Install from Agent Multiple Version Repositories
Overview
This topic describes how to access and run multiple versions of agent packages from the Lacework package repository: packages.lacework.net.
Lacework provides the following agent repositories:
- Latest: This is the latest version of the agent. Agent releases currently follow a monthly release cadence.
- Established: This is the fleet upgrade release of the agent (quarterly update). Lacework tags a release as an established release once a quarter. This established release version is tagged for auto-upgrading all agents running older versions, unless auto-upgrade has been explicitly disabled in the config.json file.
- Archived: These are older versions of the agent. They do not appear in the Latest or Established repositories.
You can use these repositories to manage agent packages using package managers such as APT, YUM, and Zypper. You can install the latest version of the agent or a specific version in the Archived and Established repositories.
Install from APT, YUM, and Zypper Repositories
Lacework provides repositories for Debian-based (APT) or RPM-based (YUM and Zypper) distributions. When installing the repositories, each host requires a config.json file for the agent to communicate with Lacework. You can create a config.json file locally or copy it from a centralized server using any orchestration tool. For details, see config.json.
APT
For Debian-based distributions (Debian, Ubuntu), use the following steps to the set up the new Lacework repositories:
Install gpg if it is not already installed:
sudo apt install -y gpgImport the Lacework key:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 360D55D76727556814078E25FF3E1D4DEE0CC692Create the APT repository configuration file and include Lacework repositories:
lsb_distro=$(lsb_release -i | cut -f2 | tr '[:upper:]' '[:lower:]')
lsb_rel=$(lsb_release -c | cut -f2)
sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/latest/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list"
sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/established/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list"
sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/archived/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list"Replace
[arch=amd64]with[arch=arm64]if you are installing on an ARM64 system.Refresh the repositories information:
sudo apt update
To list all the available Lacework packages, use this command:
sudo apt list -a lacework
To install the latest version of the agent, use this command:
sudo apt install lacework
To install a specific version of the agent, use this command:
sudo apt install lacework=VERSION
Replace VERSION with the specific version that you want to install.
For example, to install v4.2.0.218:
sudo apt install lacework=4.2.0.218
Delete a Package (APT)
To delete the Lacework APT repository package, use the command:
sudo apt-get remove --purge lacework
YUM
- Download the repository configuration file for YUM-based distributions using this command:See Repository Configuration File for an example of the repository configuration file.
curl -O -sSL https://packages.lacework.net/lacework.repo - Move the configuration file to the /etc/yum.repos.d directory.
sudo mv lacework.repo /etc/yum.repos.d - You can enable all the repositories at the same time.
You can also disable any of the repositories if they are not needed. To do this, set the
enabledflag to 0 in the repository configuration file as follows:[packages-lacework-latest]
name=Lacework latest agent release
baseurl=https://packages.lacework.net/latest/RPMS/$basearch/
enabled=0 - To install the latest version of the agent, use this command:
sudo yum install lacework - Ensure that the correct GPG key is installed.Example output
Importing GPG key 0xEE0CC692:
Userid : "Lacework Inc. <support@lacework.net>"
Fingerprint: 360D 55D7 6727 5568 1407 8E25 FF3E 1D4D EE0C C692
From : https://packages.lacework.net/keys/RPM-GPG-KEY-lacework
Key imported successfully
To list all available agent versions, use this command:
sudo yum --showduplicates list lacework
To install a specific version, use this command:
sudo yum install lacework-VERSION
Replace VERSION with the specific agent version that you want to install.
For example, to install v4.2.0.218-1:
sudo yum install lacework-4.2.0.218-1
If you install an older version of agent from the archived repository, it is upgraded to the established version of the agent release. To prevent this auto-upgrade and pin your package to a specific version, you should disable auto-upgrade in the agent configuration file (config.json) in the /var/lib/lacework/config directory.
To disable auto-upgrade, enter the following in the config.json file:
"autoupgrade": "disable"
note
For improved security and to benefit from new and improved features, Lacework recommends that you do not disable automatic upgrade of the agent.
Delete a Package (YUM)
To delete the Lacework YUM repository package, use the command:
sudo yum remove lacework
Zypper
Download the repository configuration file for Zypper-based distributions using this command:
curl -O -sSL https://packages.lacework.net/lacework.repoSee Repository Configuration File for an example of the repository configuration file.
Move the configuration file to the /etc/zypp/repos.d directory.
sudo mv lacework.repo /etc/zypp/repos.dYou can enable all the repositories at the same time. You can also disable any of the repositories if they are not needed. To do this, set the
enabledflag to 0 in the repository configuration file as follows:[packages-lacework-latest]
name=Lacework latest agent release
baseurl=https://packages.lacework.net/latest/RPMS/$basearch/
enabled=0To install the latest version of the agent, use this command:
sudo zypper install laceworkEnsure that the correct GPG key is installed.
Example outputRetrieving: RPM-GPG-KEY-lacework .........................................[done]
New repository or package signing key received:
Repository: Lacework latest agent release
Key Fingerprint: 360D 55D7 6727 5568 1407 8E25 FF3E 1D4D EE0C C692
Key Name: Lacework Inc. <support@lacework.net>
Key Algorithm: RSA 4096
Key Created: Thu Apr 22 18:24:36 2021
Key Expires: Sat Apr 22 18:24:36 2023
Rpm Name: gpg-pubkey-ee0cc692-6081bf64
To list all available agent versions, use this command:
sudo zypper search -s lacework
To install a newer version, use this command:
sudo zypper install lacework-VERSION
Replace VERSION with the specific agent version that you want to install.
For example, to install v5.6.0.8352:
sudo zypper install lacework-5.6.0.8352
To install an older version, use this command:
sudo zypper install --oldpackage lacework-VERSION
Replace VERSION with the specific agent version that you want to install.
For example, to install v4.2.0.218-1:
sudo zypper install --oldpackage lacework-4.2.0.218-1
If you install an older version of agent from the archived repository, it is upgraded to the established version of the agent release. To prevent this auto-upgrade and pin your package to a specific version, you should disable auto-upgrade in the agent configuration file (config.json).
To disable auto-upgrade, enter the following in the config.json file:
"autoupgrade": "disable"
Delete a Package (Zypper)
To delete the Lacework Zypper repository package, use this command:
sudo zypper remove lacework
Sample Repository Configuration File
The following is a sample repository configuration file for YUM and Zypper-based distributions:
[packages-lacework-latest]
name=Lacework latest agent release
baseurl=https://packages.lacework.net/latest/RPMS/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://packages.lacework.net/latest/keys/RPM-GPG-KEY-lacework
[packages-lacework-established]
name=Lacework established agent release
baseurl=https://packages.lacework.net/established/RPMS/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://packages.lacework.net/established/keys/RPM-GPG-KEY-lacework
[packages-lacework-archived]
name=Lacework archived agent release
baseurl=https://packages.lacework.net/archived/RPMS/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://packages.lacework.net/archived/keys/RPM-GPG-KEY-lacework