Packages
Migrate to the Host Shield
You can enable additional features such as Host Scanning, Host Security Posture Management, and Rapid Response directly from the package configuration.
Package Reference
Driver | Main Package | Dependency Packages |
---|---|---|
kmod (compatibility mode) | draios-agent | draios-agent-slim, draios-agent-kmodule |
kmod | draios-agent-kmodule | draios-agent-slim |
legacy_ebpf | draios-agent-legacy-ebpf | draios-agent-slim |
universal_ebpf | draios-agent-slim |
Debian and Ubuntu
Trust the Sysdig GNU Privacy Guard (GPG) key, configure the apt repository, and update the package list by running the following commands:
curl -s https://download.sysdig.com/DRAIOS-GPG-KEY.public -o /usr/share/keyrings/sysdig-keyring.asc echo 'deb [signed-by=/usr/share/keyrings/sysdig-keyring.asc] https://download.sysdig.com/stable/deb stable-$(ARCH)/' | sudo tee /etc/apt/sources.list.d/sysdig.list > /dev/null apt-get update
[kmod/legacy eBPF] Install kernel development files:
sudo apt-get -y install linux-headers-$(uname -r)
Install the Host Shield:
$$sudo apt-get -y install draios-agent$$
- Specify the agent driver:
To select the Universal eBPF driver (Recommended for Linux Kernel 5.8 and above):
cat > /etc/default/dragent <<< "SYSDIG_AGENT_DRIVER=universal_ebpf"
To select the kernel module driver (Recommended for below Linux Kernel 5.8):
cat > /etc/default/dragent <<< "SYSDIG_AGENT_DRIVER=kmod"
Note: On new installations, the kernel module driver is selected by default, and specifying it explicitly in
/etc/default/dragent
is optional.To select the legacy eBPF driver (Not Recommended):
cat > /etc/default/dragent <<< 'export SYSDIG_BPF_PROBE=""' cat >> /etc/default/dragent <<< "SYSDIG_AGENT_DRIVER=legacy_ebpf"
Configure Host Shield
dragent.yaml
:sudo bash -c 'cat > /opt/draios/etc/dragent.yaml <<EOF customerid: <ACCESS_KEY> collector: <COLLECTOR_URL> collector_port: <COLLECTOR_PORT> EOF'
Restart the Host Shield:
sudo service dragent restart
For CentOS, RHEL, Fedora, Amazon AMI, Amazon Linux 2
Trust the Sysdig GPG key and configure the yum repository:
sudo rpm --import https://download.sysdig.com/DRAIOS-GPG-KEY.public && sudo curl -s -o /etc/yum.repos.d/draios.repo https://download.sysdig.com/stable/rpm/draios.repo
[kmod/legacy eBPF] Install the EPEL repository:
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
This command is required only if DKMS is not available in the base distribution.
[kmod/legacy eBPF] Install the kernel development files:
sudo yum -y install kernel-devel-$(uname -r)
Install the Host Shield:
yum -y install draios-agent
- Specify the Host Shield driver:
To select the Universal eBPF driver (Recommended for Linux Kernel 5.8 and above):
cat > /etc/sysconfig/dragent <<< "SYSDIG_AGENT_DRIVER=universal_ebpf"
To select the kernel module driver (Recommended for below Linux Kernel 5.8):
cat > /etc/sysconfig/dragent <<< "SYSDIG_AGENT_DRIVER=kmod"
Note: On new installations, the kernel module driver is selected by default, and specifying it explicitly in
/etc/sysconfig/dragent
is optional.To select the legacy eBPF driver (Not Recommended):
cat > /etc/sysconfig/dragent <<< 'export SYSDIG_BPF_PROBE=""' cat >> /etc/sysconfig/dragent <<< "SYSDIG_AGENT_DRIVER=legacy_ebpf"
- Specify the Host Shield driver:
Configure Host Shield
dragent.yaml
:sudo bash -c 'cat > /opt/draios/etc/dragent.yaml <<EOF customerid: <ACCESS_KEY> collector: <COLLECTOR_URL> collector_port: <COLLECTOR_PORT> EOF'
Start the Host Shield:
sudo systemctl enable dragent sudo systemctl start dragent