Currently there are two ways to obtain the image. Both of these require your specific Linux Endpoint Detection and Response (EDR) subdomain, username and your associated API key. 

To get started, gather the credentials needed by following the instructions below.

Credentials

Linux EDR Subdomain Name

The subdomain is the first part of the URL to access your Linux EDR portal.

https://<subdomain>.my.redcanary.co

API Key

Visit either of the below sections in the Linux EDR portal and copy the entire string after password.

• Step 1 of Page Endpoints -> Deploy Sensors -> [Make selections] -> RPM.
• Step 2 of Page Endpoints -> Deploy Sensors -> [Make selections] -> Debian.

RPM Example

Be sure to copy the entirety of the password, shown in the redaction above. The passwords are the same regardless of the section chosen. Every Red Canary customer has a single password that works for all package management solutions.

Method 1: Docker Authentication Config

Execute the following cat command, ensuring you substitute the username and API key. This command creates a file with authentication configuration settings named redcanary.docker.config. The resulting contents of this file can be used to append to your Docker configuration file.

Command and Format

cat > redcanary.docker.config <<- EOM
{
   "auths":{
   "https://redcanary-forwarder-docker-prod-local.jfrog.io":{
      "auth":"$(echo username:API_key | base64)"
   }
   }
}
EOM

Example

This example is formed with a dummy username and API key. Please follow the above sections to obtain your own credentials from your portal.

cat > redcanary.docker.config <<- EOM
{
   "auths":{
   "https://redcanary-forwarder-docker-prod-local.jfrog.io":{
      "auth":"$(echo rcsample:exAMpLE000000iwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJsd0xmTnNwSXpWbW5nZmxXdGJMNzgtd2pHamc1Y2VsaTUxU0JFVVNmNE93In0.eyJzdWIiOiJqZnJ0QDAxZTg3cnk0YnkybmpkMGpiOHNrM3cwNjk2XC91c2Vyc1wvZGVtb2N3cCIsInNjcCI6Im1lbEXAMPLEZi1ncm91cHM6Y3VzdG9tZXJzIGFwaToqIiwiYXVkIjoiamZydEAwMWU4N3J5NGJ5Mm5qZDBqYjhzazN3MDY5NiIsImlzcyI6ImpmcnRAMDFlODdyeTRieEXAMPLEamI4c2szdzA2OTZcL3VzZXJzXC9jdXN0b21lci1wcm92aXNpb24tYm90IiwiaWF0IjoxNjA1Nzk4NTI5LCJqdGkiOiI3YjBlZGE2ZS1lMTkzLTRjZDUtYmFjZC01M2U4N2JhNjI4MjkifQ.hqlu1_TTvQuAYS-sSFA3iuOkAh1MpsX-s90JwDrwwehrYJP_RTHBNDfQC9QfBen5gkEhyUtoWpadEANBLq1aWAH9Vtd9IvdU65gqTr-2669CNREcHpRguj1ta8eWmIOLl7k19OZ0f9JdD0oN628bWpMUhgaT0jACVp45L_Oys0U0ZrluexjI1onjLoiXZXvcl86klewBNMWeIivHCQEWdNkCb0uW34yd11TKdchhiUZdU1sr28ni-m7vEXMk6kDsWHzyuMc533zacPNgIl6795kUhJPQ7Zso1JJDDIH7RRw7uaYCVukgwxIvRCc_u6N-3IRISZYpr9FfMmwhEXAMPLE | base64)"
   }
   }
}
EOM

Then, take the contents and append it to your Docker configuration file.

Note: Make certain that this file does not replace any existing configuration, as doing so would result in the loss of the existing settings. This method has also proven to be brittle across docker versions as various docker commands entirely replace this file.

Method 2: Docker Pull

On your host, log in to Docker using your subdomain as the username and the API key as the password.

docker login redcanary-forwarder-docker-prod-local.jfrog.io

Then, use the following command to pull the image.

docker pull redcanary-forwarder-docker-prod-local.jfrog.io/canary_forwarder

Note: If you need an arm image, please append aarch64 to the image path:

docker pull redcanary-forwarder-docker-prod-local.jfrog.io/canary_forwarder/aarch64

If you encounter any issues with either method, please contact support.