Articles in this section

Configure Agent Behavior in config.json File

If you run the install.sh script to install a Lacework agent on a machine, the script creates a config.json file in the /var/lib/lacework/config directory. You can add entries to the config.json file to alter the agent behavior as described in the following tables.

Top Level Properties

The first table describes the general agent properties. 

The config.json file must start with a { parentheses and end with a } parentheses with commas separating each property for example, here are the contents an example config.json file:

{
  “Tokens”: { "AccessToken" : Your_Access_Token", 
  “ProxyUrl”:”http://Your_Proxy_Server:Your_Port”
}
Property  Description 
“tokens”: 
{ 
   "accesstoken" : Your_Access_Token" 
}
Where Your_Access_Token is an access token generated by Lacework.		 To connect to the Lacework Application, Lacework agents require an access token. For more information, see Agent Access Tokens. 
“proxyurl”:”http://Your_Proxy_Server:Your_Port”
Where Your_Proxy_Server is the URL for your HTTP or Socks proxy server and Your_Port is the port number of your proxy server.		 The Lacework agent can be configured to use a network proxy by adding proxy information to the configuration file or by creating a https_proxy environment variable. For more information, see Required Connectivity, Proxies & Certificates. 
"tags": 
{ 
  "test_01": "Value_01",
  "test_02" : "Value_02"
}
 Specify name/value tags to categorize your agents, for example, identifying critical assets. For more information, see Adding Agent Tags. 
"cpulimit": "500m"
In this example, the suffix 'm' stands for one hundred millicpu.		 Specify the maximum number of CPU units that the Lacework agent can use on the machine that has the agent installed. 
"memlimit": "750M
In this example, the suffix 'M' stands for Megabytes.		 Specify the maximum amount of memory that the Lacework agent can use on the machine that has the agent installed. Specify the size as a suffix:
  • 'm' or 'M' is Megabytes.
  • 'g' or 'G' is Gigabytes.

File Integrity Monitoring (FIM) Properties

The following table describes the File Integrity Monitoring (FIM) agent properties. 

These properties must be specified within a single fim property as shown in the following example:

fim
{
 "fileignore": ["/etc/fstab"]
 "filepath": ["/home/user/.ssh", "/opt/bin"]
}
Property  Description 
"filepath": ["/home/user/.ssh", "/opt/bin"],
 By default, Lacework monitors a set of default paths. You can optionally override these default paths using this property. For the default paths and more information, see File Integrity Monitoring. 
"fileignore": ["/etc/fstab"]
 By default, Lacework excludes monitoring a set of default paths. You can optionally override these non-monitored default paths using this property. For the default paths and more information, see File Integrity Monitoring.