Installing from package repositories
Fortinet Inc. provides the following agent repositories:
- Latest: This is the latest version of the agent.
- Established: This is the fleet upgrade release of the agent. Releases are tagged as established once every few months. This established release version is tagged for auto-upgrading all agents running older versions, unless auto-upgrade has been explicitly disabled in the config.json file.
- Archived: These are older versions of the agent. They do not appear in the Latest or Established repositories.
You can use these repositories to manage agent packages using package managers such as APT, YUM, and Zypper. You can install the latest version of the agent or a specific version in the Archived and Established repositories.
Installing from APT, YUM, and Zypper repositories
Fortinet Inc. provides repositories for Debian-based (APT) or RPM-based (YUM and Zypper) distributions. When installing the repositories, each host requires a config.json file for the agent to communicate with a FortiCNAPP server. You can create a config.json file locally or copy it from a centralized server using any orchestration tool. For details, see Configure Linux Agent Using Agent Configuration File.
APT
For Debian-based distributions (Debian, Ubuntu), use the following steps to the set up the FortiCNAPP repositories:
-
Install
gpg,curl,lsb-release, andca-certificates:sudo apt update && apt install -y gpg curl lsb-release ca-certificates
-
Import the FortiCNAPP key:
sudo bash -c "curl -s
'https://packages.lacework.net/keys/RPM-GPG-KEY-lacework' |
gpg --dearmor > /etc/apt/trusted.gpg.d/lacework-agent.gpg" -
To ensure that packages are installed only from the packages.lacework.net repository, create a file named
laceworkat/etc/apt/preferences.d/with the following syntax:Package: lacework* Pin: origin "packages.lacework.net" Pin-Priority: 999
-
Create the APT repository configuration file and include FortiCNAPP repositories:
lsb_distro=$(lsb_release -i | cut -f2 | tr '[:upper:]' '[:lower:]') lsb_rel=$(lsb_release -c | cut -f2) sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/latest/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list" sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/established/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list" sudo sh -c "echo deb [arch=amd64] https://packages.lacework.net/archived/DEB/"$lsb_distro" "$lsb_rel" main >> /etc/apt/sources.list.d/lacework.list"
Replace
[arch=amd64]with[arch=arm64]if you are installing on an ARM64 system. -
Refresh the repositories information:
sudo apt update
To list all the available FortiCNAPP packages, use this command:
sudo apt list -a lacework
To install the latest version of the agent, use this command:
sudo apt install lacework
To install a specific version of the agent, use this command:
sudo apt install lacework=VERSION
Replace VERSION with the specific version that you want to install.
For example, to install v6.5.0.12833:
sudo apt install lacework=6.5.0.12833
Deleting a Package (APT)
To delete the lacework APT repository package, use the command:
sudo apt-get remove --purge lacework
YUM
- Download the repository configuration file for YUM-based distributions using this command:
curl -O -sSL https://packages.lacework.net/lacework.repo
See Repository Configuration File for an example of the repository configuration file. - Move the configuration file to the /etc/yum.repos.d directory.
sudo mv lacework.repo /etc/yum.repos.d
- You can enable all the repositories at the same time.
You can also disable any of the repositories if they are not needed. To do this, set the
enabledflag to 0 in the repository configuration file as follows:[packages-lacework-latest] name=Lacework latest agent release baseurl=https://packages.lacework.net/latest/RPMS/$basearch/ enabled=0
- To install the latest version of the agent, use this command:
sudo yum install lacework
- Ensure that the correct GPG key is installed.
Importing GPG key 0xEE0CC692: Userid : "Lacework Inc. <support@lacework.net>" Fingerprint: 360D 55D7 6727 5568 1407 8E25 FF3E 1D4D EE0C C692 From : https://packages.lacework.net/keys/RPM-GPG-KEY-lacework Key imported successfully
To list all available agent versions, use this command:
sudo yum --showduplicates list lacework
To install a specific version, use this command:
sudo yum install lacework-VERSION
Replace VERSION with the specific agent version that you want to install.
For example, to install v6.5.0.12833-1:
sudo yum install lacework-6.5.0.12833-1
If you install an older version of agent from the archived repository, it is upgraded to the established version of the agent release. To prevent this auto-upgrade and pin your package to a specific version, you should disable auto-upgrade in the agent configuration file (config.json) in the /var/lib/lacework/config directory.
To disable auto-upgrade, enter the following in the config.json file:
"autoupgrade": "disable"
For improved security and to benefit from new and improved features, we recommend that you do not disable automatic upgrade of the agent.
Deleting a package (YUM)
To delete the FortiCNAPP YUM repository package, use the command:
sudo yum remove lacework
Zypper
- Download the repository configuration file for Zypper-based distributions using this command:
curl -O -sSL https://packages.lacework.net/lacework.repo
See Repository Configuration File for an example of the repository configuration file. - Move the configuration file to the /etc/zypp/repos.d directory.
sudo mv lacework.repo /etc/zypp/repos.d
- You can enable all the repositories at the same time.
You can also disable any of the repositories if they are not needed. To do this, set the
enabledflag to 0 in the repository configuration file as follows:[packages-lacework-latest] name=Lacework latest agent release baseurl=https://packages.lacework.net/latest/RPMS/$basearch/ enabled=0
- To install the latest version of the agent, use this command:
sudo zypper install lacework
- Ensure that the correct GPG key is installed.
Retrieving: RPM-GPG-KEY-lacework .........................................[done] New repository or package signing key received: Repository: Lacework latest agent release Key Fingerprint: 360D 55D7 6727 5568 1407 8E25 FF3E 1D4D EE0C C692 Key Name: Lacework Inc. <support@lacework.net> Key Algorithm: RSA 4096 Key Created: Mon Apr 24 11:04:37 2023 Key Expires: Sun May 1 11:04:17 2033 Rpm Name: gpg-pubkey-ee0cc692-64466245
To list all available agent versions, use this command:
sudo zypper search -s lacework
To install a newer version, use this command:
sudo zypper install lacework-VERSION
Replace VERSION with the specific agent version that you want to install.
For example, to install v6.5.0.12833-1:
sudo zypper install lacework-6.5.0.12833-1
To install an older version, use this command:
sudo zypper install --oldpackage lacework-VERSION
Replace VERSION with the specific agent version that you want to install.
For example, to install v4.2.0.218-1:
sudo zypper install --oldpackage lacework-4.2.0.218-1
If you install an older version of agent from the archived repository, it is upgraded to the established version of the agent release. To prevent this auto-upgrade and pin your package to a specific version, you should disable auto-upgrade in the agent configuration file (config.json).
To disable auto-upgrade, enter the following in the config.json file:
"autoupgrade": "disable"
Delete a Package (Zypper)
To delete the FortiCNAPP Zypper repository package, use this command:
sudo zypper remove lacework
Sample Repository Configuration File
The following is a sample repository configuration file for YUM and Zypper-based distributions:
[packages-lacework-latest] name=Lacework latest agent release baseurl=https://packages.lacework.net/latest/RPMS/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://packages.lacework.net/latest/keys/RPM-GPG-KEY-lacework [packages-lacework-established] name=Lacework established agent release baseurl=https://packages.lacework.net/established/RPMS/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://packages.lacework.net/established/keys/RPM-GPG-KEY-lacework [packages-lacework-archived] name=Lacework archived agent release baseurl=https://packages.lacework.net/archived/RPMS/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://packages.lacework.net/archived/keys/RPM-GPG-KEY-lacework