Skip to main content

Use the Lacework Installation Script [install.sh]

For single host installations, Lacework recommends using the installation script called install.sh to download and install the Linux agent.

Download the Installation Script from the Lacework Console

note

The script you download from the Lacework Console should not be publicly shared because it is customer-specific and uses a private agent access token.

  1. In the Lacework Console, select Settings > Configuration > Agents.
  2. View the list of access tokens and sort by OS type (either Windows or Linux) in the OS column.
  3. Select the row for the Linux access token you want to use for your agent installation.
  4. Click the Install tab.
  5. Click Lacework Script.
  6. Do either of the following:
    • Click Download script to download the install.sh script to the /tmp or another directory on your target Linux server.
    • Click Copy URL to copy the URL for the script. Then use wget to download the script to your target Linux server.
  7. Run the script as sudo:
    sudo sh install.sh

install.sh Script Parameters

The install.sh script supports the following optional parameters:

ParameterDescription
-hDisplays the list of parameters supported by the install.sh script.
access_tokenSpecifies the agent access token to use during installation. For more information, see Create Agent Access Tokens.
Note: If you specify the access token, ensure that it is the first parameter for the install.sh script.
-vDisplays the version of the install.sh script.
-FDisables file integrity monitoring (FIM). For more information, see File Integrity Monitoring (FIM).
-SVerifies if the correct certificate is installed on the host. For more information, see Required Connectivity, Proxies & Certificates.
-OFilters auditd related messages going to the system journal.
-USpecifies the agent server URL. For more information, see Agent Server URL.
-LLists the agent versions that are available to install. For more information, see List Agent Versions Available for Installation.
-VSpecifies the agent version to install. For more information, see Specify the Agent Version to Install.
-HSpecifies the RPM or DEB package hash to validate the installation. For more information, see Specify a Hash to Validate the Install.

Agent Server URL

In agent v3.8 and higher, you can optionally specify the endpoint that the agent communicates with. For more information, see Agent Server URL. This parameter is mandatory for non-US users.

When you download the install.sh script from the Lacework Console, the agent server URL is already included in the install.sh script and you do not need any additional configuration.

List Agent Versions Available for Installation

In agent v5.3 and higher, you can list all agent versions available for installation by specifying the -L parameter when running the install.sh command:

sudo ./install.sh -L

Available versions:
3.8.2
3.9.5
4.0.32
4.1.62
4.2.0.218
4.3.0.5556
5.0.0.5826
5.1.0.6419
5.2.0.6913
latest

Specify the Agent Version to Install

In agent v5.3 and higher, you can specify the agent versions to download and install by specifying the -V parameter when running the install.sh command:

sudo ./install.sh -U https://agent-server-url -V 5.2.0.6913

Using serverurl already set in local config: https://agent-server-url
Check connectivity to Lacework server
Check Go Daddy root certificate
Installing on  ubuntu (focal)
Skipping writing config since a config file already exists
+ curl -fsSL https://s3-us-west-2.amazonaws.com/www.lacework.net/download/5.3.0.7160_2022-02-16_main_6771b46ad72cc525f0ada1cf7458230f2f78ab77/latest/packages/lacework_5.2.0.6913_amd64.deb
+ sh -c sleep 3; apt-get -qq update
+ sh -c sleep 3; dpkg -i /tmp/W4XUtE.deb
Selecting previously unselected package lacework.
(Reading database ... 95405 files and directories currently installed.)
Preparing to unpack /tmp/W4XUtE.deb ...
Unpacking lacework (5.2.0.6913) ...
Setting up lacework (5.2.0.6913) ...
Systemd detected
Synchronizing state of datacollector.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable datacollector
Created symlink /etc/systemd/system/multi-user.target.wants/datacollector.service → /lib/systemd/system/datacollector.service.
Processing triggers for systemd (245.4-4ubuntu3.15) ...
Lacework successfully installed

Specify a Hash to Validate the Install

By default, the agent install script uses an embedded hash value in the agent package for validation purposes. Lacework recommends using this hash for validation. Optionally, you can explicitly specify a hash value to validate the install package during the installation process. Specify a hash by using the -H parameter when running the install.sh command:

sudo ./install.sh -V 5.2.0.6913 -H 1a883b975e7725b01298d65ce12932ed5b3a8eaea9ecbbfa6a4efe5effdd7dcc

Using serverurl already set in local config: https://api.lacework.net
Check connectivity to Lacework server
Check Go Daddy root certificate
Installing on  ubuntu (focal)
Skipping writing config since a config file already exists
+ curl -fsSL https://s3-us-west-2.amazonaws.com/www.lacework.net/download/5.3.0.7160_2022-02-16_main_6771b46ad72cc525f0ada1cf7458230f2f78ab77/latest/packages/lacework_5.2.0.6913_amd64.deb
Using provided hash: 1a883b975e7725b01298d65ce12932ed5b3a8eaea9ecbbfa6a4efe5effdd7dcc
+ sh -c sleep 3; apt-get -qq update
+ sh -c sleep 3; dpkg -i /tmp/F6ePrn.deb
Selecting previously unselected package lacework.
(Reading database ... 63895 files and directories currently installed.)
Preparing to unpack /tmp/F6ePrn.deb ...
Unpacking lacework (5.2.0.6913) ...
Setting up lacework (5.2.0.6913) ...
Systemd detected
Synchronizing state of datacollector.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable datacollector
Created symlink /etc/systemd/system/multi-user.target.wants/datacollector.service → /lib/systemd/system/datacollector.service.
Processing triggers for systemd (245.4-4ubuntu3.13) ...
Lacework successfully installed

Download the Installation Script from the Lacework Package Repository

When you download the install.sh script from the Lacework Package Repository, you can (optionally) run the following command to specify the agent server URL:

sudo ./install.sh -U Your_API_Endpoint

Where Your_API_Endpoint is your agent server URL.

For example:

sudo ./install.sh -U https://api.fra.lacework.net