Packages

This page describes how to install the Sysdig Host Shield on hosts using rpm or deb packages.

Migrate to the Host Shield

You can enable additional features such as Host Scanning, Host Security Posture Management, and Rapid Response directly from the package configuration.

Package Reference

Driver	Main Package	Dependency Packages
kmod (compatibility mode)	draios-agent	draios-agent-slim, draios-agent-kmodule
kmod	draios-agent-kmodule	draios-agent-slim
legacy_ebpf	draios-agent-legacy-ebpf	draios-agent-slim
universal_ebpf	draios-agent-slim

Debian and Ubuntu

Trust the Sysdig GNU Privacy Guard (GPG) key, configure the apt repository, and update the package list by running the following commands:

curl -s https://download.sysdig.com/DRAIOS-GPG-KEY.public -o /usr/share/keyrings/sysdig-keyring.asc
echo 'deb [signed-by=/usr/share/keyrings/sysdig-keyring.asc] https://download.sysdig.com/stable/deb stable-$(ARCH)/' | sudo tee /etc/apt/sources.list.d/sysdig.list > /dev/null
apt-get update

[kmod/legacy eBPF] Install kernel development files:
```
sudo apt-get -y install linux-headers-$(uname -r)
```
Install the Host Shield:
$$sudo apt-get -y install draios-agent$$

Specify the agent driver:
- To select the Universal eBPF driver (Recommended for Linux Kernel 5.8 and above):
```
cat > /etc/default/dragent <<< "SYSDIG_AGENT_DRIVER=universal_ebpf"
```
- To select the kernel module driver (Recommended for below Linux Kernel 5.8):
```
cat > /etc/default/dragent <<< "SYSDIG_AGENT_DRIVER=kmod"
```
  Note: On new installations, the kernel module driver is selected by default, and specifying it explicitly in /etc/default/dragent is optional.
- To select the legacy eBPF driver (Not Recommended):
```
cat > /etc/default/dragent <<< 'export SYSDIG_BPF_PROBE=""'
cat >> /etc/default/dragent <<< "SYSDIG_AGENT_DRIVER=legacy_ebpf"
```

Configure Host Shield dragent.yaml:

sudo bash -c 'cat > /opt/draios/etc/dragent.yaml <<EOF
customerid: <ACCESS_KEY>
collector: <COLLECTOR_URL>
collector_port: <COLLECTOR_PORT>
EOF'

Restart the Host Shield:

sudo service dragent restart

For CentOS, RHEL, Fedora, Amazon AMI, Amazon Linux 2

Trust the Sysdig GPG key and configure the yum repository:

sudo rpm --import https://download.sysdig.com/DRAIOS-GPG-KEY.public && sudo curl -s -o /etc/yum.repos.d/draios.repo https://download.sysdig.com/stable/rpm/draios.repo

[kmod/legacy eBPF] Install the EPEL repository:
```
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
```
This command is required only if DKMS is not available in the base distribution.
[kmod/legacy eBPF] Install the kernel development files:
```
sudo yum -y install kernel-devel-$(uname -r)
```
Install the Host Shield:
```
yum -y install draios-agent
```
- Specify the Host Shield driver:
  - To select the Universal eBPF driver (Recommended for Linux Kernel 5.8 and above):
```
cat > /etc/sysconfig/dragent <<< "SYSDIG_AGENT_DRIVER=universal_ebpf"
```
  - To select the kernel module driver (Recommended for below Linux Kernel 5.8):
```
cat > /etc/sysconfig/dragent <<< "SYSDIG_AGENT_DRIVER=kmod"
```
    Note: On new installations, the kernel module driver is selected by default, and specifying it explicitly in /etc/sysconfig/dragent is optional.
  - To select the legacy eBPF driver (Not Recommended):
```
cat > /etc/sysconfig/dragent <<< 'export SYSDIG_BPF_PROBE=""'
cat >> /etc/sysconfig/dragent <<< "SYSDIG_AGENT_DRIVER=legacy_ebpf"
```

Configure Host Shield dragent.yaml:

sudo bash -c 'cat > /opt/draios/etc/dragent.yaml <<EOF
customerid: <ACCESS_KEY>
collector: <COLLECTOR_URL>
collector_port: <COLLECTOR_PORT>
EOF'

Start the Host Shield:

sudo systemctl enable dragent
sudo systemctl start dragent