Use the Lacework Installation Script [install.sh]
For single host installations, Lacework recommends using the installation script called install.sh
to download and install the Linux agent.
Download the Installation Script from the Lacework Console
note
The script you download from the Lacework Console should not be publicly shared because it is customer-specific and uses a private agent access token.
- In the Lacework Console, select Settings > Configuration > Agents.
- View the list of access tokens and sort by OS type (either Windows or Linux) in the OS column.
- Select the row for the Linux access token you want to use for your agent installation.
- Click the Install tab.
- Click Lacework Script.
- Do either of the following:
- Click Download script to download the install.sh script to the
/tmp
or another directory on your target Linux server. - Click Copy URL to copy the URL for the script. Then use
wget
to download the script to your target Linux server.
- Click Download script to download the install.sh script to the
- Run the script as sudo:
sudo sh install.sh
install.sh Script Parameters
The install.sh script supports the following optional parameters:
Parameter | Description |
---|---|
-h | Displays the list of parameters supported by the install.sh script. |
access_token | Specifies the agent access token to use during installation. For more information, see Create Agent Access Tokens. Note: If you specify the access token, ensure that it is the first parameter for the install.sh script. |
-v | Displays the version of the install.sh script. |
-F | Disables file integrity monitoring (FIM). For more information, see File Integrity Monitoring (FIM). |
-S | Verifies if the correct certificate is installed on the host. For more information, see Required Connectivity, Proxies & Certificates. |
-O | Filters auditd related messages going to the system journal. |
-U | Specifies the agent server URL. For more information, see Agent Server URL. |
-L | Lists the agent versions that are available to install. For more information, see List Agent Versions Available for Installation. |
-V | Specifies the agent version to install. For more information, see Specify the Agent Version to Install. |
-H | Specifies the RPM or DEB package hash to validate the installation. For more information, see Specify a Hash to Validate the Install. |
Agent Server URL
In agent v3.8 and higher, you can optionally specify the endpoint that the agent communicates with. For more information, see Agent Server URL. This parameter is mandatory for non-US users.
When you download the install.sh script from the Lacework Console, the agent server URL is already included in the install.sh script and you do not need any additional configuration.
List Agent Versions Available for Installation
In agent v5.3 and higher, you can list all agent versions available for installation by specifying the -L
parameter when running the install.sh
command:
sudo ./install.sh -L
Available versions:
3.8.2
3.9.5
4.0.32
4.1.62
4.2.0.218
4.3.0.5556
5.0.0.5826
5.1.0.6419
5.2.0.6913
latest
Specify the Agent Version to Install
In agent v5.3 and higher, you can specify the agent versions to download and install by specifying the -V
parameter when running the install.sh
command:
sudo ./install.sh -U https://agent-server-url -V 5.2.0.6913
Using serverurl already set in local config: https://agent-server-url
Check connectivity to Lacework server
Check Go Daddy root certificate
Installing on ubuntu (focal)
Skipping writing config since a config file already exists
+ curl -fsSL https://s3-us-west-2.amazonaws.com/www.lacework.net/download/5.3.0.7160_2022-02-16_main_6771b46ad72cc525f0ada1cf7458230f2f78ab77/latest/packages/lacework_5.2.0.6913_amd64.deb
+ sh -c sleep 3; apt-get -qq update
+ sh -c sleep 3; dpkg -i /tmp/W4XUtE.deb
Selecting previously unselected package lacework.
(Reading database ... 95405 files and directories currently installed.)
Preparing to unpack /tmp/W4XUtE.deb ...
Unpacking lacework (5.2.0.6913) ...
Setting up lacework (5.2.0.6913) ...
Systemd detected
Synchronizing state of datacollector.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable datacollector
Created symlink /etc/systemd/system/multi-user.target.wants/datacollector.service → /lib/systemd/system/datacollector.service.
Processing triggers for systemd (245.4-4ubuntu3.15) ...
Lacework successfully installed
Specify a Hash to Validate the Install
By default, the agent install script uses an embedded hash value in the agent package for validation purposes. Lacework recommends using this hash for validation. Optionally, you can explicitly specify a hash value to validate the install package during the installation process. Specify a hash by using the -H
parameter when running the install.sh
command:
sudo ./install.sh -V 5.2.0.6913 -H 1a883b975e7725b01298d65ce12932ed5b3a8eaea9ecbbfa6a4efe5effdd7dcc
Using serverurl already set in local config: https://api.lacework.net
Check connectivity to Lacework server
Check Go Daddy root certificate
Installing on ubuntu (focal)
Skipping writing config since a config file already exists
+ curl -fsSL https://s3-us-west-2.amazonaws.com/www.lacework.net/download/5.3.0.7160_2022-02-16_main_6771b46ad72cc525f0ada1cf7458230f2f78ab77/latest/packages/lacework_5.2.0.6913_amd64.deb
Using provided hash: 1a883b975e7725b01298d65ce12932ed5b3a8eaea9ecbbfa6a4efe5effdd7dcc
+ sh -c sleep 3; apt-get -qq update
+ sh -c sleep 3; dpkg -i /tmp/F6ePrn.deb
Selecting previously unselected package lacework.
(Reading database ... 63895 files and directories currently installed.)
Preparing to unpack /tmp/F6ePrn.deb ...
Unpacking lacework (5.2.0.6913) ...
Setting up lacework (5.2.0.6913) ...
Systemd detected
Synchronizing state of datacollector.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable datacollector
Created symlink /etc/systemd/system/multi-user.target.wants/datacollector.service → /lib/systemd/system/datacollector.service.
Processing triggers for systemd (245.4-4ubuntu3.13) ...
Lacework successfully installed
Download the Installation Script from the Lacework Package Repository
When you download the install.sh script from the Lacework Package Repository, you can (optionally) run the following command to specify the agent server URL:
sudo ./install.sh -U Your_API_Endpoint
Where Your_API_Endpoint
is your agent server URL.
For example:
sudo ./install.sh -U https://api.fra.lacework.net