Skip to main content

Configuration

Sensor configuration directory

The sensor configuration directory is located at /etc/upwind

Sensor configuration file

The sensor configuration files:

  • agent.yaml
  • agent-hostconfig.yaml

Sensor services

Systemd ServiceDescription
upwind-agent-hostconfig.serviceHost configuration service
upwind-agent-scanner.serviceScan Agent - Scans the host on a timer
upwind-agent-scanner.timerTimer for the scan agent
upwind-agent-update.serviceAuto-Update service, runs on a timer
upwind-agent-update.timerTimer for auto update service (Default: Every hour)
upwind-agent.serviceUpwind Sensor

Environment Variables

Below is a list of all the environment variables read by the installation script. These variables allow you to specify essential configuration details, such as the Upwind API credentials, logging preferences, service limits, and more.

Environment VariableDescriptionDefault
UPWIND_CLIENT_IDUpwind API Client ID (Required)
UPWIND_CLIENT_SECRETUpwind API Client Secret (Required)
UPWIND_AGENT_CLOUD_PROVIDERUpwind Cloud Providerunset
UPWIND_AGENT_CLOUD_ACCOUNT_IDUpwind Cloud Account IDunset
UPWIND_AGENT_ZONEUpwind Cloud Account Zoneunset
UPWIND_AGENT_VERSIONUpwind Agent Versionstable
UPWIND_AGENT_INSTALL_ONLYDon't start the Upwind Agent Service on completion
UPWIND_AGENT_NO_UPDATESDo not enable and start the Upwind Agent Update Service/Timer
UPWIND_AGENT_LOG_LEVELSet the log level in configinfo
UPWIND_AGENT_LOG_FORMATSet the log format in configlogfmt
UPWIND_AGENT_CPUQUOTASet the Upwind Agent Service CPUQuota50%
UPWIND_AGENT_MEMORYHIGHSet the Upwind Agent Service MemoryHigh800M
UPWIND_AGENT_MEMORYMAXSet the Upwind Agent Service MemoryMax1024M
UPWIND_AGENT_EXTRA_CONFIGSet extra config for the Upwind Agent
UPWIND_HOSTCONFIG_VERSIONSet the Upwind Agent Host Config Helper Versionstable
UPWIND_HOSTCONFIG_ENABLEDEnable the Upwind Agent Host Config Helper Servicetrue
UPWIND_HOSTCONFIG_LOG_LEVELSet the log level in config for Host Configinfo
UPWIND_HOSTCONFIG_LOG_FORMATSet the log format in config for Host Configlogfmt
UPWIND_HOSTCONFIG_EXTRA_CONFIGSet extra config for the Upwind Agent Host Config Helper
UPWIND_SCANNER_ENABLEDEnable periodic scanningtrue
UPWIND_SCANNER_CPUWEIGHTSet the Upwind Agent Scanner Service CPUWeight25
UPWIND_SCANNER_IOWEIGHTSet the Upwind Agent Scanner Service IOWeight25
UPWIND_SCANNER_MEMORYHIGHSet the Upwind Agent Scanner Service MemoryHighunset
UPWIND_SCANNER_MEMORYMAXSet the Upwind Agent Scanner Service MemoryMaxunset
UPWIND_SCANNER_EXCLUSIONSSet the Upwind Agent Scanner Service Exclusionsunset
UPWIND_SCANNER_MIN_HOST_MEMMinimum host memory required to enable the Upwind Agent Scanner Service8388608

These variables can be set to configure various aspects of the Upwind Agent according to your specific requirements. If the sensor will not be able to detect the cloud provider via IMDS, the UPWIND_AGENT_CLOUD_PROVIDER and UPWIND_AGENT_CLOUD_ACCOUNT_ID variables must be set.

Configuring the Upwind Sensor

To configure the Upwind Sensor according to your environment and security requirements, you can use the UPWIND_AGENT_EXTRA_CONFIG environment variable listed above to provide additional configuration of the sensor and scanner. Additional configuration provided in this way is written into /etc/upwind/agent.yaml along with some default configuration values. Default configuration values are described below.

FlagDescriptionDefault
platformInstallation platform. "host" configures the agent with default behavior suitable for running on a host as opposed to in Kubernetes or ECS cluster."host"
regionTarget region for Upwind domains, either "us" or "eu""us"
log-formatLogging format, usually set via UPWIND_AGENT_LOG_FORMAT"logfmt"
log-levelLogging level, usually set via UPWIND_AGENT_LOG_LEVEL"info"
install-typeInstallation type, to distinguish from Cloud Scanner"std"
enable-scansWhether upwind-agent-scanner.timer systemd unit should be enabledtrue
proc-usernameWhether the sensor resolves user IDs to usernamestrue
sock-perfWhether the sensor monitors network traffic at the socket layer.true
proc-md5Whether the sensor calculates MD5 hashes of process executable files.true
in-cluster-tlsIf a cluster manager is configured, whether to use TLStrue
update-timerInterval that the Sensor Update Helper runs on24h

Setting Environment Variables

Before running the installation or configuration script for the Upwind Sensor, set the desired environment variables in your shell. Use the export command for each variable you wish to configure:

export VARIABLE_NAME="value"

Replace VARIABLE_NAME with the name of the variable you're setting, and "value" with the desired setting.

Installing the Upwind Sensor

After setting the environment variables, you can install the Upwind Sensor by executing the following command:

curl -s https://get.upwind.io/sensor.sh | bash -s install

This command downloads and runs the installation script with the environment variables you've set, ensuring the sensor is configured as per your specifications.

Editing Configuration After Installation

If you need to edit the configuration after installation, you can modify the environment variables and re-run the configuration part of the script as follows:

curl -s https://get.upwind.io/sensor.sh | bash -s configure

This command will re-apply the configuration changes based on the newly set environment variables.

By following these steps, you can ensure that your Upwind Sensor is customized to meet the specific needs of your infrastructure and security policies.

Proxy Configuration

The sensor and the scanner and hostconfig tool will respect the HTTP_PROXY family of environment variables. Set the HTTP_PROXY and HTTPS_PROXY to your proxy server's URL. The value of the NO_PROXY variable should be the IP addresses or domains that should not be proxied and depends on environment.

HTTP_PROXY / http_proxy

Used as the proxy URL for HTTP requests unless overridden by NO_PROXY.

HTTPS_PROXY / https_proxy

Used as the proxy URL for HTTPS requests unless overridden by NO_PROXY.

NO_PROXY / no_proxy

Specifies a string that contains comma-separated values specifying hosts that should be excluded from proxying. Each value is represent by:

  • an IP address (1.2.3.4)
  • an IP address prefix in CIDR notation (1.2.3.0/24)
  • a domain name An IP address prefix and domain name can also include a literal port number (1.2.3.4:80). A domain name matches that name and all subdomains.

Most commonly these values are configured globally for the host, but can be configured for the upwind components by adding the proxy settings to the /etc/upwind/agent.env file.

For example:

HTTP_PROXY=http://proxy.example.com:port
HTTPS_PROXY=http://proxy.example.com:port
NO_PROXY=localhost,127.0.0.1,.example.com

Host Scanner 2.0

The Host scanner has been significantly improved in memory efficiency with the Scanner 2.0 framework. This new version bypasses our previous algorithm’s default directory and file traversal, implementing a custom process. Consequently, memory usage is considerably reduced and file size limits can be configured to prevent large files from being loaded into memory.

Prerequisite - Sensor version >= 0.115.1.

Upgrade for existing installation

curl -s https://get.upwind.io/sensor.sh | \
UPWIND_AGENT_EXTRA_CONFIG="scanner-v2=true" \
bash -s -- configure

New Installation

export CLIENT_ID={CLIENT_ID}
export CLIENT_SECRET={CLIENT_SECRET}

curl -s https://get.upwind.io/agent.sh | \
UPWIND_CLIENT_ID="$CLIENT_ID" \
UPWIND_CLIENT_SECRET="$CLIENT_SECRET" \
UPWIND_AGENT_EXTRA_CONFIG="scanner-v2=true" \
bash -s