Agent Installation: Container Orchestrator

A guide for installing the ZeroLock™ Agent onto the host OS of a Container Orchestration node.

    The ZeroLock™ Agent (ZA) can be installed three (3) ways:

    1. COPY/PASTE – curl or wget 
    2. DOWNLOAD – Self-Extracting bash or tar Installer 
    3. CONTAINER – Docker or AWS ECS (instructions below)

    Agent Deployment Options v2.1.3


    Advanced Settings

    Regardless of the installation method, the following settings must be done.  These settings are for the Collector that the endpoint will be connecting to.  The Collector is the ZeroLock™ Management Console (ZMC) service that collects endpoint connection and threat information.  It also authenticates and communicates with the ZeroLock™ Agents.

    These settings should only have to be done once when configuring the ZMC, as the values rarely change after that point.

    Navigate to Deploy on the left side menu which opens the screen below.
    Deploy_Container v2.0.3
    1. Click on Advanced Settings.
    2. On the screen that appears, select the Agent Version to deploy. The default is the latest release.
    3.  The Endpoint Profile may remain as default unless you wish to use another profile from the drop-down list. 
    4.  If desired, additional Endpoint Groups may be added by selecting from the drop-down list. 
    5. Enter the collector IP address(s) or the FQN for one or more collector server(s).
    6. Click the Save as Default button to save the information.

    Advanced Settings Numbered v2.0.3-1 

    Once back on the Deploy screen, select Use Docker tab in the Container group then the Copy Docker Run tab.
    Container Deploy 123

    Endpoint Agent - Docker Container Installation

    1. Open a terminal window and connect to the endpoint.
    2. Ensure the latest version of Docker is installed.
    3. Run the command copied in step-3 above.  (Depending on the user rights, you might need to run this command as sudo.)

    Note:  At this time, Podman is not supported.

    Installation Example

    Docker access is required to do the installation and run the container.  You have two options:

    1. Make sure the user running the installer has the permissions required to run docker.
    2. You run the docker command with sudo. Once the command from step 3 is pasted into the terminal, insert sudo before ‘docker’ following an & (ampersand). This allows you to run the installation.
      1. Copy the command pasted into terminal but DO NOT executed:

      2. Following an ampersand (&), insert sudo before docker, then execute.

    Validating Agent Installation

    To validate the installation process, select the Endpoints tab on the main menu. The new endpoint will be listed; the green dot in the status column indicates a successfully installed agent on the endpoint system.

    New Endpoint_2

    View ZeroLock™ Agent Logs

    Locate the ZeroLock™ Agent logs.

    cd /opt/zerolock/zerolock-tyr    To go to the Tyr directory.

    /opt/zerolock/zerolock-tyr$ ls -la To list the contents of the directory.    


    To see the ZeroLock™ Agent log in detail, open a terminal session to the new Endpoint.  

    cat Tyr.log   To read the log

    Air-Gapped Environments

    An air-gapped computer or network is physically segregated and incapable of connecting wirelessly or physically with other network devices outside its own network.  Air-gaps protect critical computer systems or data from potential attacks ranging from malware and ransomware to keyloggers or other attacks from malicious actors.

    For instructions on installing the ZeroLock Agent on an air-gapped system please see the article Agent Installation to an Air-gapped Environment.  

    For more information, please see the Vali Cyber Support page.