Skip to main content

Install Linux Agent from Package Repositories

Overview

This topic describes how to access and run multiple versions of agent packages from the Lacework package repository: packages.lacework.net.

Lacework provides the following agent repositories:

  • Latest: This is the latest version of the agent. Agent releases currently follow a monthly release cadence.
  • Established: This is the fleet upgrade release of the agent (quarterly update). Lacework tags a release as an established release once every few months. This established release version is tagged for auto-upgrading all agents running older versions, unless auto-upgrade has been explicitly disabled in the config.json file.
  • Archived: These are older versions of the agent. They do not appear in the Latest or Established repositories.

You can use these repositories to manage agent packages using package managers such as APT, YUM, and Zypper. You can install the latest version of the agent or a specific version in the Archived and Established repositories.

Install from APT, YUM, and Zypper Repositories

Lacework provides repositories for Debian-based (APT) or RPM-based (YUM and Zypper) distributions. When installing the repositories, each host requires a config.json file for the agent to communicate with Lacework. You can create a config.json file locally or copy it from a centralized server using any orchestration tool. For details, see config.json.

APT

For Debian-based distributions (Debian, Ubuntu), use the following steps to the set up the new Lacework repositories:

  1. Install gpg if it is not already installed:

    sudo apt install -y gpg
  2. Install the ca-certificates package:

    sudo apt-get install -y ca-certificates
  3. Import the Lacework key:

    sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 360D55D76727556814078E25FF3E1D4DEE0CC692
  4. Install the lsb-release package:

    sudo apt-get install -y lsb-release
  5. Create the APT repository configuration file and include Lacework repositories:

    lsb_distro=$(lsb_release -i | cut -f2 | tr '[:upper:]' '[:lower:]')
    lsb_rel=$(lsb_release -c | cut -f2)
    sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/latest/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list"
    sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/established/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list"
    sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/archived/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list"

    Replace [arch=amd64] with [arch=arm64] if you are installing on an ARM64 system.

  6. Refresh the repositories information:

    sudo apt update

To list all the available Lacework packages, use this command:

sudo apt list -a lacework

To install the latest version of the agent, use this command:

sudo apt install lacework

To install a specific version of the agent, use this command:

sudo apt install lacework=VERSION

Replace VERSION with the specific version that you want to install.

For example, to install v6.5.0.12833:

sudo apt install lacework=6.5.0.12833

Delete a Package (APT)

To delete the Lacework APT repository package, use the command:

sudo apt-get remove --purge lacework

YUM

  1. Download the repository configuration file for YUM-based distributions using this command:
    curl -O -sSL https://packages.lacework.net/lacework.repo
    See Repository Configuration File for an example of the repository configuration file.
  2. Move the configuration file to the /etc/yum.repos.d directory.
    sudo mv lacework.repo /etc/yum.repos.d
  3. You can enable all the repositories at the same time. You can also disable any of the repositories if they are not needed. To do this, set the enabled flag to 0 in the repository configuration file as follows:
    [packages-lacework-latest]
    name=Lacework latest agent release
    baseurl=https://packages.lacework.net/latest/RPMS/$basearch/
    enabled=0
  4. To install the latest version of the agent, use this command:
    sudo yum install lacework
  5. Ensure that the correct GPG key is installed.
    Example output
    Importing GPG key 0xEE0CC692:
    Userid : "Lacework Inc. <support@lacework.net>"
    Fingerprint: 360D 55D7 6727 5568 1407 8E25 FF3E 1D4D EE0C C692
    From : https://packages.lacework.net/keys/RPM-GPG-KEY-lacework
    Key imported successfully

To list all available agent versions, use this command:

sudo yum --showduplicates list lacework

To install a specific version, use this command:

sudo yum install lacework-VERSION

Replace VERSION with the specific agent version that you want to install.

For example, to install v6.5.0.12833-1:

sudo yum install lacework-6.5.0.12833-1

If you install an older version of agent from the archived repository, it is upgraded to the established version of the agent release. To prevent this auto-upgrade and pin your package to a specific version, you should disable auto-upgrade in the agent configuration file (config.json) in the /var/lib/lacework/config directory.

To disable auto-upgrade, enter the following in the config.json file:

"autoupgrade": "disable"
note

For improved security and to benefit from new and improved features, Lacework recommends that you do not disable automatic upgrade of the agent.

Delete a Package (YUM)

To delete the Lacework YUM repository package, use the command:

sudo yum remove lacework

Zypper

  1. Download the repository configuration file for Zypper-based distributions using this command:

    curl -O -sSL https://packages.lacework.net/lacework.repo

    See Repository Configuration File for an example of the repository configuration file.

  2. Move the configuration file to the /etc/zypp/repos.d directory.

    sudo mv lacework.repo /etc/zypp/repos.d
  3. You can enable all the repositories at the same time. You can also disable any of the repositories if they are not needed. To do this, set the enabled flag to 0 in the repository configuration file as follows:

    [packages-lacework-latest]
    name=Lacework latest agent release
    baseurl=https://packages.lacework.net/latest/RPMS/$basearch/
    enabled=0
  4. To install the latest version of the agent, use this command:

    sudo zypper install lacework
  5. Ensure that the correct GPG key is installed.

    Example output
    Retrieving: RPM-GPG-KEY-lacework .........................................[done]
    New repository or package signing key received:

    Repository: Lacework latest agent release
    Key Fingerprint: 360D 55D7 6727 5568 1407 8E25 FF3E 1D4D EE0C C692
    Key Name: Lacework Inc. <support@lacework.net>
    Key Algorithm: RSA 4096
    Key Created: Mon Apr 24 11:04:37 2023
    Key Expires: Sun May 1 11:04:17 2033
    Rpm Name: gpg-pubkey-ee0cc692-64466245

To list all available agent versions, use this command:

sudo zypper search -s lacework

To install a newer version, use this command:

sudo zypper install lacework-VERSION

Replace VERSION with the specific agent version that you want to install.

For example, to install v6.5.0.12833-1:

sudo zypper install lacework-6.5.0.12833-1

To install an older version, use this command:

sudo zypper install --oldpackage lacework-VERSION

Replace VERSION with the specific agent version that you want to install.

For example, to install v4.2.0.218-1:

sudo zypper install --oldpackage lacework-4.2.0.218-1

If you install an older version of agent from the archived repository, it is upgraded to the established version of the agent release. To prevent this auto-upgrade and pin your package to a specific version, you should disable auto-upgrade in the agent configuration file (config.json).

To disable auto-upgrade, enter the following in the config.json file:

"autoupgrade": "disable"

Delete a Package (Zypper)

To delete the Lacework Zypper repository package, use this command:

sudo zypper remove lacework

Sample Repository Configuration File

The following is a sample repository configuration file for YUM and Zypper-based distributions:

[packages-lacework-latest]
name=Lacework latest agent release
baseurl=https://packages.lacework.net/latest/RPMS/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://packages.lacework.net/latest/keys/RPM-GPG-KEY-lacework

[packages-lacework-established]
name=Lacework established agent release
baseurl=https://packages.lacework.net/established/RPMS/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://packages.lacework.net/established/keys/RPM-GPG-KEY-lacework

[packages-lacework-archived]
name=Lacework archived agent release
baseurl=https://packages.lacework.net/archived/RPMS/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://packages.lacework.net/archived/keys/RPM-GPG-KEY-lacework