Setting up the Local VM Scanner on Linux

Aikido VM Scanner is a single-package that installs on your system, automatically scanning and identifying dependencies to provide a detailed view into your environment.

Prerequisites

• Minimum system requirements: at least 1GB RAM.

• Preferred system requirements: at least 2GB RAM and 4 CPUs.

• Ensure you have sudo / admin privileges on your system

• Make sure to use the appropriate commands for your system or cloud provider

• If you need to run with root, place the AIKIDO_TOKEN env var after sudo, like this: sudo AIKIDO_TOKEN=REPLACE_ME <install_command>

Installation and Upgrade

Make sure you run as sudo and replace AIKIDO_TOKEN with valid token from Local VM scanning page in Aikido. To specify the VM environment (that you will see later in Aikido), you can also set the VM_TYPE variable as one of: production, staging or development.

The VM Scanner Agent runs once a day, at a random time between 4:00 AM - 8:00 AM (machine time).

After install, a first scan will start automatically. If you want to run it on demand, you can manually execute:

/opt/aikido-vm-scanner-1.2.9/aikido-vm-scanner

For Red Hat-based Systems (RHEL, CentOS, Fedora)

x86_64

AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production dnf install -y https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.9/aikido-vm-scanner.x86_64.rpm

aarch64

AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production dnf install -y https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.9/aikido-vm-scanner.aarch64.rpm

For Debian-based Systems (Debian, Ubuntu)

x86_64

curl -L -O https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.9/aikido-vm-scanner.amd64.deb
AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production apt-get install -y ./aikido-vm-scanner.amd64.deb

aarch64

curl -L -O https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.9/aikido-vm-scanner.arm64.deb
AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production apt-get install -y ./aikido-vm-scanner.arm64.deb

Latest version

If you have an automated install process and you always want to be on the latest version as soon as we release it, you can replace the version in the install link with latest:

• https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/latest/aikido-vm-scanner.x86_64.rpm

• https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/latest/aikido-vm-scanner.aarch64.rpm

• https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/latest/aikido-vm-scanner.amd64.deb

• https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/latest/aikido-vm-scanner.arm64.deb

Additional Configuration

Token setup

If for any reason you can't set the AIKIDO_TOKEN at install time, you can set the token post install in one of two ways:

• Paste the token in /opt/aikido-vm-scanner-1.2.9/.token

• Change the contents of /opt/aikido-vm-scanner-1.2.9/config.json :

{
    "api_key": "AIKIDO_TOKEN_HERE",
    "exclude": []
}

Hostname change

By default, we automatically get the hostname for the scanned machine and submit that to Aikido, in order to be displayed in the Virtual Machines tab.

If you want to change the reported hostname, you can do that using the configuration file:

{
    "hostname": "YOUR_HOSTNAME_HERE",
    "exclude": []
}

Exclude files or paths

In the config.json you can exclude files and paths by adding additional items to the exclude list. You can find some examples below.

• Exclude a single file in a directory:

{
    "exclude": [
        ...
        "./home/testing/app/package.json",
    ]
}

• Exclude all releases subdirectories:

{
    "exclude": [
            ...
            "./home/testing/*/releases",
    ]
}

• Exclude all .json files in the out folder and all subdirectories:

{
    "exclude": [
        ...
        "./out/**/*.json",
    ]
}

• Exclude catalogers from scanning (eg: exclude Golang catalogers):

{
    "exclude": [
    ],
    "select_catalogers": "-go"
}

Output channel

If you want to control the output channel of the VM scanner, when installing you can specify the OUTPUT variable as stdout, stderr or none.

Example for rpm x86_64:

AIKIDO_TOKEN=REPLACE_ME VM_TYPE=production OUTPUT=stderr dnf install -y https://aikido-vm-agent.s3.eu-west-1.amazonaws.com/v1.2.9/aikido-vm-scanner.x86_64.rpm

CLI parameters

If for any reason you need to start the scanning on demand via the command line, you can specify the following CLI parameters to be used for that scan:

  --api-key string
        API key for authentication
  --hostname string
        Hostname of the machine
  --select-catalogers string
        Comma-separated list of catalogers to use or remove
  --vm-type string
        Type of the virtual machine

These CLI parameters take precedence over those specified in config.json.

• Example for setting a custom hostname via CLI:

/opt/aikido-vm-scanner-1.2.9/aikido-vm-scanner --hostname "My Custom VM"

• Example for excluding Golang catalogers via CLI:

/opt/aikido-vm-scanner-1.2.9/aikido-vm-scanner --select-catalogers "-go"

Uninstall

Manual uninstall

For Red Hat-based Systems (RHEL, CentOS, Fedora)

dnf remove -y aikido-vm-scanner

For Debian-based Systems (Debian, Ubuntu)

apt-get remove -y aikido-vm-scanner

Logs

Logs are available here, along with the last generated SBOM: /var/log/aikido-vm-scanner-1.2.9