r=collector 
    
  admin 9007 0.0 0.2 12720 2172 pts/0 S+ 22:15 0:00 grep lacework

  13. After installing the agent, you must add config.json to each host using your preferred method. This example uses vi and creates the file directly on the host. 

      $ sudo vi /var/lib/lacework/config/config.json

  14. Get an agent access token. For more information, see Download Agent Installers and Get the Agent Access Token. Minimally, substitute your agent access token into the configuration below, paste into vi and save. If you are a non-US user, specify the agent server URL. For more information, see Agent Server URL. 

      {"Tokens": {"Accesstoken": "YourAccessToken"}, "serverurl": "YourAPIEndpoint" }

    Where Your_API_Endpoint is the endpoint for your region.

  15. After 10 minutes, verify that the Lacework Console's Resources > Agents page displays the new host.

Upgrade (APT)

To upgrade the Lacework APT repository package, use the command:

$ sudo apt-get install lacework

or

$ sudo apt-get --only-upgrade install lacework

Delete a Package (APT)

To delete the Lacework APT repository package, use the command:

$ apt-get remove --purge lacework

YUM Installation

  1. Download the YUM repository configuration file. 

      $ curl -O -sSL https://packages.lacework.net/RPMS/x86_64/lacework-prod.repo

  2. Move the file into the yum.repos.d directory. 

      $ sudo mv lacework-prod.repo /etc/yum.repos.d

  3. Install Lacework. 

      $ sudo yum install -y lacework

  4. In rare cases, a bug in the epel repos could cause Lacework installation to fail. If this occurs, run the installation with the epel repos disabled. NOTE: If you want to be prompted to complete the installation, omit -y from the yum install command. 

      $ sudo yum --disablerepo=epel,epel-testing -y install lacework

  5. You should now have a running Lacework agent, which you can check using the ps command. 

      $ ps aux | grep lacework 
    
  root 4947 0.0 2.3 316196 24124 ? Ssl 05:51 0:01 /var/lib/lacework/datacollector 
    
  root 4955 0.1 4.9 713764 50136 ? Sl 05:51 1:08 /var/lib/lacework/datacollector -r=collector 
    
  ec2-user 8071 0.0 0.0 110516 768 pts/0 R+ 17:02 0:00 grep --color=auto lacework

  6. After installing the agent, you must add config.json to each host using your preferred method. This example uses vi and creates the file directly on the host. 

      $ sudo vi /var/lib/lacework/config/config.json

  7. Get an agent access token. For more information, see Download Agent Installers and Get the Agent Access Token. Minimally, substitute your agent access token into the configuration below, paste into vi and save. If you are a non-US user, specify the agent server URL. For more information, see Agent Server URL. 

          {"Tokens": {"Accesstoken": "YourAccessToken"}, "serverurl": "YourAPIEndpoint" }          

      Where Your_API_Endpoint is the endpoint for your region.

  8. After 10 minutes, verify that the Lacework Console's Resources > Agents page displays the new host.

Upgrade Packages (YUM)

To update all YUM repository packages in the system, use the command:

$ yum update

To update the Lacework YUM repository package, use the command:

$ yum update lacework

Delete a Package (YUM)

To delete the Lacework YUM repository package, use the command:

$ yum remove lacework