Docker
On a Linux-based Docker host, the ThreatStryker agents are deployed as a lightweight container.
Install a docker runtime on the Linux host.
For Windows Server hosts, experimental support exists, but it is not suitable for production use.
Installation of ThreatStryker Sensors
The host or VM to be used for the Deepfence agents needs to have the docker runtime installed on it.
Image tags quay.io/deepfenceio/deepfence_agent:2.4.0-multiarch
and quay.io/deepfenceio/deepfence_cluster_agent:2.4.0-multiarch
are supported in amd64 and arm64/v8 architectures.
Docker
-
Download the following script: start-agent.sh 🔗
wget https://docs.deepfence.io/threatstryker/files/v2.4/start-agent.sh
-
To authenticate to the docker image repository, run the following command:
docker login quay.io
When prompted, please provide the credentials sent by email.
-
Run the script as follows:
infoConsole URL format: deepfence.customer.com or 123.123.123.123
bash start-agent.sh -r <MANAGEMENT_CONSOLE_URL> -k <DEEPFENCE_KEY>
Podman
-
Download the following script: start-podman-agent.sh 🔗
wget https://docs.deepfence.io/threatstryker/files/v2.4/start-podman-agent.sh
-
To authenticate to the docker image repository, run the following command:
sudo podman login quay.io
When prompted, please provide the credentials sent by email.
-
Run the script as follows:
infoConsole URL format: deepfence.customer.com or 123.123.123.123
bash start-podman-agent.sh -r <IP_ADDRESS_OF_UI_MACHINE> -k xxxxxxxx
Optionally the sensor container can be further tagged using USER_DEFINED_TAGS=""
in the above command. Tags should be comma separated, for example, "dev,front-end"
.
Upgrade the ThreatStryker Sensors
To upgrade a sensor install, stop the existing sensor and start the new version.
Using a Proxy Server with Docker
If ThreatStryker management console is accessed through a proxy server, there are two ways of configuring it.
-
You can start the container by providing the environment variable
http_proxy
andhttps_proxy
in the script. The environment variable will be used by our agent to communicate with the proxy. -
Alternatively, you can also configure docker to use a proxy server for all transactions.
Edit the file: ~/.docker/config.json
, and add the following content. Remember to change the proxy server ip address from 111.111.111.111 to your proxy server ip:
{
"auths": {
"https://index.docker.io/v1/": {
"auth": ""
}
},
"HttpHeaders": {
"User-Agent": "Docker-Client/19.03.1 (linux)"
},
"proxies": {
"default": {
"httpProxy": "http://111.111.111.111:8006",
"httpsProxy": "http://111.111.111.111:8006",
"noProxy": "localhost,127.0.0.1"
}
}
}
Restart the docker daemon:
sudo systemctl restart docker
ThreatStryker agent VMs do not require any changes for proxy server.