Installation Requirements
System |
||
|
Supported Linux architectures |
Supported Linux server distributions |
Supported Linux kernel versions |
|
|
|
Support and installation notes
- We do not support systems that run software that employs the audit netlink socket.
- Installation will disable the
auditd.serviceand thesystemd-journald-audit.socket. It will not change any configuration files forauditd. The previous system state will be restored if you choose to uninstall.
Network
Outbound network connectivity
- s3-us-east-2.amazonaws.com (tcp/443) (Sensor telemetry sent to Red Canary's AWS account)
- 35.188.42.15 (tcp/443) (Sentry proactive error monitoring)
- 34.120.195.249 (tcp/443) (Sentry proactive error monitoring)
To utilize a SOCKS proxy set the HTTPS_PROXY or HTTP_PROXY environment variables
Or,
Add the following to config.json: "http_proxy": "https://HOST:PORT"
Installation Instructions
Click Installation instructions for more information.
Note: If the Sensor Auto-Upgrade is enabled, replace canary-forwarder and the canary_forwarder below with cwp.
RPM
- Place the information below into a file titled
redcanary.repoin/etc/yum.repos.d/.
[RedCanary] name=Red Canary Cloud Workload Protection username=<username> password=<password> baseurl=https://redcanary.jfrog.io/artifactory/forwarder-rpm-prod-local/ enabled=1 gpgcheck=0
repo_gpgcheck=1
9gpgKey=https://<subdomain>.my.redcanary.co/keys/artifactory.gpg.public - Run the following,
sudo yum install canary_forwarder. - Place the information below into a file titled
config.jsonin/opt/redcanary/.
{"access_token": "<access_token>",
"subscription_plan": "Managed"
}
Debian
- Place the information below into a file titled
redcanary.listin/etc/apt/sources.list.d/.
Note: Use the contents specific to the system whether it is x86_64/amd64 or AArch64/arm64.
deb [arch=amd64] https://<subdomain>:<password>@redcanary.jfrog.io/artifactory/forwarder-debian-prod-local main restricted
deb [arch=arm64] https://<subdomain>:<password>@redcanary.jfrog.io/artifactory/forwarder-debian-prod-local main restricted
2. Place the information below into a file titled redcanary_auth.conf in /etc/apt/auth.conf.d/ :.
machine redcanary.jfrog.io login <username> password <password>
3. Install the GPG key with the following command below.
wget -qO - https://<subdomain>.my.redcanary.co/keys/artifactory.gpg.public | sudo apt-key add -
4. Run the content below.
sudo apt-get update sudo apt-get install canary-forwarder
5. Place the information below into a file titled config.json in /opt/redcanary/.
{
"access_token": "<access_token>",
"subscription_plan": "Managed"
}
AMI/VM Setup
1. Start the instance.
2. Install Red Canary Linux EDR via the Debian or RPM instructions.
- Follow the instructions from the RPM or Debian tabs. Place the
config.jsonfile into/opt/redcanary/.
3. Stop the cfsvcd service.
sudo systemctl stop cfsvcdorsudo initctl stop cfsvcd
4. Run the following to delete any saved state. sudo rm /opt/redcanary/state.json
5. Shut down the instance.
6. Create the AMI or clone from the VM instance.
Manual Setup
- Begin by downloading the relevant package.
- To find the download links in Red Canary, click the dropdown arrow next to Endpoints, and then click Deploy sensors.
- Select your desired platform, and then select your desired sensor technology.
- Scroll down to the Installation Instructions section and click Manual Setup.
- Find your desired operating system and reference Uninstalling the package.
Ubuntu 16.04 and Newer |
|
|
Installing the package
|
Uninstalling the package
|
Debian 9 and Newer |
|
|
Installing the package
|
Uninstalling the package
|
Debian 8 and Ubuntu 14.04 |
|
|
Installing the package
|
Uninstalling the package
|
RHEL/Centos 6, 7, 8 |
|
|
Installing the package
|
Uninstalling the package
|
Comments
0 comments
Please sign in to leave a comment.