The instructions will be documented and available in the Linux EDR portal soon. In the interim, this article describes two ways to obtain the image. Both of these require your specific Linux EDR subdomain name and your associated API key. 

To get started, gather the credentials needed by following the instructions below.

Credentials

Linux EDR Subdomain Name

The subdomain is simply the first part of the URL to access your Linux EDR portal.

https://<subdomain>.my.redcanary.co

API Key

Visit either of the below sections in the Linux EDR portal and copy the entire string after password.

• Step 1 of Page Endpoints -> Deploy Sensors -> [Make selections] -> RPM.
• Step 2 of Page Endpoints -> Deploy Sensors -> [Make selections] -> Debian.

RPM Example

Be sure to copy the entirety of the password, shown in the red redaction above. The passwords are the same regardless of the section chosen. Every Red Canary customer has a single password that works for all package management solutions.

Method 1: Docker Authentication Config

Execute the following cat command, making sure to substitute the subdomain and API key. This command creates a file with authentication configuration settings named redcanary.docker.config. The resulting contents of this file can be used to append to your Docker configuration file.

Command and Format

cat > redcanary.docker.config <<- EOM
{
   "auths":{
   "https://redcanary-forwarder-docker-prod-local.jfrog.io":{
      "auth":"$(echo subdomain:API_key | base64)"
   }
   }
}
EOM

Example

This example is formed with a dummy subdomain and API key. Please follow the above sections to obtain your own credentials from your portal.

cat > redcanary.docker.config <<- EOM
{
   "auths":{
   "https://redcanary-forwarder-docker-prod-local.jfrog.io":{
      "auth":"$(echo rcsample:exAMpLE000000iwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJsd0xmTnNwSXpWbW5nZmxXdGJMNzgtd2pHamc1Y2VsaTUxU0JFVVNmNE93In0.eyJzdWIiOiJqZnJ0QDAxZTg3cnk0YnkybmpkMGpiOHNrM3cwNjk2XC91c2Vyc1wvZGVtb2N3cCIsInNjcCI6Im1lbEXAMPLEZi1ncm91cHM6Y3VzdG9tZXJzIGFwaToqIiwiYXVkIjoiamZydEAwMWU4N3J5NGJ5Mm5qZDBqYjhzazN3MDY5NiIsImlzcyI6ImpmcnRAMDFlODdyeTRieEXAMPLEamI4c2szdzA2OTZcL3VzZXJzXC9jdXN0b21lci1wcm92aXNpb24tYm90IiwiaWF0IjoxNjA1Nzk4NTI5LCJqdGkiOiI3YjBlZGE2ZS1lMTkzLTRjZDUtYmFjZC01M2U4N2JhNjI4MjkifQ.hqlu1_TTvQuAYS-sSFA3iuOkAh1MpsX-s90JwDrwwehrYJP_RTHBNDfQC9QfBen5gkEhyUtoWpadEANBLq1aWAH9Vtd9IvdU65gqTr-2669CNREcHpRguj1ta8eWmIOLl7k19OZ0f9JdD0oN628bWpMUhgaT0jACVp45L_Oys0U0ZrluexjI1onjLoiXZXvcl86klewBNMWeIivHCQEWdNkCb0uW34yd11TKdchhiUZdU1sr28ni-m7vEXMk6kDsWHzyuMc533zacPNgIl6795kUhJPQ7Zso1JJDDIH7RRw7uaYCVukgwxIvRCc_u6N-3IRISZYpr9FfMmwhEXAMPLE | base64)"
   }
   }
}
EOM

Then, take the contents and append it to your Docker configuration file.

Note: Ensure this file does not replace any existing configuration as that would cause you to lose the configuration that was in place.

Note: This method has also proven to be brittle across docker versions as various docker commands entirely replace this file.

Method 2: Docker Pull

On your host, log in to Docker using your subdomain as the username and the API key as the password.

docker login

Then, use the following command to pull the image.

docker pull redcanary-forwarder-docker-prod-local.jfrog.io/canary_forwarder

If you encounter any issues with either method, please reach out to us via your dedicated Slack channel (if provisioned) or contact us at support@redcanary.com for assistance.