Agent Documentation

Configuration

Default settings

Once installed, the agent by default will:

  • read /etc/appcanary/agent.yml and load its configuration settings.
  • emit logs to /var/log/appcanary.log
  • upon successful registration, write to /var/db/appcanary/server.yml.

At minimum you must specify a valid API key and a process or file for it to watch. You may specify more than one watcher per agent instance, if applicable.

Sample minimum configuration

#/etc/appcanary/agent.yml
api_key: "<YOUR_TOKEN_HERE>"

watchers:
  # if on centos or redhat
  - process: "rpm -qa"

  # if on ubuntu or debian
  - file: "/var/lib/dpkg/status"

  # if you have any number of Ruby apps
  - file: "/path/to/a/Gemfile.lock"

  # if you have any number of PHP apps
  - file: "/path/to/a/composer.lock"
    

Tagging

When dealing with large fleets, it's more useful to refer to servers by their function or other labels. You can tag a server within Appcanary by adding the following:

#/etc/appcanary/agent.yml
tags:
  - web
  - db
  - etc
      

Optional, additional configuration

      #/etc/appcanary/agent.yml

      # you can also specify a custom name
      server_name: "name here"

      # specify a different log path
      log_path: /tmp/example/path.log

      # wait this many seconds before reporting on configured watchers.
      # this is useful if you auto upgrade newly provisioned servers:
      # setting a time delay will prevent meaningless patch notifications
      startup_delay: 10
      

Command line modes

By default, the agent will just silently monitor any configured watchers. The agent also provides the following modes:

upgrade
(Ubuntu only) Install the latest version of packages that have vulnerabilities
inspect-processes
(BETA: Contact us if you'd like to use this) Report on which running processes depend on out of date libraries, and should be restarted.
detect-os
Guess what distribution and version of Linux you're using
Canary worm.medium.stroke