Install on a Dockerized Host
When using Docker, you can install the Lacework agent in a privileged container to provide security for all containers provisioned on the host. For the agent to work with Docker containers, Linux host machines must use systemd
. You can pull the agent container from DockerHub or you can build and install your own container using a customizable Lacework Dockerfile.
Docker Hub
Pulling the agent container requires you to provide your access token.
- Using the Docker client [cli], pull the Lacework image:
docker pull lacework/datacollector:latest
- Create a writeable container layer and start the image. Replace
YOUR_AGENT_ACCESS_TOKEN
with your agent access token. For more information about the agent access token, see Download Agent Installers and Get the Agent Access Token. ReplaceYOUR_API_ENDPOINT
with your agent server URL. This is mandatory for non-US users. US users do not need to specify the agent server URL, US users can run the command without the--env SERVER_URL=$YOUR_API_ENDPOINT
option. For more information, see Agent Server URL./usr/bin/docker run --name datacollector \
--net=host \
--pid=host \
--privileged \
--volume /:/laceworkfim:ro \
--volume /var/lib/lacework:/var/lib/lacework \
--volume /var/log:/var/log \
--volume /var/run:/var/run \
--volume /etc/passwd:/etc/passwd:ro \
--volume /etc/group:/etc/group:ro \
--env ACCESS_TOKEN=$YOUR_AGENT_ACCESS_TOKEN \
--env SERVER_URL=$YOUR_API_ENDPOINT \
lacework/datacollector:latest
note
Lacework signs tags published to Docker Hub with the cosign
tool. If you are using a method to verify cosign signatures use the Lacework public key on the Install Signing Keys page.
Build an Image
When you build your own container using the Lacework Dockerfile, the datacollector_wrap.sh
script must be in the same directory as Dockerfile.
Build an x86_64/AMD64 Image
- Download
docker.tar.gz
(the Docker Container). - Unzip it and save the contents locally (the Dockerfile and datacollector_wrap.sh are included).
- Build the Lacework image inside the directory you extracted from
docker.tar.gz
.docker build -t "lacework:datacollector" .
- Move the image to your private repository or run it locally.
- Create a writeable container layer and start the image. Replace
YOUR_AGENT_ACCESS_TOKEN
with your agent access token. For more information about the agent access token, see Download Agent Installers and Get the Agent Access Token. ReplaceYOUR_API_ENDPOINT
with your agent server URL. This is mandatory for non-US users. US users do not need to specify the agent server URL, US users can run the command without the--env SERVER_URL=$YOUR_API_ENDPOINT
option. For more information, see Agent Server URL.After installation, it takes 10 to 15 minutes before container data (such as polygraph and container details) is populated in the Lacework Console./usr/bin/docker run --name datacollector \
--net=host \
--pid=host \
--privileged \
--volume /:/laceworkfim:ro \
--volume /var/lib/lacework:/var/lib/lacework \
--volume /var/log:/var/log \
--volume /var/run:/var/run \
--volume /etc/passwd:/etc/passwd:ro \
--volume /etc/group:/etc/group:ro \
--env ACCESS_TOKEN=$YOUR_AGENT_ACCESS_TOKEN \
--env SERVER_URL=$YOUR_API_ENDPOINT \
lacework/datacollector:latest
Build an ARM64 Image
- Download
docker.tar.gz
(the Docker Container). - Unzip it and save the contents locally (the Dockerfile and datacollector_wrap.sh are included).
- Build the Lacework image inside the directory you extracted from
docker.tar.gz
.cd YourDirectoryPathToDownloadedFiles
docker build -t "lacework:datacollector-arm64" -f DockerfileArm64 . - Move the image to your private repository or run it locally.
- Create a writeable container layer and start the image. Replace
YOUR_AGENT_ACCESS_TOKEN
with your agent access token. For more information about the agent access token, see Download Agent Installers and Get the Agent Access Token. ReplaceYOUR_API_ENDPOINT
with your agent server URL. This is mandatory for non-US users. US users do not need to specify the agent server URL, US users can run the command without the--env SERVER_URL=$YOUR_API_ENDPOINT
option. For more information, see Agent Server URL.After installation, it takes 10 to 15 minutes before container data (such as polygraph and container details) is populated in the Lacework Console./usr/bin/docker run --name datacollector \
--net=host \
--pid=host \
--privileged \
--volume /:/laceworkfim:ro \
--volume /var/lib/lacework:/var/lib/lacework \
--volume /var/log:/var/log \
--volume /var/run:/var/run \
--volume /etc/passwd:/etc/passwd:ro \
--volume /etc/group:/etc/group:ro \
--env ACCESS_TOKEN=$YOUR_AGENT_ACCESS_TOKEN \
--env SERVER_URL=$YOUR_API_ENDPOINT \
lacework/datacollector:latest