Install Server Agents on Linux

EdgeBit can most effectively focus your vulnerability management and supply chain security when workloads are mapped all the way to running in production.

The EdgeBit agent fulfills two main purposes:

  1. Build a real-time software bill of materials for the server:
    • OS packages
    • apps
    • containers
  2. Track usage of packages and files related to those workloads

Here’s an example report for a live machine:

EdgeBit Machine Detail

System Requirements

EdgeBit uses eBPF to observe your workloads running all the way into the Linux kernel. This drives many of the minimum requirements:


First, generate a new agent deployment token from the EdgeBit Console under “Access Tokens”. Choose the “Node Agent” type, which is a narrowly scoped secret used as a refresh token to obtain a new set of credentials unqiue to this agent instance. The new credentials are used to send data to EdgeBit so you can bake this credential in a VM image template.

For quick trials, you can get the latest release, create a systemd unit and start it. First, SSH to your server:

$ ssh ec2-user@

Next, run the install command. Be sure to insert your agent deploy token as EDGEBIT_ID and your organization’s URL as EDGEBIT_URL:

export EDGEBIT_ID=dnrekvq95CJ6_JcVixpfTEx8L3k3hDsggoqSr
curl | sudo -E sh

We recommend graduating to using a package manager as soon as possible. You can optionally use VERSION to control the agent version installed.

EdgeBit ships both RPM and Debian packages. This is the preferred installation method because EdgeBit can start observing your system as early as possible at boot.

View the GitHub releases for the latest release, or run the curl commands below.


$ curl -sL $(curl -s | jq -r ".assets[] | select(.name|match(\"^edgebit-(.*)$(uname -m).rpm$\")) | .browser_download_url") -o edgebit-agent.rpm
$ sudo rpm -i edgebit-agent.rpm

Debian Package

$ curl -sL $(curl -s | jq -r ".assets[] | select(.name|match(\"^edgebit-(.*)$(uname -m | sed -e s/x86_64/amd64/ -e s/aarch64/arm64/).deb$\")) | .browser_download_url") -o edgebit-agent.deb
$ sudo dpkg -i edgebit-agent.deb

Don’t start it yet, we need to fill out the configuration.

EdgeBit can also be run via a container or with Kubernetes. This is the less perferred installation method due to less control over how early your container runtime starts.

Your container must run as privleged in order to load the eBPF program. Be sure to insert your agent deploy token as EDGEBIT_ID and your organization’s URL as EDGEBIT_URL:

$ docker run \
  --name edgebit-agent \
  --rm \
  -d \
  --privileged \
  --pid host \
  --mount "type=bind,source=/,destination=/host" \
  --mount "type=bind,source=/etc/edgebit,destination=/etc/edgebit" \
  --mount "type=bind,source=/sys/kernel/debug,destination=/sys/kernel/debug" \
  --mount "type=bind,source=/run/docker.sock,destination=/run/docker.sock" \
  --mount "type=volume,source=var-edgebit,destination=/var/lib/edgebit" \
  -e "EDGEBIT_URL=" \
  edgebit-agent:latest --hostname "$(hostname)"

There is no need to use the config file with the container due to the environment variables.

Configuration File

The configuration file is stored at /etc/edgebit/config.yaml and the quick install script will fill it out for you.

Otherwise, insert your edgebit_id and edgebit_url:

Variable Name Description Required
edgebit_id EdgeBit agent deploy token Required
edgebit_url EdgeBit organization address, as FQDN Required
syft_config Syft configuration for scanning the machine Required
syft_path Syft binary to use for scanning the machine Required

Here’s a complete example:

edgebit_id: "dnrekvq95CJ6_JcVixpfTEx8L3k3hDsggoqSr"
edgebit_url: ""
syft_config: "/opt/edgebit/syft.yaml"
syft_path: "/opt/edgebit/syft/syft"

Start the Agent

Now you’re ready to start the agent:

$ sudo systemctl start edgebit-agent.service


To start troubleshooting, first check the status of the systemd unit:

$ systemctl status edgebit-agent.service
● edgebit-agent.service - EdgeBit Agent
   Loaded: loaded (/usr/lib/systemd/system/edgebit-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2023-02-26 14:30:24 UTC; 26min ago
 Main PID: 24828 (edgebit-agent)
    Tasks: 3
   Memory: 20.3M
   CGroup: /system.slice/edgebit-agent.service
           └─24828 /opt/edgebit/bin/edgebit-agent

Incorrect Configuration

The most common issue is that you haven’t set your edgebit_id and edgebit_url in the config file. This will indicate a transport error in the systemd journal.

$ journalctl -u edgebit-agent -n 100 --no-pager
Feb 26 14:28:41 ip-172-31-24-44.ec2.internal systemd[1]: Started EdgeBit Agent.
Feb 26 14:28:41 ip-172-31-24-44.ec2.internal edgebit-agent[24740]: INFO  edgebit_agent > EdgeBit Agent v0.0.10
Feb 26 14:28:41 ip-172-31-24-44.ec2.internal edgebit-agent[24740]: INFO  edgebit_agent > Connecting to EdgeBit at
Feb 26 14:28:41 ip-172-31-24-44.ec2.internal edgebit-agent[24740]: status: Unknown, message: "transport error", details: [], metadata: MetadataMap { headers: {} }

View your Machine in the EdgeBit Console

Immediately after installation, your machine should show up in the EdgeBit Console. After short period of intitial analysis, your real time results should be visible.

EdgeBit Machine Detail

Next: Vulnerability Response