This article describes the installation requirements and instructions for deploying a sensor.
Estimated procedure time: 10 minutes
Installation Requirements
System
Supported Linux architectures
-
x86_64
-
AArch64 (ARM 64-bit)
Supported Linux server distributions and versions
-
Amazon Linux 1 & 2
-
Ubuntu 14.04, 16.04, 18.04, 20.04
-
CentOS 6, 7, 8
-
RHEL 6, 7, 8
-
Debian 8, 9, 10
-
Fedora 31, 32
-
SUSE/openSUSE 11
-
Oracle Linux 7, 8 (RHEL & UEK kernels)
Supported Linux kernel versions
-
2.6.32-71 and above (mainline)
Support and installation notes
-
We do not support systems running auditd.
-
We do not support systems running software that consume from the audit netlink socket.
-
Installation will disable the
auditd.service
and thesystemd-journald-audit.socket.
It will not change any configuration files forauditd.
The previous system state will be restored if you choose to uninstall.
Network
Outbound network connectivity
-
s3-us-east-2.amazonaws.com (tcp/443) (Sensor telemetry sent to Red Canary's AWS account)
-
35.188.42.15 (tcp/443) (Sentry proactive error monitoring)
-
34.120.195.249 (tcp/443) (Sentry proactive error monitoring)
To utilize a SOCKS proxy:
-
Set the
HTTPS_PROXY
orHTTP_PROXY
environment variables -
Or, add the following to config.json:
"http_proxy": "https://HOST:PORT"
Installation Instructions
1. In Red Canary, click Endpoint, and then click Deploy Sensors to view the instructions, username, and password.Note: If the Sensor Auto-Upgrade is enabled, replace canary-forwarder and the canary_forwarder below with cwp.
RPM
1. Place the information below into a file titled redcanary.repo
in /etc/yum.repos.d/
.
[RedCanary] name=Red Canary Cloud Workload Protection username=<username> password=<password> baseurl=https://redcanary.jfrog.io/artifactory/forwarder-rpm-prod-local/ enabled=1 gpgcheck=0
2. Run the following, sudo yum install canary_forwarder
.
3. Place the information below into a file titled config.json
in /opt/redcanary/
.
{ "access_token": "<access_token>", "subscription_plan": "Managed" }
Debian
1. Place the information below into a file titled redcanary.list
in /etc/apt/sources.list.d/
.
Note: Use the contents specific to the system whether it is x86_64/amd64 or AArch64/arm64.
deb [arch=amd64] https://<subdomain>:<password>@redcanary.jfrog.io/artifactory/forwarder-debian-prod-local main restricted
deb [arch=arm64] https://<subdomain>:<password>@redcanary.jfrog.io/artifactory/forwarder-debian-prod-local main restricted
2. Place the information below into a file titled redcanary_auth.conf
in /etc/apt/auth.conf.d/ :
.
machine redcanary.jfrog.io login <username> password <password>
3. Install the GPG key with the following command below.
wget -qO - https://<subdomain>.my.redcanary.co/keys/artifactory.gpg.public | sudo apt-key add -
4. Run the content below.
sudo apt-get update sudo apt-get install canary-forwarder
5. Place the information below into a file titled config.json
in /opt/redcanary/
.
{ "access_token": "<access_token>", "subscription_plan": "Managed" }
AMI/VM Setup
1. Start the instance.
2. Install Red Canary Linux EDR via the Debian
or RPM
instructions.
- Follow the instructions from the RPM or Debian tabs. Place the
config.json
file into/opt/redcanary/
.
3. Stop the cfsvcd
service.
sudo systemctl stop cfsvcd
orsudo initctl stop cfsvcd
4. Run the following to delete any saved state. sudo rm /opt/redcanary/state.json
5. Shut down the instance.
6. Create the AMI or clone from the VM instance.
Manual Setup
1. Begin by downloading the relevant package.
2. You can find the download links in the portal by clicking Endpoints, and then click Deploy sensors.
3. Select your desired platform, and then select your desired sensor technology.
4. Scroll down to the Installation Instructions section and click Manual Setup.
5. Find your desired operating system and reference Uninstalling the package.
Install the Package
Ubuntu 16.04 and Newer
Installing the package
sudo apt install ./canary-forwarder-1.2.1_amd64.deb
Uninstalling the package
sudo apt remove canary-forwarder
sudo apt autoremove
Debian 9 and Newer
Installing the package
sudo apt install ./canary-forwarder-1.2.1_amd64.deb
Uninstalling the package
sudo apt remove canary-forwarder
sudo apt autoremove
Debian 8 and Ubuntu 14.04
Installing the package
sudo dpkg -i canary-forwarder-1.2.1_amd64.deb
sudo apt-get -y --fix-broken install
Uninstalling the package
sudo apt-get -y remove canary-forwarder
sudo apt-get -y autoremove
RHEL/Centos 6, 7, 8
Installing the package
sudo yum install -y canary_forwarder-1.2.1.x86_64.rpm
Uninstalling the package
sudo yum remove -y canary_forwarder
Comments
0 comments
Please sign in to leave a comment.