July 2021 Linux Agent Release
v4.0
Release Date
July 6, 2021
Summary of Changes/Improvements
Changed permissions of directories and files created during Lacework agent package installation and process execution
- Fixed warnings by the Debian package manager (Lintian)
- Made the datacollector data files (Db) accessible only to the root user
- Restricted datacollector process state file access only to the root user and root group.
- For Debian distributions, changed the owner of the datacollector logs to administrator group to enable access by log monitoring tools.
cmdlinefilter Property Changes: Changed the cmdlinefilter property to do a suffix match instead of matching an executable that contains any of the specified
strings.Lacework matches an executable only if the string in the subproperty matches the name of the executable, including path. For example, if the filter string is:
allow=java,bin/bash
Then, this would match
/bin/java
,/usr/bin/java
,/bin/bash
,/usr/bin/bash
. But it would not match/bin/java_2
(not a suffix match),/bin/myjava
(needs to match full command), or/mybin/bash
(needs to match the full path component).Updated Helm charts for ARM deployment
Fixed an issue where the DNS process did not display port 53 as a listening port
Fixed an issue where the Kubernetes cluster name did not appear on the Lacework Kubernetes dossier page
Using the ContainerEngineEndpoint property does not require a restart for agent v4.0 and higher
Fixed an issue where Fargate v1.40 tasks displayed the v1.30 instance type
Fixed the incorrect version information for ARM64 in the Lacework Console