July 2021 Linux Agent Release

v4.0

Release Date

July 6, 2021

Summary of Changes/Improvements

• Changed permissions of directories and files created during Lacework agent package installation and process execution

  • Fixed warnings by the Debian package manager (Lintian)
  • Made the datacollector data files (Db) accessible only to the root user
  • Restricted datacollector process state file access only to the root user and root group.
  • For Debian distributions, changed the owner of the datacollector logs to administrator group to enable access by log monitoring tools.

• cmdlinefilter Property Changes: Changed the cmdlinefilter property to do a suffix match instead of matching an executable that contains any of the specified
  strings.

  Lacework matches an executable only if the string in the subproperty matches the name of the executable, including path. For example, if the filter string is:

  allow=java,bin/bash

  Then, this would match /bin/java, /usr/bin/java, /bin/bash, /usr/bin/bash. But it would not match /bin/java_2 (not a suffix match), /bin/myjava (needs to match full command), or /mybin/bash (needs to match the full path component).

• Updated Helm charts for ARM deployment

• Fixed an issue where the DNS process did not display port 53 as a listening port

• Fixed an issue where the Kubernetes cluster name did not appear on the Lacework Kubernetes dossier page

• Using the ContainerEngineEndpoint property does not require a restart for agent v4.0 and higher

• Fixed an issue where Fargate v1.40 tasks displayed the v1.30 instance type

• Fixed the incorrect version information for ARM64 in the Lacework Console