Configuration
Sensor configuration directory
The sensor configuration directory is located at /etc/upwind
Sensor configuration file
The sensor configuration files:
- agent.yaml
- agent-hostconfig.yaml
Sensor services
| Systemd Service | Description |
|---|---|
| upwind-agent-hostconfig.service | Host configuration service |
| upwind-agent-scanner.service | Scan Agent - Scans the host on a timer |
| upwind-agent-scanner.timer | Timer for the scan agent |
| upwind-agent-update.service | Auto-Update service, runs on a timer |
| upwind-agent-update.timer | Timer for auto update service (Default: Every hour) |
| upwind-agent.service | Upwind Sensor |
Environment Variables
Below is a list of all the environment variables read by the installation script. These variables allow you to specify essential configuration details, such as the Upwind API credentials, logging preferences, service limits, and more.
| Environment Variable | Description | Default |
|---|---|---|
UPWIND_CLIENT_ID | Upwind API Client ID (Required) | |
UPWIND_CLIENT_SECRET | Upwind API Client Secret (Required) | |
UPWIND_AGENT_CLOUD_PROVIDER | Upwind Cloud Provider | unset |
UPWIND_AGENT_CLOUD_ACCOUNT_ID | Upwind Cloud Account ID | unset |
UPWIND_AGENT_ZONE | Upwind Cloud Account Zone | unset |
UPWIND_AGENT_VERSION | Upwind Agent Version | stable |
UPWIND_AGENT_INSTALL_ONLY | Don't start the Upwind Agent Service on completion | |
UPWIND_AGENT_NO_UPDATES | Do not enable and start the Upwind Agent Update Service/Timer | |
UPWIND_AGENT_LOG_LEVEL | Set the log level in config | info |
UPWIND_AGENT_LOG_FORMAT | Set the log format in config | logfmt |
UPWIND_AGENT_CPUQUOTA | Set the Upwind Agent Service CPUQuota | 50% |
UPWIND_AGENT_MEMORYHIGH | Set the Upwind Agent Service MemoryHigh | 800M |
UPWIND_AGENT_MEMORYMAX | Set the Upwind Agent Service MemoryMax | 1024M |
UPWIND_AGENT_EXTRA_CONFIG | Set extra config for the Upwind Agent | |
UPWIND_HOSTCONFIG_VERSION | Set the Upwind Agent Host Config Helper Version | stable |
UPWIND_HOSTCONFIG_ENABLED | Enable the Upwind Agent Host Config Helper Service | true |
UPWIND_HOSTCONFIG_LOG_LEVEL | Set the log level in config for Host Config | info |
UPWIND_HOSTCONFIG_LOG_FORMAT | Set the log format in config for Host Config | logfmt |
UPWIND_HOSTCONFIG_EXTRA_CONFIG | Set extra config for the Upwind Agent Host Config Helper | |
UPWIND_SCANNER_ENABLED | Enable periodic scanning | true |
UPWIND_SCANNER_CPUWEIGHT | Set the Upwind Agent Scanner Service CPUWeight | 25 |
UPWIND_SCANNER_IOWEIGHT | Set the Upwind Agent Scanner Service IOWeight | 25 |
UPWIND_SCANNER_MEMORYHIGH | Set the Upwind Agent Scanner Service MemoryHigh | unset |
UPWIND_SCANNER_MEMORYMAX | Set the Upwind Agent Scanner Service MemoryMax | unset |
UPWIND_SCANNER_EXCLUSIONS | Set the Upwind Agent Scanner Service Exclusions | unset |
UPWIND_SCANNER_MIN_HOST_MEM | Minimum host memory required to enable the Upwind Agent Scanner Service | 8388608 |
These variables can be set to configure various aspects of the Upwind Agent according to your specific requirements. If
the sensor will not be able to detect the cloud provider via IMDS, the UPWIND_AGENT_CLOUD_PROVIDER and UPWIND_AGENT_CLOUD_ACCOUNT_ID variables
must be set.
Configuring the Upwind Sensor
To configure the Upwind Sensor according to your environment and security requirements, you can use the UPWIND_AGENT_EXTRA_CONFIG environment variable listed above
to provide additional configuration of the sensor and scanner. Additional configuration provided in this way is written into /etc/upwind/agent.yaml
along with some default configuration values. Default configuration values are described below.
| Flag | Description | Default |
|---|---|---|
| platform | Installation platform. "host" configures the agent with default behavior suitable for running on a host as opposed to in Kubernetes or ECS cluster. | "host" |
| region | Target region for Upwind domains, either "us" or "eu" | "us" |
| log-format | Logging format, usually set via UPWIND_AGENT_LOG_FORMAT | "logfmt" |
| log-level | Logging level, usually set via UPWIND_AGENT_LOG_LEVEL | "info" |
| install-type | Installation type, to distinguish from Cloud Scanner | "std" |
| enable-scans | Whether upwind-agent-scanner.timer systemd unit should be enabled | true |
| proc-username | Whether the sensor resolves user IDs to usernames | true |
| sock-perf | Whether the sensor monitors network traffic at the socket layer. | true |
| proc-md5 | Whether the sensor calculates MD5 hashes of process executable files. | true |
| in-cluster-tls | If a cluster manager is configured, whether to use TLS | true |
| update-timer | Interval that the Sensor Update Helper runs on | 24h |
Setting Environment Variables
Before running the installation or configuration script for the Upwind Sensor, set the desired environment variables in your shell. Use the export command for each variable you wish to configure:
export VARIABLE_NAME="value"
Replace VARIABLE_NAME with the name of the variable you're setting, and "value" with the desired setting.
Installing the Upwind Sensor
After setting the environment variables, you can install the Upwind Sensor by executing the following command:
curl -s https://get.upwind.io/sensor.sh | bash -s install
This command downloads and runs the installation script with the environment variables you've set, ensuring the sensor is configured as per your specifications.
Editing Configuration After Installation
If you need to edit the configuration after installation, you can modify the environment variables and re-run the configuration part of the script as follows:
curl -s https://get.upwind.io/sensor.sh | bash -s configure
This command will re-apply the configuration changes based on the newly set environment variables.
By following these steps, you can ensure that your Upwind Sensor is customized to meet the specific needs of your infrastructure and security policies.
Proxy Configuration
The sensor and the scanner and hostconfig tool will respect the HTTP_PROXY family of environment variables. Set the HTTP_PROXY and HTTPS_PROXY to your proxy server's URL. The value of the NO_PROXY variable should be the IP addresses or domains that should not be proxied and depends on environment.
HTTP_PROXY / http_proxy
Used as the proxy URL for HTTP requests unless overridden by NO_PROXY.
HTTPS_PROXY / https_proxy
Used as the proxy URL for HTTPS requests unless overridden by NO_PROXY.
NO_PROXY / no_proxy
Specifies a string that contains comma-separated values specifying hosts that should be excluded from proxying. Each value is represent by:
- an IP address (
1.2.3.4) - an IP address prefix in CIDR notation (
1.2.3.0/24) - a domain name
An IP address prefix and domain name can also include a literal port
number (
1.2.3.4:80). A domain name matches that name and all subdomains.
Most commonly these values are configured globally for the host, but can be configured
for the upwind components by adding the proxy settings to the /etc/upwind/agent.env file.
For example:
HTTP_PROXY=http://proxy.example.com:port
HTTPS_PROXY=http://proxy.example.com:port
NO_PROXY=localhost,127.0.0.1,.example.com
Host Scanner 2.0
The Host scanner has been significantly improved in memory efficiency with the Scanner 2.0 framework. This new version bypasses our previous algorithm’s default directory and file traversal, implementing a custom process. Consequently, memory usage is considerably reduced and file size limits can be configured to prevent large files from being loaded into memory.
Prerequisite - Sensor version >= 0.115.1.
Upgrade for existing installation
curl -s https://get.upwind.io/sensor.sh | \
UPWIND_AGENT_EXTRA_CONFIG="scanner-v2=true" \
bash -s -- configure
New Installation
export CLIENT_ID={CLIENT_ID}
export CLIENT_SECRET={CLIENT_SECRET}
curl -s https://get.upwind.io/agent.sh | \
UPWIND_CLIENT_ID="$CLIENT_ID" \
UPWIND_CLIENT_SECRET="$CLIENT_SECRET" \
UPWIND_AGENT_EXTRA_CONFIG="scanner-v2=true" \
bash -s