February 2024 Linux Agent Release

v6.12.2 Release Notes

This release fixes the following issues that can occur when you enable active package detection for agent v6.12:

• Files are kept open on Linux kernel versions earlier than 3.14.
• Excessive use of disk space or file descriptors on Linux kernel versions earlier than 3.12

v6.12 Release Notes

• Support for detecting active and inactive Rust packages on hosts and containers - The Lacework platform can now detect active and inactive Rust packages on hosts and containers if you do the following:

  • Install Linux agent v6.12 or later on hosts or containers.
  • Enable active package detection for the agent. For more information, see How do I enable active package detection?
  • Enable Agentless Workload Scanning on the hosts.

  This enables you to know whether a vulnerable Rust package is being used by an application and prioritize fixing active vulnerable packages first. Use the Package status filter in the Host Vulnerabilities page and Container Vulnerabilities page to see active or inactive vulnerable Rust packages on hosts and containers. See Host Vulnerability - Package Status for details.

• Support for retrieving tags from AWS EC2 instances using IMDS - Starting in this release you can configure Instance Metadata Service (IMDS) on AWS EC2 instances to enable the agent to retrieve tags from EC2 instances. For more information, see Configure the Instance Metadata Options.

  Agents will first use IMDSv2 to retrieve the information. If it fails, agents use IMDSv1 to retrieve the information. If it fails again, and if you have configured the DescribeTags IAM permission on EC2 instances, agents use the IAM permission to retrieve the information.

• Support for Podman’s Docker compatibility layer - The agent now supports Podman’s Docker compatibility layer. To use the agent with Podman’s Docker compatibility layer:

  1. Use the following command to run Podman in rootful mode to enable the Docker compatibility layer. For more information, see podman system service.

     sudo systemctl enable --now podman.socket 

  2. Set the following in the config.json file:

     "ContainerRunTime": "docker"
     "ContainerEngineEndpoint": "unix:///run/podman/podman.sock"

• Fixed the issue with the agent being unable to retrieve file modification monitoring and process execution monitoring settings when a proxy server is configured.