Agent Documentation


Default settings

Once installed, the agent by default will:

  • read /etc/appcanary/agent.yml and load its configuration settings.
  • emit logs to /var/log/appcanary.log
  • upon successful registration, write to /var/db/appcanary/server.yml.

At minimum you must specify a valid API key and a process or file for it to watch. You may specify more than one watcher per agent instance, if applicable.

Sample minimum configuration

api_key: "<YOUR_TOKEN_HERE>"

  # if on centos or redhat
  - process: "rpm -qa"

  # if on ubuntu or debian
  - file: "/var/lib/dpkg/status"

  # if you have any number of Ruby apps
  - file: "/path/to/a/Gemfile.lock"

  # if you have any number of PHP apps
  - file: "/path/to/a/composer.lock"


When dealing with large fleets, it's more useful to refer to servers by their function or other labels. You can tag a server within Appcanary by adding the following:

  - web
  - db
  - etc

Optional, additional configuration


      # you can also specify a custom name
      server_name: "name here"

      # specify a different log path
      log_path: /tmp/example/path.log

      # wait this many seconds before reporting on configured watchers.
      # this is useful if you auto upgrade newly provisioned servers:
      # setting a time delay will prevent meaningless patch notifications
      startup_delay: 10

Command line modes

By default, the agent will just silently monitor any configured watchers. The agent also provides the following modes:

(Ubuntu only) Install the latest version of packages that have vulnerabilities
(BETA: Contact us if you'd like to use this) Report on which running processes depend on out of date libraries, and should be restarted.
Guess what distribution and version of Linux you're using
Canary worm.medium.stroke