Changelog NotificationsAPIAikido login

Setting up the Local VM Scanner on Linux

Aikido VM Scanner is a single-package that installs on your system, automatically scanning and identifying dependencies to provide a detailed view into your environment.

Prerequisites

  • Minimum system requirements: at least 1GB RAM.

  • Preferred system requirements: at least 2GB RAM and 4 CPUs.

  • Ensure you have sudo / admin privileges on your system

  • Make sure to use the appropriate commands for your system or cloud provider

  • If you need to run with root, place the AIKIDO_TOKEN env var after sudo, like this: sudo AIKIDO_TOKEN=REPLACE_ME <install_command>

Installation and Upgrade

Make sure you run as sudo and replace AIKIDO_TOKEN with valid token from Local VM scanning page in Aikido. To specify the VM environment (that you will see later in Aikido), you can also set the VM_TYPE variable as one of: production, staging or development.

The VM Scanner Agent runs once a day, at a random time between 4:00 AM - 8:00 AM (machine time).

After install, a first scan will start automatically. If you want to run it on demand, you can manually execute:

/opt/aikido-vm-scanner-1.2.7/aikido-vm-scanner

For Red Hat-based Systems (RHEL, CentOS, Fedora)

x86_64

AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production dnf install -y https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.7/aikido-vm-scanner.x86_64.rpm
Hash
aikido-vm-scanner.x86_64.rpm

MD5

182759abde943ffe6747c0c591c81cba

SHA256

da97d5d0ad3c8ba10a87a01d6a645be1f3033e5712ddd271199a9ef98f8e2f9f

aarch64

AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production dnf install -y https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.7/aikido-vm-scanner.aarch64.rpm
Hash
aikido-vm-scanner.aarch64.rpm

MD5

795e4d587c3d8b4c15331496018244ec

SHA256

9eba26ff8a2c2dbc6ef8b503ad3188ac255eedf141be7cb17446513c77803893

For Debian-based Systems (Debian, Ubuntu)

We support Debian >= 10 and Ubuntu >= 20.04.

x86_64

curl -L -O https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.7/aikido-vm-scanner.amd64.deb
AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production apt-get install -y ./aikido-vm-scanner.amd64.deb
Hash
aikido-vm-scanner.amd64.deb

MD5

f0bd5945f265fc632379b66e8f6997aa

SHA256

2bc769ef51b5872f4375313dea7c4a6dfcc6ba16945d30fdf79fc254fb16b5e9

aarch64

curl -L -O https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.7/aikido-vm-scanner.arm64.deb
AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production apt-get install -y ./aikido-vm-scanner.arm64.deb
Hash
aikido-vm-scanner.arm64.deb

MD5

a0dbe18fd22e4f73464f172ce70c3b87

SHA256

21bbe2742f454e18b301e2f47f3b236f821d62e2ef6c062c87426c5565a8301a

Additional Configuration

Token setup

If for any reason you can't set the AIKIDO_TOKEN at install time, you can set the token post install in one of two ways:

  • Paste the token in /opt/aikido-vm-scanner-1.2.7/.token

  • Change the contents of /opt/aikido-vm-scanner-1.2.7/config.json :

{
    "api_key": "AIKIDO_TOKEN_HERE",
    "exclude": []
}

Hostname change

By default, we automatically get the hostname for the scanned machine and submit that to Aikido, in order to be displayed in the Virtual Machines tab.

If you want to change the reported hostname, you can do that using the configuration file:

{
    "hostname": "YOUR_HOSTNAME_HERE",
    "exclude": []
}

Exclude files or paths

In the config.json you can exclude files and paths by adding additional items to the exclude list. You can find some examples below.

  • Exclude a single file in a directory:

{
    "exclude": [
        ...
        "./home/testing/app/package.json",
    ]
}

  • Exclude all releases subdirectories:

{
    "exclude": [
            ...
            "./home/testing/*/releases",
    ]
}

  • Exclude all .json files in the out folder and all subdirectories:

{
    "exclude": [
        ...
        "./out/**/*.json",
    ]
}

  • Exclude catalogers from scanning (eg: exclude Golang catalogers):

{
    "exclude": [
    ],
    "select_catalogers": "-go"
}

CLI parameters

If for any reason you need to start the scanning on demand via the command line, you can specify the following CLI parameters to be used for that scan:

  --api-key string
        API key for authentication
  --hostname string
        Hostname of the machine
  --select-catalogers string
        Comma-separated list of catalogers to use or remove
  --vm-type string
        Type of the virtual machine

These CLI parameters take precedence over those specified in config.json.

We trigger an automatic scan once per day and those scans will still use the configuration file and not the CLI parameters, so it is always preferred to place these in config.json.

  • Example for setting a custom hostname via CLI:

/opt/aikido-vm-scanner-1.2.7/aikido-vm-scanner --hostname "My Custom VM"

  • Example for excluding Golang catalogers via CLI:

/opt/aikido-vm-scanner-1.2.7/aikido-vm-scanner --select-catalogers "-go"

Uninstall

Manual uninstall

For Red Hat-based Systems (RHEL, CentOS, Fedora)

dnf remove -y aikido-vm-scanner

For Debian-based Systems (Debian, Ubuntu)

apt-get remove -y aikido-vm-scanner

Logs

Logs are available here, along with the last generated SBOM: /var/log/aikido-vm-scanner-1.2.7

Last updated

Was this helpful?